diff --git a/assets/epinio-crd/epinio-crd-100.0.0+up1.2.1.tgz b/assets/epinio-crd/epinio-crd-100.0.0+up1.2.1.tgz deleted file mode 100644 index 52cb02de24..0000000000 Binary files a/assets/epinio-crd/epinio-crd-100.0.0+up1.2.1.tgz and /dev/null differ diff --git a/assets/epinio-crd/epinio-crd-100.0.5+up1.6.2.tgz b/assets/epinio-crd/epinio-crd-100.0.5+up1.6.2.tgz deleted file mode 100644 index 196c007279..0000000000 Binary files a/assets/epinio-crd/epinio-crd-100.0.5+up1.6.2.tgz and /dev/null differ diff --git a/assets/epinio-crd/epinio-crd-102.0.1+up1.6.2.tgz b/assets/epinio-crd/epinio-crd-102.0.1+up1.6.2.tgz deleted file mode 100644 index 521d7ae1af..0000000000 Binary files a/assets/epinio-crd/epinio-crd-102.0.1+up1.6.2.tgz and /dev/null differ diff --git a/assets/epinio-crd/epinio-crd-102.0.3+up1.8.1.tgz b/assets/epinio-crd/epinio-crd-102.0.3+up1.8.1.tgz deleted file mode 100644 index 3b755d517f..0000000000 Binary files a/assets/epinio-crd/epinio-crd-102.0.3+up1.8.1.tgz and /dev/null differ diff --git a/assets/epinio-crd/epinio-crd-102.0.4+up1.9.0.tgz b/assets/epinio-crd/epinio-crd-102.0.4+up1.9.0.tgz new file mode 100644 index 0000000000..a2678b6504 Binary files /dev/null and b/assets/epinio-crd/epinio-crd-102.0.4+up1.9.0.tgz differ diff --git a/assets/epinio/epinio-100.0.0+up1.2.1.tgz b/assets/epinio/epinio-100.0.0+up1.2.1.tgz deleted file mode 100644 index eab939d718..0000000000 Binary files a/assets/epinio/epinio-100.0.0+up1.2.1.tgz and /dev/null differ diff --git a/assets/epinio/epinio-100.0.5+up1.6.2.tgz b/assets/epinio/epinio-100.0.5+up1.6.2.tgz deleted file mode 100644 index 28c88fd73e..0000000000 Binary files a/assets/epinio/epinio-100.0.5+up1.6.2.tgz and /dev/null differ diff --git a/assets/epinio/epinio-102.0.1+up1.6.2.tgz b/assets/epinio/epinio-102.0.1+up1.6.2.tgz deleted file mode 100644 index 68e8b2946b..0000000000 Binary files a/assets/epinio/epinio-102.0.1+up1.6.2.tgz and /dev/null differ diff --git a/assets/epinio/epinio-102.0.3+up1.8.1.tgz b/assets/epinio/epinio-102.0.3+up1.8.1.tgz deleted file mode 100644 index 1a4e90e76c..0000000000 Binary files a/assets/epinio/epinio-102.0.3+up1.8.1.tgz and /dev/null differ diff --git a/assets/epinio/epinio-102.0.4+up1.9.0.tgz b/assets/epinio/epinio-102.0.4+up1.9.0.tgz new file mode 100644 index 0000000000..ec2ae5ea00 Binary files /dev/null and b/assets/epinio/epinio-102.0.4+up1.9.0.tgz differ diff --git a/charts/epinio-crd/100.0.0+up1.2.1/templates/app-crd.yaml b/charts/epinio-crd/100.0.0+up1.2.1/templates/app-crd.yaml deleted file mode 100644 index a6ea22aa2a..0000000000 --- a/charts/epinio-crd/100.0.0+up1.2.1/templates/app-crd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_apps.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: apps.application.epinio.io -spec: - group: application.epinio.io - names: - kind: App - listKind: AppList - plural: apps - singular: app - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: App is the Schema for the apps API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppSpec defines the desired state of App - properties: - blobuid: - description: BlobUID stores the blob uid that was used when the application - was last staged (from code). It can be empty if the application - was never staged (e.g. pushed with container image). Epinio will - use the value set by the user explicitly but if one is not set, - it will try to use the previously set blobUID from the application - CRD. - type: string - builderimage: - description: This field stores the builder image that was used when - the application was last staged (from code). It can be empty if - the application was never staged (e.g. pushed with container image). - Epinio will use the builder image set by the user explicitly but - if one is not set, it will try to use the previously set image. - type: string - chartname: - description: ChartName stores the name of the application support - chart used to deploy the currently running application. This is - set on deployment, for use in updates. The name references an epinio - AppCharts resource. - type: string - imageurl: - description: ImageURL stores the image reference of the currently - running application. This is set on deployment, for use in updates. - type: string - origin: - properties: - container: - type: string - git: - properties: - repository: - type: string - revision: - type: string - required: - - repository - type: object - path: - type: string - type: object - routes: - items: - type: string - type: array - settings: - additionalProperties: - type: string - description: Settings stores the fields and values set by the user - to configure the application chart. See ChartName. - type: object - stageid: - description: StageID stores the id of the latest attempt to stage - the application, regardless of outcome. This enables access to the - staging logs of an application which never staged successfully. - type: string - required: - - origin - type: object - status: - description: AppStatus defines the observed state of App - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/100.0.0+up1.2.1/templates/appcharts-crd.yaml b/charts/epinio-crd/100.0.0+up1.2.1/templates/appcharts-crd.yaml deleted file mode 100644 index 8501e7df94..0000000000 --- a/charts/epinio-crd/100.0.0+up1.2.1/templates/appcharts-crd.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_appcharts.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: appcharts.application.epinio.io -spec: - group: application.epinio.io - names: - kind: AppChart - listKind: AppChartList - plural: appcharts - singular: appchart - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: AppChart is the Schema for the appcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppChartSpec defines the desired state of AppChart - properties: - description: - description: Description of the chart. Long form to be used in detailed - displays - type: string - helmChart: - description: HelmChart is the name of the Helm chart used to deploy - an application. - type: string - helmRepo: - description: HelmRepo is the URL to the Helm repository where to fetch - the helm chart. This can be empty. In that case the HelmChart field - has to reference the chart as full URL instead of as a simple name. - type: string - settings: - additionalProperties: - properties: - enum: - description: Enumeration of allowed values, for types string, - number, integer - items: - type: string - type: array - maximum: - description: Maximal allowed value, for number, integer - type: string - minimum: - description: Minimal allowed value, for number, integer - type: string - type: - description: Type of the setting (string, bool, number, or integer) - type: string - required: - - type - type: object - description: Settings declares the fields underneath `userValues` - the user is allowed to customize when deploying an application with - the helm chart referenced by this app chart. - type: object - shortDescription: - description: ShortDescription of the chart. To be used in list displays - type: string - values: - additionalProperties: - type: string - description: Values provides settings, i.e. field names and values - to customize the referenced helm chart when deploying an application - with this app chart. Note that user-configurable settings are declared - with `Settings` instead. While nothing checks against exposing a - field set here to the user this is strongly discouraged, to avoid - confusion. - type: object - type: object - status: - description: AppChartStatus defines the observed state of AppChart - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/100.0.0+up1.2.1/templates/service-crd.yaml b/charts/epinio-crd/100.0.0+up1.2.1/templates/service-crd.yaml deleted file mode 100644 index 3851773458..0000000000 --- a/charts/epinio-crd/100.0.0+up1.2.1/templates/service-crd.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_services.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: services.application.epinio.io -spec: - group: application.epinio.io - names: - kind: Service - listKind: ServiceList - plural: services - singular: service - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Service is the Schema for the services API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec defines the desired state of Service - properties: - appVersion: - description: AppVersion is the version of the service deployed by - the referenced chart - type: string - chart: - description: HelmChart is the name of the Helm chart used to deploy - the service - type: string - chartVersion: - description: ChartVersion is the version of the Helm chart used to - deploy the service - type: string - description: - description: Description of the service to be used when the service - is described - type: string - helmRepo: - description: HelmRepo is the Helm repository where to fetch the helm - chart - properties: - name: - type: string - url: - type: string - type: object - name: - description: Name of the service (i.e. redis-small) - type: string - serviceIcon: - description: ServiceIcon is an image associated with this service - type: string - shortDescription: - description: ShortDescription of the service to be used in lists - type: string - values: - description: Values are the values provided by the operator. They - are used to customize the deployment of the service. - type: string - type: object - status: - description: ServiceStatus defines the observed state of Service - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/100.0.5+up1.6.2/Chart.yaml b/charts/epinio-crd/100.0.5+up1.6.2/Chart.yaml deleted file mode 100644 index 8c1a0ccc5a..0000000000 --- a/charts/epinio-crd/100.0.5+up1.6.2/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd -apiVersion: v2 -description: Installs the CRDs for Epinio. -name: epinio-crd -type: application -version: 100.0.5+up1.6.2 diff --git a/charts/epinio-crd/100.0.5+up1.6.2/README.md b/charts/epinio-crd/100.0.5+up1.6.2/README.md deleted file mode 100644 index 527081aec4..0000000000 --- a/charts/epinio-crd/100.0.5+up1.6.2/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# epinio-crd -A Rancher chart that installs the CRDs used by epinio. diff --git a/charts/epinio-crd/100.0.5+up1.6.2/templates/app-crd.yaml b/charts/epinio-crd/100.0.5+up1.6.2/templates/app-crd.yaml deleted file mode 100644 index a6ea22aa2a..0000000000 --- a/charts/epinio-crd/100.0.5+up1.6.2/templates/app-crd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_apps.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: apps.application.epinio.io -spec: - group: application.epinio.io - names: - kind: App - listKind: AppList - plural: apps - singular: app - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: App is the Schema for the apps API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppSpec defines the desired state of App - properties: - blobuid: - description: BlobUID stores the blob uid that was used when the application - was last staged (from code). It can be empty if the application - was never staged (e.g. pushed with container image). Epinio will - use the value set by the user explicitly but if one is not set, - it will try to use the previously set blobUID from the application - CRD. - type: string - builderimage: - description: This field stores the builder image that was used when - the application was last staged (from code). It can be empty if - the application was never staged (e.g. pushed with container image). - Epinio will use the builder image set by the user explicitly but - if one is not set, it will try to use the previously set image. - type: string - chartname: - description: ChartName stores the name of the application support - chart used to deploy the currently running application. This is - set on deployment, for use in updates. The name references an epinio - AppCharts resource. - type: string - imageurl: - description: ImageURL stores the image reference of the currently - running application. This is set on deployment, for use in updates. - type: string - origin: - properties: - container: - type: string - git: - properties: - repository: - type: string - revision: - type: string - required: - - repository - type: object - path: - type: string - type: object - routes: - items: - type: string - type: array - settings: - additionalProperties: - type: string - description: Settings stores the fields and values set by the user - to configure the application chart. See ChartName. - type: object - stageid: - description: StageID stores the id of the latest attempt to stage - the application, regardless of outcome. This enables access to the - staging logs of an application which never staged successfully. - type: string - required: - - origin - type: object - status: - description: AppStatus defines the observed state of App - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/100.0.5+up1.6.2/templates/service-crd.yaml b/charts/epinio-crd/100.0.5+up1.6.2/templates/service-crd.yaml deleted file mode 100644 index 3851773458..0000000000 --- a/charts/epinio-crd/100.0.5+up1.6.2/templates/service-crd.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_services.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: services.application.epinio.io -spec: - group: application.epinio.io - names: - kind: Service - listKind: ServiceList - plural: services - singular: service - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Service is the Schema for the services API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec defines the desired state of Service - properties: - appVersion: - description: AppVersion is the version of the service deployed by - the referenced chart - type: string - chart: - description: HelmChart is the name of the Helm chart used to deploy - the service - type: string - chartVersion: - description: ChartVersion is the version of the Helm chart used to - deploy the service - type: string - description: - description: Description of the service to be used when the service - is described - type: string - helmRepo: - description: HelmRepo is the Helm repository where to fetch the helm - chart - properties: - name: - type: string - url: - type: string - type: object - name: - description: Name of the service (i.e. redis-small) - type: string - serviceIcon: - description: ServiceIcon is an image associated with this service - type: string - shortDescription: - description: ShortDescription of the service to be used in lists - type: string - values: - description: Values are the values provided by the operator. They - are used to customize the deployment of the service. - type: string - type: object - status: - description: ServiceStatus defines the observed state of Service - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/102.0.1+up1.6.2/Chart.yaml b/charts/epinio-crd/102.0.1+up1.6.2/Chart.yaml deleted file mode 100644 index eedb6589ce..0000000000 --- a/charts/epinio-crd/102.0.1+up1.6.2/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd -apiVersion: v2 -description: Installs the CRDs for Epinio. -name: epinio-crd -type: application -version: 102.0.1+up1.6.2 diff --git a/charts/epinio-crd/102.0.1+up1.6.2/README.md b/charts/epinio-crd/102.0.1+up1.6.2/README.md deleted file mode 100644 index 527081aec4..0000000000 --- a/charts/epinio-crd/102.0.1+up1.6.2/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# epinio-crd -A Rancher chart that installs the CRDs used by epinio. diff --git a/charts/epinio-crd/102.0.1+up1.6.2/templates/app-crd.yaml b/charts/epinio-crd/102.0.1+up1.6.2/templates/app-crd.yaml deleted file mode 100644 index a6ea22aa2a..0000000000 --- a/charts/epinio-crd/102.0.1+up1.6.2/templates/app-crd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_apps.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: apps.application.epinio.io -spec: - group: application.epinio.io - names: - kind: App - listKind: AppList - plural: apps - singular: app - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: App is the Schema for the apps API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppSpec defines the desired state of App - properties: - blobuid: - description: BlobUID stores the blob uid that was used when the application - was last staged (from code). It can be empty if the application - was never staged (e.g. pushed with container image). Epinio will - use the value set by the user explicitly but if one is not set, - it will try to use the previously set blobUID from the application - CRD. - type: string - builderimage: - description: This field stores the builder image that was used when - the application was last staged (from code). It can be empty if - the application was never staged (e.g. pushed with container image). - Epinio will use the builder image set by the user explicitly but - if one is not set, it will try to use the previously set image. - type: string - chartname: - description: ChartName stores the name of the application support - chart used to deploy the currently running application. This is - set on deployment, for use in updates. The name references an epinio - AppCharts resource. - type: string - imageurl: - description: ImageURL stores the image reference of the currently - running application. This is set on deployment, for use in updates. - type: string - origin: - properties: - container: - type: string - git: - properties: - repository: - type: string - revision: - type: string - required: - - repository - type: object - path: - type: string - type: object - routes: - items: - type: string - type: array - settings: - additionalProperties: - type: string - description: Settings stores the fields and values set by the user - to configure the application chart. See ChartName. - type: object - stageid: - description: StageID stores the id of the latest attempt to stage - the application, regardless of outcome. This enables access to the - staging logs of an application which never staged successfully. - type: string - required: - - origin - type: object - status: - description: AppStatus defines the observed state of App - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/102.0.1+up1.6.2/templates/appcharts-crd.yaml b/charts/epinio-crd/102.0.1+up1.6.2/templates/appcharts-crd.yaml deleted file mode 100644 index 8501e7df94..0000000000 --- a/charts/epinio-crd/102.0.1+up1.6.2/templates/appcharts-crd.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_appcharts.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: appcharts.application.epinio.io -spec: - group: application.epinio.io - names: - kind: AppChart - listKind: AppChartList - plural: appcharts - singular: appchart - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: AppChart is the Schema for the appcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppChartSpec defines the desired state of AppChart - properties: - description: - description: Description of the chart. Long form to be used in detailed - displays - type: string - helmChart: - description: HelmChart is the name of the Helm chart used to deploy - an application. - type: string - helmRepo: - description: HelmRepo is the URL to the Helm repository where to fetch - the helm chart. This can be empty. In that case the HelmChart field - has to reference the chart as full URL instead of as a simple name. - type: string - settings: - additionalProperties: - properties: - enum: - description: Enumeration of allowed values, for types string, - number, integer - items: - type: string - type: array - maximum: - description: Maximal allowed value, for number, integer - type: string - minimum: - description: Minimal allowed value, for number, integer - type: string - type: - description: Type of the setting (string, bool, number, or integer) - type: string - required: - - type - type: object - description: Settings declares the fields underneath `userValues` - the user is allowed to customize when deploying an application with - the helm chart referenced by this app chart. - type: object - shortDescription: - description: ShortDescription of the chart. To be used in list displays - type: string - values: - additionalProperties: - type: string - description: Values provides settings, i.e. field names and values - to customize the referenced helm chart when deploying an application - with this app chart. Note that user-configurable settings are declared - with `Settings` instead. While nothing checks against exposing a - field set here to the user this is strongly discouraged, to avoid - confusion. - type: object - type: object - status: - description: AppChartStatus defines the observed state of AppChart - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/102.0.3+up1.8.1/Chart.yaml b/charts/epinio-crd/102.0.3+up1.8.1/Chart.yaml deleted file mode 100644 index f2ed66c4e8..0000000000 --- a/charts/epinio-crd/102.0.3+up1.8.1/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd -apiVersion: v2 -description: Installs the CRDs for Epinio. -name: epinio-crd -type: application -version: 102.0.3+up1.8.1 diff --git a/charts/epinio-crd/102.0.3+up1.8.1/README.md b/charts/epinio-crd/102.0.3+up1.8.1/README.md deleted file mode 100644 index 527081aec4..0000000000 --- a/charts/epinio-crd/102.0.3+up1.8.1/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# epinio-crd -A Rancher chart that installs the CRDs used by epinio. diff --git a/charts/epinio-crd/102.0.3+up1.8.1/templates/appcharts-crd.yaml b/charts/epinio-crd/102.0.3+up1.8.1/templates/appcharts-crd.yaml deleted file mode 100644 index 8501e7df94..0000000000 --- a/charts/epinio-crd/102.0.3+up1.8.1/templates/appcharts-crd.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_appcharts.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: appcharts.application.epinio.io -spec: - group: application.epinio.io - names: - kind: AppChart - listKind: AppChartList - plural: appcharts - singular: appchart - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: AppChart is the Schema for the appcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppChartSpec defines the desired state of AppChart - properties: - description: - description: Description of the chart. Long form to be used in detailed - displays - type: string - helmChart: - description: HelmChart is the name of the Helm chart used to deploy - an application. - type: string - helmRepo: - description: HelmRepo is the URL to the Helm repository where to fetch - the helm chart. This can be empty. In that case the HelmChart field - has to reference the chart as full URL instead of as a simple name. - type: string - settings: - additionalProperties: - properties: - enum: - description: Enumeration of allowed values, for types string, - number, integer - items: - type: string - type: array - maximum: - description: Maximal allowed value, for number, integer - type: string - minimum: - description: Minimal allowed value, for number, integer - type: string - type: - description: Type of the setting (string, bool, number, or integer) - type: string - required: - - type - type: object - description: Settings declares the fields underneath `userValues` - the user is allowed to customize when deploying an application with - the helm chart referenced by this app chart. - type: object - shortDescription: - description: ShortDescription of the chart. To be used in list displays - type: string - values: - additionalProperties: - type: string - description: Values provides settings, i.e. field names and values - to customize the referenced helm chart when deploying an application - with this app chart. Note that user-configurable settings are declared - with `Settings` instead. While nothing checks against exposing a - field set here to the user this is strongly discouraged, to avoid - confusion. - type: object - type: object - status: - description: AppChartStatus defines the observed state of AppChart - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/102.0.3+up1.8.1/templates/service-crd.yaml b/charts/epinio-crd/102.0.3+up1.8.1/templates/service-crd.yaml deleted file mode 100644 index 3851773458..0000000000 --- a/charts/epinio-crd/102.0.3+up1.8.1/templates/service-crd.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copied from here: -# https://github.com/epinio/application/blob/main/config/crd/bases/application.epinio.io_services.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: services.application.epinio.io -spec: - group: application.epinio.io - names: - kind: Service - listKind: ServiceList - plural: services - singular: service - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Service is the Schema for the services API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec defines the desired state of Service - properties: - appVersion: - description: AppVersion is the version of the service deployed by - the referenced chart - type: string - chart: - description: HelmChart is the name of the Helm chart used to deploy - the service - type: string - chartVersion: - description: ChartVersion is the version of the Helm chart used to - deploy the service - type: string - description: - description: Description of the service to be used when the service - is described - type: string - helmRepo: - description: HelmRepo is the Helm repository where to fetch the helm - chart - properties: - name: - type: string - url: - type: string - type: object - name: - description: Name of the service (i.e. redis-small) - type: string - serviceIcon: - description: ServiceIcon is an image associated with this service - type: string - shortDescription: - description: ShortDescription of the service to be used in lists - type: string - values: - description: Values are the values provided by the operator. They - are used to customize the deployment of the service. - type: string - type: object - status: - description: ServiceStatus defines the observed state of Service - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/epinio-crd/100.0.0+up1.2.1/Chart.yaml b/charts/epinio-crd/102.0.4+up1.9.0/Chart.yaml similarity index 91% rename from charts/epinio-crd/100.0.0+up1.2.1/Chart.yaml rename to charts/epinio-crd/102.0.4+up1.9.0/Chart.yaml index 83e0e53630..0837f21f5f 100644 --- a/charts/epinio-crd/100.0.0+up1.2.1/Chart.yaml +++ b/charts/epinio-crd/102.0.4+up1.9.0/Chart.yaml @@ -7,4 +7,4 @@ apiVersion: v2 description: Installs the CRDs for Epinio. name: epinio-crd type: application -version: 100.0.0+up1.2.1 +version: 102.0.4+up1.9.0 diff --git a/charts/epinio-crd/100.0.0+up1.2.1/README.md b/charts/epinio-crd/102.0.4+up1.9.0/README.md similarity index 100% rename from charts/epinio-crd/100.0.0+up1.2.1/README.md rename to charts/epinio-crd/102.0.4+up1.9.0/README.md diff --git a/charts/epinio-crd/102.0.3+up1.8.1/templates/app-crd.yaml b/charts/epinio-crd/102.0.4+up1.9.0/templates/app-crd.yaml similarity index 100% rename from charts/epinio-crd/102.0.3+up1.8.1/templates/app-crd.yaml rename to charts/epinio-crd/102.0.4+up1.9.0/templates/app-crd.yaml diff --git a/charts/epinio-crd/100.0.5+up1.6.2/templates/appcharts-crd.yaml b/charts/epinio-crd/102.0.4+up1.9.0/templates/appcharts-crd.yaml similarity index 94% rename from charts/epinio-crd/100.0.5+up1.6.2/templates/appcharts-crd.yaml rename to charts/epinio-crd/102.0.4+up1.9.0/templates/appcharts-crd.yaml index 8501e7df94..940ea6dc50 100644 --- a/charts/epinio-crd/100.0.5+up1.6.2/templates/appcharts-crd.yaml +++ b/charts/epinio-crd/102.0.4+up1.9.0/templates/appcharts-crd.yaml @@ -52,6 +52,9 @@ spec: type: string settings: additionalProperties: + description: AppChartSetting is an older name for ChartSetting. + Created to keep backward compatibility. Should also reduce misunderstandings + of what kind of settings are handled in a particular context. properties: enum: description: Enumeration of allowed values, for types string, diff --git a/charts/epinio-crd/102.0.1+up1.6.2/templates/service-crd.yaml b/charts/epinio-crd/102.0.4+up1.9.0/templates/service-crd.yaml similarity index 72% rename from charts/epinio-crd/102.0.1+up1.6.2/templates/service-crd.yaml rename to charts/epinio-crd/102.0.4+up1.9.0/templates/service-crd.yaml index 3851773458..017f5478b1 100644 --- a/charts/epinio-crd/102.0.1+up1.6.2/templates/service-crd.yaml +++ b/charts/epinio-crd/102.0.4+up1.9.0/templates/service-crd.yaml @@ -68,6 +68,34 @@ spec: serviceIcon: description: ServiceIcon is an image associated with this service type: string + settings: + additionalProperties: + description: ServiceSetting is an alias to ChartSetting. Should + reduce misunderstandings of what kind of settings are handled + in a particular context. + properties: + enum: + description: Enumeration of allowed values, for types string, + number, integer + items: + type: string + type: array + maximum: + description: Maximal allowed value, for number, integer + type: string + minimum: + description: Minimal allowed value, for number, integer + type: string + type: + description: Type of the setting (string, bool, number, or integer) + type: string + required: + - type + type: object + description: Settings declares the fields the user is allowed to customize + when deploying a service with the helm chart referenced by this + service class. + type: object shortDescription: description: ShortDescription of the service to be used in lists type: string diff --git a/charts/epinio/100.0.0+up1.2.1/Chart.lock b/charts/epinio/100.0.0+up1.2.1/Chart.lock deleted file mode 100644 index 9fca7f0d07..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: minio - repository: https://charts.min.io/ - version: 4.0.2 -- name: kubed - repository: https://charts.appscode.com/stable/ - version: v0.13.2 -- name: epinio-ui - repository: https://epinio.github.io/helm-charts - version: 1.2.0 -digest: sha256:5782bee786e4be54286825708ae7c37295da422a8d2844878bd96821eb652fce -generated: "2022-09-02T14:17:31.205286037Z" diff --git a/charts/epinio/100.0.0+up1.2.1/Chart.yaml b/charts/epinio/100.0.0+up1.2.1/Chart.yaml deleted file mode 100644 index 0a8b9bc90d..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/Chart.yaml +++ /dev/null @@ -1,44 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/upstream-version: 1.2.1 -apiVersion: v2 -appVersion: v1.2.0 -dependencies: -- condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui -- condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed -- condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio -description: The official way to install Epinio -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio -sources: -- https://github.com/epinio/epinio -version: 100.0.0+up1.2.1 diff --git a/charts/epinio/100.0.0+up1.2.1/README.md b/charts/epinio/100.0.0+up1.2.1/README.md deleted file mode 100644 index 7a92a89dbc..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Epinio Helm Chart - -From app to URL in one command. - -## Introduction - -This chart deploys Epinio PaaS on a Kubernetes cluster. It also deploys some of -its dependencies as subcharts. - -The documentation is centralized in the [doc website](https://docs.epinio.io). - -## Prerequisites - -Epinio needs a number of external components to be running on your cluster in order to -work. You may already have those deployed, otherwise follow the instructions here -to deploy them. - -Important: Some of the namespaces of the components are hardcoded in the Epinio -code and thus are important to be the same as described here. In the future this -may be configurable on the Epinio Helm chart. - -### Ingress Controller - -Epinio creates Ingress resources for the API server, the applications and depending -on your setup, the internal container registry. Those resources won't work unless -an Ingress controller is running on your cluster. - -If you don't have an Ingress controller already running, you can install Traefik with: - -``` -$ kubectl create namespace traefik -$ export LOAD_BALANCER_IP=$(LOAD_BALANCER_IP:-) # Set this to the IP of your load balancer if you know that -$ helm install traefik --namespace traefik "https://helm.traefik.io/traefik/traefik-10.3.4.tgz" \ - --set globalArguments='' \ - --set-string ports.web.redirectTo=websecure \ - --set-string ingressClass.enabled=true \ - --set-string ingressClass.isDefaultClass=true \ - --set-string service.spec.loadBalancerIP=$LOAD_BALANCER_IP -``` - -### Cert Manager - -Epinio needs [cert-manager](https://cert-manager.io/) in order to create TLS -certificates for the various Ingresses (see "Ingress controller" above). - -If cert-manager is not already installed on the cluster, it can be installed like this: - -``` -$ kubectl create namespace cert-manager -$ helm repo add jetstack https://charts.jetstack.io -$ helm repo update -$ helm install cert-manager --namespace cert-manager jetstack/cert-manager \ - --set installCRDs=true \ - --set extraArgs[0]=--enable-certificate-owner-ref=true -``` - -### Kubed - -Kubed is installed as a subchart when `.Values.kubed.enabled` is true (default). -If you already have kubed running, you can skip the installation by setting -the helm value "kubed.enabled" to "false". - -### S3 storage - -Epinio is using an S3 compatible storage to store the application source code. -This chart will install [Minio](https://min.io/) when `.Values.minio.enabled` is -true (default). Any S3 compatible solution can be used instead by setting this -value to `false` and using [the values under `s3`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L44) -to point to the desired S3 server. - -### Container Registry - -When Epinio builds a container image for an application from source, it needs -to store that image to a container registry. Epinio installs a container registry -on the cluster when `.Values.containerregistry.enabled` is `true` (default). - -Any container registry that supports basic auth authentication can be used (e.g. gcr, dockerhub etc) -instead by setting this value to `false` and using -[the values under `registry`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L104-L107) -to point to the desired container registry. - -## Install Epinio - -If the above dependencies are available or going to be installed by this chart, -Epinio can be installed with the following: - -``` -$ helm install epinio -n epinio --create-namespace epinio/epinio --values epinio-values.yaml --set global.domain=myepiniodomain.org -``` - -The only value that is mandatory is the `.Values.global.domain` which -should be a wildcard domain, pointing to the IP address of your running -Ingress controller. diff --git a/charts/epinio/100.0.0+up1.2.1/app-readme.md b/charts/epinio/100.0.0+up1.2.1/app-readme.md deleted file mode 100644 index f02cc0c364..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# Epinio PaaS - -Opinionated platform that runs on Kubernetes to take you from Code to URL in one step. - -__Attention__: - - - Requires `cert-manager` as dependency. - - Requires `helm-controller` as dependency. diff --git a/charts/epinio/100.0.0+up1.2.1/assets/epinio-application-0.1.21.tgz b/charts/epinio/100.0.0+up1.2.1/assets/epinio-application-0.1.21.tgz deleted file mode 100644 index df1c0ba252..0000000000 Binary files a/charts/epinio/100.0.0+up1.2.1/assets/epinio-application-0.1.21.tgz and /dev/null differ diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/.helmignore b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/Chart.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/Chart.yaml deleted file mode 100644 index b5e766e4ce..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 -apiVersion: v2 -appVersion: v1.2.0-0.0.1 -description: A Helm chart for the Epinio UI -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio-ui -sources: -- https://github.com/epinio/ui -type: application -version: 1.2.0 diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/_helpers.tpl b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/_helpers.tpl deleted file mode 100644 index 042c2f8611..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/_helpers.tpl +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "epinio-ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "epinio-ui.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "epinio-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "epinio-ui.labels" -}} -helm.sh/chart: {{ include "epinio-ui.chart" . }} -{{ include "epinio-ui.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "epinio-ui.selectorLabels" -}} -app.kubernetes.io/name: {{ include "epinio-ui.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "epinio-ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "epinio-ui.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -URL registry prefix for container images (Rancher compatibility support) -*/}} -{{- define "epinio-ui.registry" -}} -{{- if .Values.global.cattle -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/certificate.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/certificate.yaml deleted file mode 100644 index a04bc53fd7..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/certificate.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ .Values.global.tlsIssuer }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/ingress.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/ingress.yaml deleted file mode 100644 index 749ee71d61..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.ingress.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: {{ .Values.global.domain }} - http: - paths: - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - {{ .Values.global.domain }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/security.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/security.yaml deleted file mode 100644 index 3fd2cca0dd..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/security.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-ui-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-ui-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-ui-psp -subjects: - - kind: ServiceAccount - name: epinio-ui - namespace: {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/server.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/server.yaml deleted file mode 100644 index 8252344f76..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/server.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "epinio-ui").data -}} -{{- $encryptionKey := empty $secret | ternary (printf "%x" (randAscii 32)) (b64dec (default "" $secret.encryptionKey)) -}} -{{- $sessionSecret := empty $secret | ternary (randAlphaNum 16) (b64dec (default "" $secret.sessionSecret)) -}} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -stringData: - encryptionKey: {{ $encryptionKey }} - sessionSecret: {{ $sessionSecret }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "epinio-ui.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "epinio-ui.labels" . | nindent 8 }} - spec: - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.global.rbac.pspEnabled }} - serviceAccountName: epinio-ui -{{- end }} - containers: - - name: epinio-ui - image: {{ template "epinio-ui.registry" . }}{{ .Values.epinioUI.image.repository }}:{{ .Values.epinioUI.image.tag }} - imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }} - workingDir: /db - - env: - - name: ALLOWED_ORIGINS - value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioAllowedOrigins }} - - name: EPINIO_API_URL - value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioAPIURL }} - - name: EPINIO_WSS_URL - value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioWSSURL }} - - name: EPINIO_API_SKIP_SSL - value: {{ .Values.epinioAPISkipSSL | quote }} - - name: EPINIO_VERSION - value: {{ (default .Chart.Version .Values.epinioVersion) | quote}} - - name: EPINIO_THEME - value: {{ (default "light" .Values.epinioTheme) | quote }} - - name: HTTP_CLIENT_TIMEOUT_IN_SECS - value: "120" - - name: SESSION_STORE_SECRET - valueFrom: - secretKeyRef: - name: epinio-ui - key: sessionSecret - - name: SESSION_STORE_EXPIRY - value: "1440" - - name: UI_PATH - value: "/ui" - - name: AUTH_ENDPOINT_TYPE - value: epinio - - name: ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: epinio-ui - key: encryptionKey - - - name: DATABASE_PROVIDER - value: sqlite - - name: HTTPS - value: "false" - - name: CONSOLE_PROXY_TLS_ADDRESS - value: 0.0.0.0:8000 - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 8 }} - {{- end }} - - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/service.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/service.yaml deleted file mode 100644 index 442a726425..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- include "epinio-ui.selectorLabels" . | nindent 4 }} - ports: - - name: ui - port: 80 - targetPort: 8000 diff --git a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/values.yaml b/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/values.yaml deleted file mode 100644 index 5372ca6274..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/epinio-ui/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -epinioUI: - image: - repository: rancher/mirrored-epinio-epinio-ui - tag: v1.2.0-0.0.1 - imagePullPolicy: IfNotPresent -ingress: - enabled: true - # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. - ingressClassName: "" -global: - domain: ui.epinio.dev - tlsIssuer: selfsigned-issuer -logLevel: info -# API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local" -epinioAPIURL: "" -epinioWSSURL: "" -# Domain that will serve the UI and be the origin of browser requests, used by CORS process -epinioAllowedOrigins: "" -# Skip checking for valid SSL cert when making requests to `EPINIO_API_URL` -# epinioAPISkipSSL: "true" -# This is the version that is displayed in the ui and should match that of the epinio it's targetting -# epinioVersion: "v0.8.0" -# Epinio standalone only supports a single theme, either light or dark -epinioTheme: "light" -volumeMounts: - - name: tmp - mountPath: /tmp - readOnly: false - - name: db - mountPath: /db - readOnly: false -# - name: ui -# mountPath: /ui -# subPath: dist -# readOnly: true - -volumes: - - name: tmp - emptyDir: {} - - name: db - emptyDir: {} -# - name: ui -# persistentVolumeClaim: -# claimName: ui diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/psp.yaml b/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/psp.yaml deleted file mode 100644 index c10f3a97a7..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/psp.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "kubed.serviceAccountName" . }}-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "kubed.serviceAccountName" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/Chart.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/Chart.yaml deleted file mode 100644 index 9e44715e9f..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: RELEASE.2022-05-08T23-50-31Z -description: Multi-Cloud Object Storage -home: https://min.io -icon: https://min.io/resources/img/logo/MINIO_wordmark.png -keywords: -- minio -- storage -- object-storage -- s3 -- cluster -maintainers: -- email: dev@minio.io - name: MinIO, Inc -name: minio -sources: -- https://github.com/minio/minio -version: 4.0.2 diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/README.md b/charts/epinio/100.0.0+up1.2.1/charts/minio/README.md deleted file mode 100644 index ad3eb7df77..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# MinIO Helm Chart - -[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE) - -MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. - -For more detailed documentation please visit [here](https://docs.minio.io/) - -## Introduction - -This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Helm cli with Kubernetes cluster configured. -- PV provisioner support in the underlying infrastructure. (We recommend using ) -- Use Kubernetes version v1.19 and later for best experience. - -## Configure MinIO Helm repo - -```bash -helm repo add minio https://charts.min.io/ -``` - -### Installing the Chart - -Install this chart using: - -```bash -helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio -``` - -The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Upgrading the Chart - -You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: - -```bash -helm get values my-release > old_values.yaml -``` - -Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using - -```bash -helm upgrade -f old_values.yaml my-release minio/minio -``` - -Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. - -### Configuration - -Refer the [Values file](./values.yaml) for all the possible config fields. - -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install --name my-release --set persistence.size=1Ti minio/minio -``` - -The above command deploys MinIO server with a 1Ti backing persistent volume. - -Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, - -```bash -helm install --name my-release -f values.yaml minio/minio -``` - -### Persistence - -This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: - -```bash -helm install --set persistence.enabled=false minio/minio -``` - -> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* - -### Existing PersistentVolumeClaim - -If a Persistent Volume Claim already exists, specify it during installation. - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```bash -helm install --set persistence.existingClaim=PVC_NAME minio/minio -``` - -### NetworkPolicy - -To enable network policy for MinIO, -install [a networking plugin that implements the Kubernetes -NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), -and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: - -``` -kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 9000. - -For more precise policy, set `networkPolicy.allowExternal=true`. This will -only allow pods with the generated client label to connect to MinIO. -This label will be displayed in the output of a successful install. - -### Existing secret - -Instead of having this chart create the secret for you, you can supply a preexisting secret, much -like an existing PersistentVolumeClaim. - -First, create the secret: - -```bash -kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux -``` - -Then install the chart, specifying that you want to use an existing secret: - -```bash -helm install --set existingSecret=my-minio-secret minio/minio -``` - -The following fields are expected in the secret: - -| .data.\ in Secret | Corresponding variable | Description | Required | -|:------------------------|:-----------------------|:---------------|:---------| -| `rootUser` | `rootUser` | Root user. | yes | -| `rootPassword` | `rootPassword` | Root password. | yes | - -All corresponding variables will be ignored in values file. - -### Configure TLS - -To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using - -```bash -kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt -``` - -Then install the chart, specifying that you want to use the TLS secret: - -```bash -helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio -``` - -### Installing certificates from third party CAs - -MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. - -For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt -``` - -If TLS is not enabled, you would need only the third party CA: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt -``` - -The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter: - -``` -trustedCertsSecret: "minio-trusted-certs" - -or - ---set trustedCertsSecret=minio-trusted-certs -``` - -### Create buckets after install - -Install the chart, specifying the buckets you want to create after install: - -```bash -helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio -``` - -Description of the configuration parameters used above - - -- `buckets[].name` - name of the bucket to create, must be a string with length > 0 -- `buckets[].policy` - can be one of none|download|upload|public -- `buckets[].purge` - purge if bucket exists already - -33# Create policies after install -Install the chart, specifying the policies you want to create after install: - -```bash -helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio -``` - -Description of the configuration parameters used above - - -- `policies[].name` - name of the policy to create, must be a string with length > 0 -- `policies[].statements[]` - list of statements, includes actions and resources -- `policies[].statements[].resources[]` - list of resources that applies the statement -- `policies[].statements[].actions[]` - list of actions granted - -### Create user after install - -Install the chart, specifying the users you want to create after install: - -```bash -helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio -``` - -Description of the configuration parameters used above - - -- `users[].accessKey` - accessKey of user -- `users[].secretKey` - secretKey of usersecretRef -- `users[].existingSecret` - secret name that contains the secretKey of user -- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey -- `users[].policy` - name of the policy to assign to user - -## Uninstalling the Chart - -Assuming your release is named as `my-release`, delete it using the command: - -```bash -helm delete my-release -``` - -or - -```bash -helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/NOTES.txt b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/NOTES.txt deleted file mode 100644 index 9337196945..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/NOTES.txt +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.service.type "ClusterIP" "NodePort" }} -MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: -{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access MinIO from localhost, run the below commands: - - 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - - 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} - -Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ - -You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }}-local - -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} -MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: -kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} - -Note that the public IP may take a couple of minutes to be available. - -You can now access MinIO server on http://:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }} - -Alternately, you can use your browser or the MinIO SDK to access the server - https://docs.minio.io/categories/17 -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label -{{ template "minio.fullname" . }}-client=true" -will be able to connect to this minio cluster. -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_bucket.txt b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_bucket.txt deleted file mode 100644 index 35a48fca7b..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_bucket.txt +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkBucketExists ($bucket) -# Check if the bucket exists, by using the exit code of `mc ls` -checkBucketExists() { - BUCKET=$1 - CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) - return $? -} - -# createBucket ($bucket, $policy, $purge) -# Ensure bucket exists, purging if asked to -createBucket() { - BUCKET=$1 - POLICY=$2 - PURGE=$3 - VERSIONING=$4 - - # Purge the bucket, if set & exists - # Since PURGE is user input, check explicitly for `true` - if [ $PURGE = true ]; then - if checkBucketExists $BUCKET ; then - echo "Purging bucket '$BUCKET'." - set +e ; # don't exit if this fails - ${MC} rm -r --force myminio/$BUCKET - set -e ; # reset `e` as active - else - echo "Bucket '$BUCKET' does not exist, skipping purge." - fi - fi - - # Create the bucket if it does not exist - if ! checkBucketExists $BUCKET ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - else - echo "Bucket '$BUCKET' already exists." - fi - - - # set versioning for bucket - if [ ! -z $VERSIONING ] ; then - if [ $VERSIONING = true ] ; then - echo "Enabling versioning for '$BUCKET'" - ${MC} version enable myminio/$BUCKET - elif [ $VERSIONING = false ] ; then - echo "Suspending versioning for '$BUCKET'" - ${MC} version suspend myminio/$BUCKET - fi - else - echo "Bucket '$BUCKET' versioning unchanged." - fi - - # At this point, the bucket should exist, skip checking for existence - # Set policy on the bucket - echo "Setting policy of bucket '$BUCKET' to '$POLICY'." - ${MC} policy set $POLICY myminio/$BUCKET -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.buckets }} -{{ $global := . }} -# Create the buckets -{{- range .Values.buckets }} -createBucket {{ tpl .name $global }} {{ .policy }} {{ .purge }} {{ .versioning }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_policy.txt b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_policy.txt deleted file mode 100644 index d565b161e3..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_policy.txt +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkPolicyExists ($policy) -# Check if the policy exists, by using the exit code of `mc admin policy info` -checkPolicyExists() { - POLICY=$1 - CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) - return $? -} - -# createPolicy($name, $filename) -createPolicy () { - NAME=$1 - FILENAME=$2 - - # Create the name if it does not exist - echo "Checking policy: $NAME (in /config/$FILENAME.json)" - if ! checkPolicyExists $NAME ; then - echo "Creating policy '$NAME'" - else - echo "Policy '$NAME' already exists." - fi - ${MC} admin policy add myminio $NAME /config/$FILENAME.json - -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.policies }} -# Create the policies -{{- range $idx, $policy := .Values.policies }} -createPolicy {{ $policy.name }} policy_{{ $idx }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_user.txt b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_user.txt deleted file mode 100644 index 77714287a4..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_create_user.txt +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkUserExists ($username) -# Check if the user exists, by using the exit code of `mc admin user info` -checkUserExists() { - USER=$1 - CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) - return $? -} - -# createUser ($username, $password, $policy) -createUser() { - USER=$1 - PASS=$2 - POLICY=$3 - - # Create the user if it does not exist - if ! checkUserExists $USER ; then - echo "Creating user '$USER'" - ${MC} admin user add myminio $USER $PASS - else - echo "User '$USER' already exists." - fi - - - # set policy for user - if [ ! -z $POLICY -a $POLICY != " " ] ; then - echo "Adding policy '$POLICY' for '$USER'" - ${MC} admin policy set myminio $POLICY user=$USER - else - echo "User '$USER' has no policy attached." - fi -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.users }} -{{ $global := . }} -# Create the users -{{- range .Values.users }} -{{- if .existingSecret }} -createUser {{ tpl .accessKey $global }} $(cat /config/secrets/{{ tpl .accessKey $global }}) {{ .policy }} -{{ else }} -createUser {{ tpl .accessKey $global }} {{ .secretKey }} {{ .policy }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_policy.tpl b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_policy.tpl deleted file mode 100644 index 83a2e153b6..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_policy.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{- $statements_length := len .statements -}} -{{- $statements_length := sub $statements_length 1 -}} -{ - "Version": "2012-10-17", - "Statement": [ -{{- range $i, $statement := .statements }} - { - "Effect": "Allow", - "Action": [ -"{{ $statement.actions | join "\",\n\"" }}" - ]{{ if $statement.resources }}, - "Resource": [ -"{{ $statement.resources | join "\",\n\"" }}" - ]{{ end }} - }{{ if lt $i $statements_length }},{{end }} -{{- end }} - ] -} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helpers.tpl b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helpers.tpl deleted file mode 100644 index 401e8196a5..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helpers.tpl +++ /dev/null @@ -1,246 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "minio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "minio.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "minio.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "minio.statefulset.apiVersion" -}} -{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "minio.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for console ingress. -*/}} -{{- define "minio.consoleIngress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Determine secret name. -*/}} -{{- define "minio.secretName" -}} -{{- if .Values.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "minio.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Determine name for scc role and rolebinding -*/}} -{{- define "minio.sccRoleName" -}} -{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Properly format optional additional arguments to MinIO binary -*/}} -{{- define "minio.extraArgs" -}} -{{- range .Values.extraArgs -}} -{{ " " }}{{ . }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "minio.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- end -}} - -{{/* -Formats volumeMount for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolumeMount" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - mountPath: {{ .Values.certsPath }} -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} -- name: trusted-cert-secret-volume - mountPath: {{ $casPath }} -{{- end }} -{{- end -}} - -{{/* -Formats volume for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolume" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: public.crt - - key: {{ .Values.tls.privateKey }} - path: private.key -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} -{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} -- name: trusted-cert-secret-volume - secret: - secretName: {{ $certSecret }} - {{- if ne $publicCrt "" }} - items: - - key: {{ $publicCrt }} - path: public.crt - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "minio.getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{- define "minio.root.username" -}} - {{- if .Values.rootUser }} - {{- .Values.rootUser | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }} - {{- end }} -{{- end -}} - -{{- define "minio.root.password" -}} - {{- if .Values.rootPassword }} - {{- .Values.rootPassword | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }} - {{- end }} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/configmap.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/configmap.yaml deleted file mode 100644 index 95a7c6038a..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/configmap.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - initialize: |- -{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} - add-user: |- -{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} - add-policy: |- -{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} -{{- range $idx, $policy := .Values.policies }} - # {{ $policy.name }} - policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} -{{ end }} - custom-command: |- -{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-ingress.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-ingress.yaml deleted file mode 100644 index 2ce9a93bf3..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.consoleIngress.enabled -}} -{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}} -{{- $servicePort := .Values.consoleService.port -}} -{{- $ingressPath := .Values.consoleIngress.path -}} -apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.consoleIngress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.consoleIngress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.consoleIngress.ingressClassName }} - ingressClassName: {{ .Values.consoleIngress.ingressClassName }} -{{- end }} -{{- if .Values.consoleIngress.tls }} - tls: - {{- range .Values.consoleIngress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.consoleIngress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-service.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-service.yaml deleted file mode 100644 index f4b1294e5d..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/console-service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-console - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.consoleService.annotations }} - annotations: -{{ toYaml .Values.consoleService.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} - type: ClusterIP - {{- if not (empty .Values.consoleService.clusterIP) }} - clusterIP: {{ .Values.consoleService.clusterIP }} - {{end}} -{{- else if eq .Values.consoleService.type "LoadBalancer" }} - type: {{ .Values.consoleService.type }} - loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} -{{- else }} - type: {{ .Values.consoleService.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.consoleService.port }} - protocol: TCP -{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} - nodePort: {{ .Values.consoleService.nodePort }} -{{- else }} - targetPort: {{ .Values.consoleService.port }} -{{- end}} -{{- if .Values.consoleService.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.consoleService.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/deployment.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/deployment.yaml deleted file mode 100644 index 46f36656c1..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/deployment.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -apiVersion: {{ template "minio.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - strategy: - type: {{ .Values.DeploymentUpdate.type }} - {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} - rollingUpdate: - maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} - maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} - replicas: 1 - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - "/bin/sh" - - "-ce" - - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" - volumeMounts: - - name: minio-user - mountPath: "/tmp/credentials" - readOnly: true - {{- if .Values.persistence.enabled }} - - name: export - mountPath: {{ .Values.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: "{{ .Values.persistence.subPath }}" - {{- end }} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.etcd.endpoints }} - - name: MINIO_ETCD_ENDPOINTS - value: {{ join "," .Values.etcd.endpoints | quote }} - {{- if .Values.etcd.clientCert }} - - name: MINIO_ETCD_CLIENT_CERT - value: "/tmp/credentials/etcd_client_cert.pem" - {{- end }} - {{- if .Values.etcd.clientCertKey }} - - name: MINIO_ETCD_CLIENT_CERT_KEY - value: "/tmp/credentials/etcd_client_cert_key.pem" - {{- end }} - {{- if .Values.etcd.pathPrefix }} - - name: MINIO_ETCD_PATH_PREFIX - value: {{ .Values.etcd.pathPrefix }} - {{- end }} - {{- if .Values.etcd.corednsPathPrefix }} - - name: MINIO_ETCD_COREDNS_PATH - value: {{ .Values.etcd.corednsPathPrefix }} - {{- end }} - {{- end }} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: export - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/gateway-deployment.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/gateway-deployment.yaml deleted file mode 100644 index 9c4bda315b..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/gateway-deployment.yaml +++ /dev/null @@ -1,172 +0,0 @@ -{{- if eq .Values.mode "gateway" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -apiVersion: {{ template "minio.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - strategy: - type: {{ .Values.DeploymentUpdate.type }} - {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} - rollingUpdate: - maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} - maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} - replicas: {{ .Values.gateway.replicas }} - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - "/bin/sh" - - "-ce" - {{- if eq .Values.gateway.type "nas" }} - - "/usr/bin/docker-entrypoint.sh minio gateway nas {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} " - {{- end }} - volumeMounts: - - name: minio-user - mountPath: "/tmp/credentials" - readOnly: true - {{- if .Values.persistence.enabled }} - - name: export - mountPath: {{ .Values.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: "{{ .Values.persistence.subPath }}" - {{- end }} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.etcd.endpoints }} - - name: MINIO_ETCD_ENDPOINTS - value: {{ join "," .Values.etcd.endpoints | quote }} - {{- if .Values.etcd.clientCert }} - - name: MINIO_ETCD_CLIENT_CERT - value: "/tmp/credentials/etcd_client.crt" - {{- end }} - {{- if .Values.etcd.clientCertKey }} - - name: MINIO_ETCD_CLIENT_CERT_KEY - value: "/tmp/credentials/etcd_client.key" - {{- end }} - {{- if .Values.etcd.pathPrefix }} - - name: MINIO_ETCD_PATH_PREFIX - value: {{ .Values.etcd.pathPrefix }} - {{- end }} - {{- if .Values.etcd.corednsPathPrefix }} - - name: MINIO_ETCD_COREDNS_PATH - value: {{ .Values.etcd.corednsPathPrefix }} - {{- end }} - {{- end }} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: export - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/ingress.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/ingress.yaml deleted file mode 100644 index 8d9a837dc8..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "minio.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "minio.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.ingress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/networkpolicy.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/networkpolicy.yaml deleted file mode 100644 index 68a2599571..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/networkpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - podSelector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - ingress: - - ports: - - port: {{ .Values.service.port }} - - port: {{ .Values.consoleService.port }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "minio.name" . }}-client: "true" - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/poddisruptionbudget.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/poddisruptionbudget.yaml deleted file mode 100644 index 8037eb7430..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: minio - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} -spec: - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - app: {{ template "minio.name" . }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-bucket-job.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-bucket-job.yaml deleted file mode 100644 index 0a99abc985..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-bucket-job.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.buckets }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-bucket-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-bucket-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makeBucketJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makeBucketJob.podAnnotations }} - annotations: -{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- with .Values.makeBucketJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.makeBucketJob.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.makeBucketJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - - name: minio-mc - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - command: ["/bin/sh", "/config/initialize"] - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: -{{ toYaml .Values.makeBucketJob.resources | indent 10 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-policy-job.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-policy-job.yaml deleted file mode 100644 index 343cedbaac..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-policy-job.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.policies }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-policies-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-policies-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makePolicyJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makePolicyJob.podAnnotations }} - annotations: -{{ toYaml .Values.makePolicyJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- with .Values.makePolicyJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.makePolicyJob.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - - name: minio-mc - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - command: ["/bin/sh", "/config/add-policy"] - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: -{{ toYaml .Values.makePolicyJob.resources | indent 10 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-user-job.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-user-job.yaml deleted file mode 100644 index d2cb3a41e9..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-create-user-job.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{- $global := . -}} -{{- if .Values.users }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-user-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-user-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makeUserJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makeUserJob.podAnnotations }} - annotations: -{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- with .Values.makeUserJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.makeUserJob.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.makeUserJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- range .Values.users }} - {{- if .existingSecret }} - - secret: - name: {{ tpl .existingSecret $global }} - items: - - key: {{ .existingSecretKey }} - path: secrets/{{ tpl .accessKey $global }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - - name: minio-mc - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - command: ["/bin/sh", "/config/add-user"] - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: -{{ toYaml .Values.makeUserJob.resources | indent 10 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-custom-command.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-custom-command.yaml deleted file mode 100644 index ebd0fcc214..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/post-install-custom-command.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.customCommands }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-custom-command-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-custom-command-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.customCommandJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.customCommandJob.podAnnotations }} - annotations: -{{ toYaml .Values.customCommandJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- with .Values.customCommandJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.customCommandJob.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.customCommandJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - - name: minio-mc - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - command: ["/bin/sh", "/config/custom-command"] - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: -{{ toYaml .Values.customCommandJob.resources | indent 10 }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/psp.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/psp.yaml deleted file mode 100644 index ab874e1f55..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/psp.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/pvc.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/pvc.yaml deleted file mode 100644 index 369aade415..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.persistence.VolumeName }} - volumeName: "{{ .Values.persistence.VolumeName }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/secrets.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/secrets.yaml deleted file mode 100644 index da2ecab4a1..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "minio.secretName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - rootUser: {{ include "minio.root.username" . | b64enc | quote }} - rootPassword: {{ include "minio.root.password" . | b64enc | quote }} - {{- if .Values.etcd.clientCert }} - etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }} - {{- end }} - {{- if .Values.etcd.clientCertKey }} - etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/service.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/service.yaml deleted file mode 100644 index 64aa990bd3..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - monitoring: "true" -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} - type: ClusterIP - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP -{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} -{{- else }} - targetPort: 9000 -{{- end}} -{{- if .Values.service.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.service.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/serviceaccount.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index 6a4bd94b3d..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/servicemonitor.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/servicemonitor.yaml deleted file mode 100644 index 809848f167..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/servicemonitor.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "minio.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - {{- if .Values.tls.enabled }} - - port: https - scheme: https - {{ else }} - - port: http - scheme: http - {{- end }} - path: /minio/v2/metrics/cluster - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelConfigs }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} - {{- end }} - {{- if not .Values.metrics.serviceMonitor.public }} - bearerTokenSecret: - name: {{ template "minio.fullname" . }}-prometheus - key: token - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: - app: {{ include "minio.name" . }} - release: {{ .Release.Name }} - monitoring: "true" -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/statefulset.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/statefulset.yaml deleted file mode 100644 index 7c73efc420..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -{{ $poolCount := .Values.pools | int }} -{{ $nodeCount := .Values.replicas | int }} -{{ $drivesPerNode := .Values.drivesPerNode | int }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $mountPath := .Values.mountPath }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -{{ $subPath := .Values.persistence.subPath }} -{{ $penabled := .Values.persistence.enabled }} -{{ $accessMode := .Values.persistence.accessMode }} -{{ $storageClass := .Values.persistence.storageClass }} -{{ $psize := .Values.persistence.size }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-svc - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - publishNotReadyAddresses: true - clusterIP: None - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} ---- -apiVersion: {{ template "minio.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - updateStrategy: - type: {{ .Values.StatefulSetUpdate.updateStrategy }} - podManagementPolicy: "Parallel" - serviceName: {{ template "minio.fullname" . }}-svc - replicas: {{ mul $poolCount $nodeCount }} - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", - "-ce", - "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] - volumeMounts: - {{- if $penabled }} - {{- if (gt $drivesPerNode 1) }} - {{- range $i := until $drivesPerNode }} - - name: export-{{ $i }} - mountPath: {{ $mountPath }}-{{ $i }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- else }} - - name: export - mountPath: {{ $mountPath }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} - {{- range $diskId := until $drivesPerNode}} - - metadata: - name: export-{{ $diskId }} - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} - {{- else }} - - metadata: - name: export - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/values.yaml b/charts/epinio/100.0.0+up1.2.1/charts/minio/values.yaml deleted file mode 100644 index f94c0bba50..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/charts/minio/values.yaml +++ /dev/null @@ -1,446 +0,0 @@ -## Provide a name in place of minio for `app:` labels -## -nameOverride: "" - -## Provide a name to substitute for the full names of resources -## -fullnameOverride: "" - -## set kubernetes cluster domain where minio is running -## -clusterDomain: cluster.local - -## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the -## -image: - repository: rancher/mirrored-minio-minio - tag: RELEASE.2022-05-08T23-50-31Z - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio -## client used to create a default bucket). -## -mcImage: - repository: rancher/mirrored-minio-mc - tag: RELEASE.2022-05-09T04-08-26Z - pullPolicy: IfNotPresent - -## minio mode, i.e. standalone or distributed or gateway. -mode: distributed ## other supported values are "standalone", "gateway" - -## Additional labels to include with deployment or statefulset -additionalLabels: [] - -## Additional annotations to include with deployment or statefulset -additionalAnnotations: [] - -## Typically the deployment/statefulset includes checksums of secrets/config, -## So that when these change on a subsequent helm install, the deployment/statefulset -## is restarted. This can result in unnecessary restarts under GitOps tooling such as -## flux, so set to "true" to disable this behaviour. -ignoreChartChecksums: false - -## Additional arguments to pass to minio binary -extraArgs: [] - -## Port number for MinIO S3 API Access -minioAPIPort: "9000" - -## Port number for MinIO Browser COnsole Access -minioConsolePort: "9001" - -## Update strategy for Deployments -DeploymentUpdate: - type: RollingUpdate - maxUnavailable: 0 - maxSurge: 100% - -## Update strategy for StatefulSets -StatefulSetUpdate: - updateStrategy: RollingUpdate - -## Pod priority settings -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" - -## Set default rootUser, rootPassword -## AccessKey and secretKey is generated when not set -## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide -## -rootUser: "" -rootPassword: "" - -## Use existing Secret that store following variables: -## -## | Chart var | .data. in Secret | -## |:----------------------|:-------------------------| -## | rootUser | rootUser | -## | rootPassword | rootPassword | -## -## All mentioned variables will be ignored in values file. -## .data.rootUser and .data.rootPassword are mandatory, -## others depend on enabled status of corresponding sections. -existingSecret: "" - -## Directory on the MinIO pof -certsPath: "/etc/minio/certs/" -configPathmc: "/etc/minio/mc/" - -## Path where PV would be mounted on the MinIO Pod -mountPath: "/export" -## Override the root directory which the minio server should serve from. -## If left empty, it defaults to the value of {{ .Values.mountPath }} -## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} -## -bucketRoot: "" - -# Number of drives attached to a node -drivesPerNode: 1 -# Number of MinIO containers running -replicas: 16 -# Number of expanded MinIO clusters -pools: 1 - -# Deploy if 'mode == gateway' - 4 replicas. -gateway: - type: "nas" # currently only "nas" are supported. - replicas: 4 - -## TLS Settings for MinIO -tls: - enabled: false - ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - certSecret: "" - publicCrt: public.crt - privateKey: private.key - -## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas -## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret -## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt. -## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret. -trustedCertsSecret: "" - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - annotations: {} - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## minio data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - ## Storage class of PV to bind. By default it looks for standard storage class. - ## If the PV uses a different storage class, specify that here. - storageClass: "" - VolumeName: "" - accessMode: ReadWriteOnce - size: 500Gi - - ## If subPath is set mount a sub folder of a volume instead of the root of the volume. - ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). - ## - subPath: "" - -## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - clusterIP: ~ - ## Make sure to match it to minioAPIPort - port: "9000" - nodePort: 32000 - -## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## - -ingress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -consoleService: - type: ClusterIP - clusterIP: ~ - ## Make sure to match it to minioConsolePort - port: "9001" - nodePort: 32001 - -consoleIngress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - console.minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -tolerations: [] -affinity: {} - -## Add stateful containers to have security context, if enabled MinIO will run as this -## user and group NOTE: securityContext is only enabled if persistence.enabled=true -securityContext: - enabled: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - -# Additational pod annotations -podAnnotations: {} - -# Additional pod labels -podLabels: {} - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 16Gi - -## List of policies to be created after minio install -## -## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics] -## you can define additional policies with custom supported actions and resources -policies: [] -## writeexamplepolicy policy grants creation or deletion of buckets with name -## starting with example. In addition, grants objects write permissions on buckets starting with -## example. -# - name: writeexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:AbortMultipartUpload" -# - "s3:GetObject" -# - "s3:DeleteObject" -# - "s3:PutObject" -# - "s3:ListMultipartUploadParts" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:CreateBucket" -# - "s3:DeleteBucket" -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## readonlyexamplepolicy policy grants access to buckets with name starting with example. -## In addition, grants objects read permissions on buckets starting with example. -# - name: readonlyexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:GetObject" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## Additional Annotations for the Kubernetes Job makePolicyJob -makePolicyJob: - podAnnotations: - annotations: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - -## List of users to be created after minio install -## -users: - ## Username, password and policy to be assigned to the user - ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] - ## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html - ## NOTE: this will fail if LDAP is enabled in your MinIO deployment - ## make sure to disable this if you are using LDAP. - - accessKey: console - secretKey: console123 - policy: consoleAdmin - # Or you can refer to specific secret - #- accessKey: externalSecret - # existingSecret: my-secret - # existingSecretKey: password - # policy: readonly - - -## Additional Annotations for the Kubernetes Job makeUserJob -makeUserJob: - podAnnotations: - annotations: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - -## List of buckets to be created after minio install -## -buckets: - # # Name of the bucket - # - name: bucket1 - # # Policy to be set on the - # # bucket [none|download|upload|public] - # policy: none - # # Purge if bucket exists already - # purge: false - # # set versioning for - # # bucket [true|false] - # versioning: false - # - name: bucket2 - # policy: none - # purge: false - # versioning: true - -## Additional Annotations for the Kubernetes Job makeBucketJob -makeBucketJob: - podAnnotations: - annotations: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - -## List of command to run after minio install -## NOTE: the mc command TARGET is always "myminio" -customCommands: - # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'" - -## Additional Annotations for the Kubernetes Job customCommandJob -customCommandJob: - podAnnotations: - annotations: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - -## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) -## when Chart is deployed -environment: - ## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html - ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io" - ## MINIO_BROWSER: "off" - -## The name of a secret in the same kubernetes namespace which contain secret values -## This can be useful for LDAP password, etc -## The key in the secret must be 'config.env' -## -# extraSecret: minio-extraenv - -networkPolicy: - enabled: false - allowExternal: true - -## PodDisruptionBudget settings -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## -podDisruptionBudget: - enabled: false - maxUnavailable: 1 - -## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' -## and 'name' is left unspecified, the account 'default' will be used. -serviceAccount: - create: true - ## The name of the service account to use. If 'create' is 'true', a service account with that name - ## will be created. - name: "minio-sa" - -metrics: - serviceMonitor: - enabled: false - public: true - additionalLabels: {} - relabelConfigs: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - -## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md -## Define endpoints to enable this section. -etcd: - endpoints: [] - pathPrefix: "" - corednsPathPrefix: "" - clientCert: "" - clientCertKey: "" diff --git a/charts/epinio/100.0.0+up1.2.1/questions.yml b/charts/epinio/100.0.0+up1.2.1/questions.yml deleted file mode 100644 index 856498d6c8..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/questions.yml +++ /dev/null @@ -1,160 +0,0 @@ -questions: -- variable: email - label: Email - description: "Email to use for getting notifications about your certificates" - type: string - required: false - group: "General settings" -- variable: certManagerNamespace - label: Cert-manager namespace - description: "Namespace where cert-manager is installed in" - type: string - required: false - group: "Advanced settings" -- variable: ingress.ingressClassName - label: Ingress class name for the server - description: "Set a class name to select the ingress controller you want to use for the server" - type: string - group: "Advanced settings" -- variable: server.ingressClassName - label: Ingress class name for apps - description: "Set a class name to select the ingress controller you want to use for your apps" - type: string - group: "Advanced settings" -- variable: serviceCatalog.enableDevServices - label: Enable catalog services for development - default: "true" - description: "Enables services in the Epinio service catalog, meant to be used in development (because they are running in-cluster)" - type: boolean - group: "Advanced settings" -- variable: useCustomTlsIssuer - label: Use your own TLS issuer - default: "false" - description: "Use your own TLS issuer" - type: boolean - group: "General settings" - show_subquestion_if: true - subquestions: - - variable: customTlsIssuer - label: TLS issuer - description: "Name of the cluster issuer to use" - type: string - required: false -- variable: global.tlsIssuer - show_if: "useCustomTlsIssuer=false" - label: TLS issuer - description: "Name of the predefined cluster issuer to use" - type: enum - required: false - group: "General settings" - options: - - "epinio-ca" - - "selfsigned-issuer" - - "letsencrypt-production" -- variable: api.username - label: API username - description: "The user name for authenticating all API requests" - type: string - required: false - group: "General settings" -- variable: api.passwordBcrypt - label: API password - description: "The password for authenticating all API requests (hashed with Bcrypt)" - type: password - required: false - group: "General settings" -- variable: global.domain - label: Domain - description: "Domain for the application" - type: string - required: true - group: "General settings" -- variable: server.accessControlAllowOrigin - label: Access control allow origin - description: "Domain which serves the Rancher UI (to access the API)" - type: string - required: false - group: "General settings" -- variable: kubed.enabled - label: Install kubed - description: "Deploy kubed or skip it if you get it installed already" - type: boolean - group: "Advanced settings" -- variable: containerregistry.enabled - description: "Disable local container registry to configure an external registry." - label: Install local container registry - type: boolean - show_subquestion_if: false - group: "External registry" - subquestions: - - variable: global.registryURL - label: External registry url - description: "URL of your external registry" - type: string - required: false - - variable: global.registryUsername - label: External registry username - description: "Username to authenticate to the external registry" - type: string - required: false - - variable: global.registryPassword - label: External registry password - description: "Password to authenticate to the external registry" - type: password - required: false - - variable: global.registryNamespace - label: External registry namespace - description: "The organization part of the registry path for an external registry where you have push access" - type: string - required: false -- variable: minio.enabled - label: Install Minio - description: "Disable Minio to configure an external s3 storage." - type: boolean - show_subquestion_if: false - group: "External S3 storage" - subquestions: - - variable: s3.endpoint - label: S3 endpoint - description: "Endpoint of your S3 storage" - type: string - required: false - - variable: s3.accessKeyID - label: S3 access key id - description: "Access key id to authenticate to your S3 storage" - type: string - required: false - - variable: s3.secretAccessKey - label: S3 access key secret - description: "Secret access key to authenticate to your S3 storage" - type: password - required: false - - variable: s3.bucket - label: S3 bucket - description: "Bucket of your S3 storage" - type: string - required: false - - variable: s3.region - label: S3 region - description: "Region of your S3 storage" - type: string - required: false - - variable: s3.useSSL - label: S3 use SSL - type: boolean - required: false - - variable: s3.certificateSecret - label: Self signed certificate for S3 - description: Set it to an existing secret if s3 is using a self signed certificate - type: string - required: false -- variable: server.traceLevel - label: Epinio API Log Level - required: false - type: string - group: "Debugging" -- variable: server.timeoutMultiplier - label: Timeout Multiplier - required: false - type: string - group: "Debugging" diff --git a/charts/epinio/100.0.0+up1.2.1/templates/_helpers.tpl b/charts/epinio/100.0.0+up1.2.1/templates/_helpers.tpl deleted file mode 100644 index 2784ae6c0e..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/_helpers.tpl +++ /dev/null @@ -1,179 +0,0 @@ -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} - -{{/* -URL of the registry epinio uses to store workload images -*/}} -{{- define "epinio.registry-url" -}} -{{- if .Values.containerregistry.enabled -}} -{{- printf "registry.%s.svc.cluster.local:5000" .Release.Namespace }} -{{- else -}} -{{- .Values.global.registryURL }} -{{- end -}} -{{- end -}} - -{{/* -URL of the minio epinio installed -*/}} -{{- define "epinio.minio-url" -}} -{{- if .Values.minio.enabled -}} -{{- printf "%s.%s.svc.cluster.local:9000" .Values.minio.fullnameOverride .Release.Namespace }} -{{- else -}} -{{- .Values.s3.endpoint }} -{{- end -}} -{{- end -}} - -{{/* -Host name of the minio epinio installed -*/}} -{{- define "epinio.minio-hostname" -}} -{{- printf "%s.%s.svc.cluster.local" .Values.minio.fullnameOverride .Release.Namespace }} -{{- end -}} - - -{{/* -PVC cleanup hooks for bitnami helm chart based catalog services -# https://github.com/epinio/epinio/issues/1386 -# https://docs.bitnami.com/kubernetes/apps/aspnet-core/administration/deploy-extra-resources/ -*/}} -{{- define "epinio.catalog-service-values" -}} -{{ printf ` -extraDeploy: - - | - # Create a service account, role and binding to allow to list, get and - # delete PVCs. It should be used by the job below. - - # To ensure the resources are deleted, use this annotation: - # - # annotations: - # "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - - # https://helm.sh/docs/topics/charts_hooks/#hook-resources-are-not-managed-with-corresponding-releases - # https://helm.sh/docs/topics/charts_hooks/#hook-deletion-policies - - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - - --- - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - kind: Role - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - rules: - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - delete - - list - - --- - kind: RoleBinding - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-5" - subjects: - - kind: ServiceAccount - name: "pvc-deleter-{{ .Release.Name }}" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "pvc-deleter-{{ .Release.Name }}" - - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": hook-succeeded - spec: - template: - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - serviceAccountName: "pvc-deleter-{{ .Release.Name }}" - containers: - - name: post-install-job - image: "%s" - command: ["kubectl", "delete", "pvc", "-n", "{{ .Release.Namespace }}", "-l", "app.kubernetes.io/instance={{ .Release.Name }}"] -` (print (include "registry-url" .) .Values.image.kubectl.repository ":" .Values.image.kubectl.tag) | indent 4}} -{{- end -}} - -{{/* -Removes characters that are invalid for kubernetes resource names from the -given string -*/}} -{{- define "epinio-name-sanitize" -}} -{{ regexReplaceAll "[^-a-z0-9]*" . "" }} -{{- end }} - -{{/* -Resource name sanitization and truncation. -- Always suffix the sha1sum (40 characters long) -- Always add an "r" prefix to make sure we don't have leading digits -- The rest of the characters up to 63 are the original string with invalid -character removed. -*/}} -{{- define "epinio-truncate" -}} -{{ print "r" (trunc 21 (include "epinio-name-sanitize" .)) "-" (sha1sum .) }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/cluster-issuers.yaml b/charts/epinio/100.0.0+up1.2.1/templates/cluster-issuers.yaml deleted file mode 100644 index 319f81b537..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/cluster-issuers.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Self-signed issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} - ---- -# Let's encrypt production issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - email: {{ .Values.email }} - preferredChain: "" - privateKeySecretRef: - name: letsencrypt-production - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - {{- if .Values.ingress.ingressClassName }} - class: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - ingressTemplate: - metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - ---- -# Private CA (epinio-ca) issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: epinio-ca -spec: - ca: - secretName: epinio-ca-root - diff --git a/charts/epinio/100.0.0+up1.2.1/templates/container-registry.yaml b/charts/epinio/100.0.0+up1.2.1/templates/container-registry.yaml deleted file mode 100644 index c1099284bf..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/container-registry.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth - namespace: {{ .Release.Namespace }} -stringData: - # The only supported password format is bcrypt - htpasswd: {{ htpasswd .Values.global.registryUsername .Values.global.registryPassword | quote }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-registry - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - registry.{{ .Release.Namespace }}.svc.cluster.local - ipAddresses: - - 127.0.0.1 - issuerRef: - kind: ClusterIssuer - name: epinio-ca - secretName: epinio-registry-tls - ---- -apiVersion: v1 -kind: Service -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry - port: 5000 - targetPort: 5000 - -{{ if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: registry-node - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: NodePort - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry-sidecar - port: 30500 - targetPort: 30500 - nodePort: 30500 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: {{ .Release.Namespace }} -data: - nginx.conf: | - server { - listen 30500 default_server; - server_name 127.0.0.1; - - location / { - proxy_pass https://localhost:5000/; - } - } -{{- end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - template: - metadata: - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - spec: - containers: -{{ if .Values.containerregistry.enabled }} - - name: nginx - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.nginx.repository}}:{{ .Values.containerregistry.image.nginx.tag }}" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 5000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 5000 - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /var/cache/nginx/ - name: nginx-run - - mountPath: /var/run/ - name: nginx-run -{{- end }} - - name: registry - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.registry.repository}}:{{ .Values.containerregistry.image.registry.tag }}" - imagePullPolicy: {{ .Values.containerregistry.imagePullPolicy }} - env: - - name: REGISTRY_AUTH - value: htpasswd - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: Registry Realm - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: /etc/registry/auth/htpasswd - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: "/certs/tls.crt" - - name: REGISTRY_HTTP_TLS_KEY - value: "/certs/tls.key" - volumeMounts: - - name: registry - mountPath: /var/lib/registry - readOnly: false - - name: auth - mountPath: /etc/registry/auth - readOnly: true - - name: certs - mountPath: /certs - readOnly: true - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: registry - emptyDir: {} - - name: auth - secret: - secretName: auth - - name: certs - secret: - secretName: epinio-registry-tls -{{ if .Values.containerregistry.enabled }} - - name: nginx-conf - configMap: - name: nginx-conf - - name: nginx-cache - emptyDir: {} - - name: nginx-run - emptyDir: {} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/default-app-chart.yaml b/charts/epinio/100.0.0+up1.2.1/templates/default-app-chart.yaml deleted file mode 100644 index c0c712965a..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/default-app-chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: application.epinio.io/v1 -kind: AppChart -metadata: - namespace: {{ .Release.Namespace }} - name: standard - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-standard-app-chart - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} -spec: - shortDescription: Epinio standard deployment - description: Epinio standard support chart for application deployment - helmChart: /assets/epinio-application-0.1.21.tgz diff --git a/charts/epinio/100.0.0+up1.2.1/templates/default-user.yaml b/charts/epinio/100.0.0+up1.2.1/templates/default-user.yaml deleted file mode 100644 index a9cb0294e8..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/default-user.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- range .Values.api.users }} ---- -apiVersion: v1 -kind: Secret -type: BasicAuth -metadata: - labels: - epinio.io/api-user-credentials: "true" - epinio.io/role: {{ .role }} - name: {{ include "epinio-truncate" (print "user-" .username) }} - namespace: {{ $.Release.Namespace }} -stringData: - username: {{ .username }} - password: {{ .passwordBcrypt }} - namespaces: | - {{ join "\n" .workspaces -}} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/ingress.yaml b/charts/epinio/100.0.0+up1.2.1/templates/ingress.yaml deleted file mode 100644 index 29890c8ce2..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - nginx.ingress.kubernetes.io/ssl-redirect: {{ .Values.ingress.nginxSSLRedirect | quote }} - nginx.ingress.kubernetes.io/proxy-body-size: 100m - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - labels: - app.kubernetes.io/name: epinio - name: epinio - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: "epinio.{{ .Values.global.domain }}" - http: - paths: - - backend: - service: - name: epinio-server - port: - number: 80 - path: /api - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /wapi - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /ready - pathType: Exact - {{- if ".Values.epinio-ui.enabled" }} - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: Prefix - {{- end }} - tls: - - hosts: - - "epinio.{{ .Values.global.domain }}" - secretName: epinio-tls diff --git a/charts/epinio/100.0.0+up1.2.1/templates/psp.yaml b/charts/epinio/100.0.0+up1.2.1/templates/psp.yaml deleted file mode 100644 index 3e0240be26..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-server-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-server-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server-psp -subjects: - - kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/s3-secret.yaml b/charts/epinio/100.0.0+up1.2.1/templates/s3-secret.yaml deleted file mode 100644 index 294735447f..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/s3-secret.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Generated credentials for minio. Used only if minio is enabled. -{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace "minio-creds").data -}} -{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.accesskey)) -}} -{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.secretkey)) -}} - -# Minio values if minio is enabled, otherwise the user provided values -{{- $s3Endpoint := include "epinio.minio-url" . -}} -{{- $s3AccessKey := .Values.minio.enabled | ternary $accessKey .Values.s3.accessKeyID -}} -{{- $s3SecretKey := .Values.minio.enabled | ternary $secretKey .Values.s3.secretAccessKey -}} -{{- $s3Bucket := .Values.minio.enabled | ternary "epinio" .Values.s3.bucket -}} -{{- $s3UseSSL := .Values.minio.enabled | ternary true .Values.s3.useSSL -}} -{{- $s3Region := .Values.minio.enabled | ternary "" .Values.s3.region -}} - ---- -# The S3 connection details as required by the staging Job (in "ini" format) -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-s3-connection-details - namespace: {{ .Release.Namespace }} -stringData: - bucket: {{ $s3Bucket }} - config: |- - [default] - region={{ $s3Region }} - credentials: |- - [default] - aws_access_key_id={{ $s3AccessKey }} - aws_secret_access_key={{ $s3SecretKey }} - endpoint: {{ $s3Endpoint | quote }} - useSSL: {{ $s3UseSSL | quote }} - -# The S3 connection details as required by minio deployment -# https://github.com/minio/minio/blob/8ae46bce937567e682d14f7fe845b8ff67e549d2/helm/minio/values.yaml#L81 -# Secrets get created first so Minio should find it there when it needs it. -# https://github.com/helm/helm/blob/release-3.0/pkg/releaseutil/kind_sorter.go ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: minio-creds - namespace: {{ .Release.Namespace }} -stringData: - rootUser: {{ $s3AccessKey | quote }} - rootPassword: {{ $s3SecretKey | quote }} - accesskey: {{ $s3AccessKey | quote }} - secretkey: {{ $s3SecretKey | quote }} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/server.yaml b/charts/epinio/100.0.0+up1.2.1/templates/server.yaml deleted file mode 100644 index c952da21f2..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/server.yaml +++ /dev/null @@ -1,345 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - update - - delete -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - post -- apiGroups: - - "" - resources: - - pods/portforward - verbs: - - get -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - update - - delete - - get - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - update - - patch -- apiGroups: - - servicecatalog.k8s.io - resources: - - servicebindings - verbs: - - create - - get - - delete - - list -- apiGroups: - - servicecatalog.k8s.io - resources: - - serviceinstances - verbs: - - create - - delete - - get - - list -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - create - - delete -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete -- apiGroups: - - "cert-manager.io" - resources: - - certificates - verbs: - - create -- apiGroups: - - application.epinio.io - resources: - - apps - verbs: - - get - - list - - create - - delete - - patch - - update -- apiGroups: - - "metrics.k8s.io" - resources: - - pods - verbs: - - list -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: epinio-server-role - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - template: - metadata: - labels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - spec: - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - serviceAccountName: epinio-server - volumes: - - name: tmp-volume - emptyDir: {} - - name: asset-volume - secret: - secretName: epinio-assets - containers: - - command: ["/epinio", "server"] - args: ["--port", "8030"] - env: - - name: EPINIO_SETTINGS - value: /tmp/settings.yaml - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - - name: ACCESS_CONTROL_ALLOW_ORIGIN - value: "{{ .Values.server.accessControlAllowOrigin }}" - - name: EPINIO_TIMEOUT_MULTIPLIER - value: "{{ .Values.server.timeoutMultiplier }}" - - name: TLS_ISSUER - value: "{{ .Values.global.tlsIssuer }}" - - name: TRACE_LEVEL - value: "{{ .Values.server.traceLevel }}" - {{- if or .Values.s3.certificateSecret .Values.minio.enabled }} - - name: S3_CERTIFICATE_SECRET - value: {{ default "minio-tls" .Values.s3.certificateSecret }} - {{- end }} - {{- if .Values.containerregistry.enabled }} - - name: REGISTRY_CERTIFICATE_SECRET - value: "epinio-registry-tls" - {{- end }} - {{- if .Values.ingress.ingressClassName }} - - name: INGRESS_CLASS_NAME - value: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 12 -}} - {{- end }} - image: "{{ default .Values.image.epinio.registry (include "registry-url" .) }}{{ .Values.image.epinio.repository }}:{{ default .Chart.AppVersion .Values.image.epinio.tag }}" - livenessProbe: - httpGet: - path: /ready - port: 8030 - name: epinio-server - ports: - - containerPort: 8030 - volumeMounts: - - name: tmp-volume - mountPath: /tmp - - name: asset-volume - mountPath: /assets - readinessProbe: - httpGet: - path: /ready - port: 8030 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8030 - selector: - app.kubernetes.io/name: epinio-server diff --git a/charts/epinio/100.0.0+up1.2.1/templates/service-catalog.yaml b/charts/epinio/100.0.0+up1.2.1/templates/service-catalog.yaml deleted file mode 100644 index 8be7272ba3..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/service-catalog.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# These are three simple Services to fill the Service Catalog -{{ if .Values.serviceCatalog.enableDevServices }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: postgresql-dev - namespace: {{ .Release.Namespace }} -spec: - name: postgresql-dev - shortDescription: A PostgreSQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami PostreSQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/postgresql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: postgresql - chartVersion: 11.1.28 - serviceIcon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png - appVersion: 14.2.0 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mysql-dev - namespace: {{ .Release.Namespace }} -spec: - name: mysql-dev - shortDescription: A MySQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MySQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mysql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mysql - chartVersion: 8.9.6 - serviceIcon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png - appVersion: 8.0.29 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: redis-dev - namespace: {{ .Release.Namespace }} -spec: - name: redis-dev - shortDescription: A Redis service that can be used during development - description: | - This service is going to deploy a simple default Bitnami Redis instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/redis/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: redis - chartVersion: 16.9.2 - serviceIcon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png - appVersion: 6.2.7 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: rabbitmq-dev - namespace: {{ .Release.Namespace }} -spec: - name: rabbitmq-dev - shortDescription: A RabbitMQ service that can be used during development - description: | - This service is going to deploy a simple default Bitnami RabbitMQ instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: rabbitmq - chartVersion: 9.0.5 - serviceIcon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png - appVersion: 3.9.17 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mongodb-dev - namespace: {{ .Release.Namespace }} -spec: - name: mongodb-dev - shortDescription: A MongoDB service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MongoDB instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mongodb/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mongodb - chartVersion: 13.1.0 - serviceIcon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png - appVersion: 6.0.1 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} -{{- end }} diff --git a/charts/epinio/100.0.0+up1.2.1/templates/stage-scripts.yaml b/charts/epinio/100.0.0+up1.2.1/templates/stage-scripts.yaml deleted file mode 100644 index adc26f1de0..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/templates/stage-scripts.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: epinio-stage-scripts - namespace: {{ .Release.Namespace }} -data: - builderImage: "{{ template "registry-url" . }}{{ .Values.image.builder.repository}}:{{ .Values.image.builder.tag }}" - downloadImage: "{{ template "registry-url" . }}{{ .Values.image.awscli.repository}}:{{ .Values.image.awscli.tag }}" - unpackImage: "{{ template "registry-url" . }}{{ .Values.image.bash.repository}}:{{ .Values.image.bash.tag }}" - download: |- - # Parameters - # - PROTOCOL # s3 protocol - # - ENDPOINT # s3 endpoint - # - BUCKET # s3 bucket - # - BLOBID # blob id / file name for source archive - # - # This data is set in the chart only for an external s3. For - # internal s3 the chart has no information. Therefore we cannot - # use helm templating to insert these. - echo By _ _ __ ___ _____ $(whoami) $(pwd) - cat /etc/ssl/certs/ca-bundle.crt > /tmp/ca-bundle.pem - test -f /certs/ca.crt && cat /certs/ca.crt >> /tmp/ca-bundle.pem - test -f /certs/tls.crt && cat /certs/tls.crt >> /tmp/ca-bundle.pem - aws --ca-bundle /tmp/ca-bundle.pem --endpoint-url "${PROTOCOL}://${ENDPOINT}" s3 cp "s3://${BUCKET}/${BLOBID}" "/workspace/source/${BLOBID}" - echo _ _ __ ___ _____ Done - unpack: |- - # Parameters - # - BLOBID # blob id / file name for source archive - # - # Attempting to unpack the sources as, in order: - # .tar - epinio cli - # .zip - epinio UI - # -z .tar.gz - # -j .tar.bz2 - # -J .tar.xz - # - # __Note__: While it would have been nicer, IMNSHO, to use `file` to determine the - # type of the file and then directly dispatch to the proper unpacker, the `file` - # command is not available in the `bash` image. The code as written now relies on each - # unpacker to recognize/reject input properly. - # - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -f "/workspace/source/${BLOBID}" ; then - echo Nothing to unpack - exit - fi - mkdir /workspace/source/app - ( cd /workspace/source/app - ( echo Tar? ; tar -xvf "../${BLOBID}" ) || \ - ( echo Zip? ; unzip "../${BLOBID}" ) || \ - ( echo Tgz? ; tar -xvzf "../${BLOBID}" ) || \ - ( echo Tbz? ; tar -xvjf "../${BLOBID}" ) || \ - ( echo Txz? ; tar -xvJf "../${BLOBID}" ) || \ - ( echo "Unable to unpack. No supported archive file format found" ; exit 1 ) - echo OK - ) - rm "/workspace/source/${BLOBID}" - mkdir -p /workspace/source/env - cp -vL /workspace/source/appenv/* /workspace/source/env - chown -R 1000:1000 /workspace 2> /dev/null - find /workspace - echo _ _ __ ___ _____ Done - build: |- - # Parameters - # - PREIMAGE # url of previous image - # - APPIMAGE # url of application image - # - # ATTENTION: The `curl localhost:4191` command is used to stop the linkerd proxy - # container gracefully. We use `|| true` in case linkerd is not deployed. Further, it - # is placed into a trap to ensure that it will always run, even for a staging failure. - # Error output generated when linkerd is not present/up is squashed (dev/null). - # These messages are irrelevant, the situation is not an error, and allowing them through - # would confuse users (readers of app staging logs). - set -e - trap "curl -X POST http://localhost:4191/shutdown 2> /dev/null || true" EXIT - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -d "/workspace/source/app" ; then - echo Nothing to build - sleep 60 # linkerd is a pain - If we exit to quickly, with the sidecar not ready our curl to shut it down does nothing, and then the sidecar comes up and prevents the pod from ending - exit 1 - fi - find /workspace - /cnb/lifecycle/creator \ - -app=/workspace/source/app \ - -cache-dir=/workspace/cache \ - -uid=1000 \ - -gid=1000 \ - -layers=/layers \ - -platform=/workspace/source \ - -report=/layers/report.toml \ - -process-type=web \ - -skip-restore=false \ - "-previous-image=${PREIMAGE}" \ - "${APPIMAGE}" - echo _ _ __ ___ _____ Done diff --git a/charts/epinio/100.0.0+up1.2.1/values.schema.json b/charts/epinio/100.0.0+up1.2.1/values.schema.json deleted file mode 100644 index 98ac5283df..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/values.schema.json +++ /dev/null @@ -1,393 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "epinio": { - "type": "object", - "properties": { - "registry": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "bash": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "awscli": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "kubectl": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - } - }, - "server": { - "description": "server configuration", - "type": "object", - "properties": { - "accessControlAllowOrigin": { - "type": "string" - }, - "timeoutMultiplier": { - "type": "integer" - }, - "traceLevel": { - "type": "integer" - }, - "registryCertificateSecret": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - } - }, - "ingress": { - "ingressClassName": { - "type": "string" - }, - "annotations": { - "type": "object" - }, - "nginxSSLRedirect": { - "type": "string" - } - }, - "s3": { - "description": "s3 connection details", - "type": "object", - "properties": { - "endpoint": { - "type": "string" - }, - "bucket": { - "type": "string" - }, - "region": { - "type": "string" - }, - "accessKeyID": { - "type": "string" - }, - "secretAccessKey": { - "type": "string" - }, - "certificateSecret": { - "type": "string" - }, - "useSSL": { - "type": "boolean" - } - }, - "required": [ - "endpoint", - "bucket", - "accessKeyID", - "secretAccessKey" - ] - }, - "api": { - "description": "API access configuration", - "type": "object", - "properties": { - "users": { - "description": "Default Epinio users", - "type": "array", - "items": { - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "passwordBcrypt": { - "type": "string" - }, - "role": { - "type": "string" - }, - "workspaces": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "username", - "passwordBcrypt", - "role" - ] - } - } - } - }, - "certManagerNamespace": { - "description": "the namespace there cert-manager controller is deployed", - "type": "string" - }, - "domain": { - "description": "the domain that will be used to access the Epinio API", - "type": "string" - }, - "global": { - "type": "object", - "properties": { - "cattle": { - "type": "object", - "properties": { - "systemDefaultRegistry": { - "type": "string" - } - } - }, - "domain": { - "type": "string" - }, - "tlsIssuer": { - "type": "string" - }, - "registryURL": { - "type": "string" - }, - "registryUsername": { - "type": "string" - }, - "registryPassword": { - "type": "string" - }, - "registryNamespace": { - "type": "string" - } - }, - "required": [ - "domain" - ] - }, - "containerregistry": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "nginx": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "registry": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - }, - "required": [ - "nginx", - "registry" - ] - }, - "imagePullPolicy": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - }, - "required": [ - "enabled", - "image", - "imagePullPolicy", - "ingressClassName" - ] - }, - "epinio-ui": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ] - } - }, - "required": [ - "enabled", - "ingress" - ] - }, - "kubed": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "enableAnalytics": { - "type": "boolean" - }, - "fullnameOverride": { - "type": "string" - } - }, - "required": [ - "enabled", - "enableAnalytics", - "fullnameOverride" - ] - }, - "minio": { - "type": "object", - "properties": { - "drivesPerNode": { - "type": "integer" - }, - "enabled": { - "type": "boolean" - }, - "existingSecret": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "makeUserJob": { - "type": "object", - "properties": { - "podAnnotations": { - "type": "object" - } - }, - "required": [ - "podAnnotations" - ] - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string" - } - }, - "required": [ - "size" - ] - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string" - } - }, - "required": [ - "memory" - ] - } - }, - "required": [ - "requests" - ] - }, - "tls": { - "type": "object", - "properties": { - "certSecret": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "privateKey": { - "type": "string" - }, - "publicCrt": { - "type": "string" - } - }, - "required": [ - "certSecret", - "enabled", - "privateKey", - "publicCrt" - ] - } - }, - "required": [ - "drivesPerNode", - "enabled", - "existingSecret", - "fullnameOverride", - "makeUserJob", - "persistence", - "replicas", - "resources", - "tls" - ] - } - }, - "required": [ - "certManagerNamespace", - "s3" - ] -} diff --git a/charts/epinio/100.0.0+up1.2.1/values.yaml b/charts/epinio/100.0.0+up1.2.1/values.yaml deleted file mode 100644 index 4cca1951af..0000000000 --- a/charts/epinio/100.0.0+up1.2.1/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -## Default values for Epinio Helm Chart. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# The email address you are planning to use for getting notifications about your certificates. -email: "epinio@suse.com" -image: - epinio: - repository: rancher/mirrored-epinio-epinio-server - tag: v1.2.0 - bash: - repository: rancher/mirrored-epinio-epinio-unpacker - tag: "1.0" - awscli: - repository: rancher/mirrored-amazon-aws-cli - tag: 2.0.52 - kubectl: - repository: rancher/kubectl - tag: v1.22.6 - builder: - repository: rancher/mirrored-paketobuildpacks-builder - tag: 0.2.95-full -server: - # Domain which serves the Rancher UI (to access the API) - accessControlAllowOrigin: "" - # increase this value to increase all timeouts by the same factor - timeoutMultiplier: 1 - # Increase this value to instruct the API server to produce more debug output - traceLevel: 0 - # The ingressClassName is used to select the ingress controller for apps. If empty no class will be added to their ingresseses. - ingressClassName: "" -ingress: - # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. - ingressClassName: "" - # Annotations to add to the API ingress - # e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false' - annotations: {} - # nginxSSLRedirect to controll https->http redirects - nginxSSLRedirect: "true" -certManagerNamespace: cert-manager -# Connection details for the S3 storage -s3: - endpoint: s3.amazonaws.com - bucket: "" - region: "" - accessKeyID: "" - secretAccessKey: "" - useSSL: true - # Set it to an existing secret if S3 is using a self signed cert - certificateSecret: "" -api: - # Default users - users: - - username: admin - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: admin - - username: epinio - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: user - workspaces: - - workspace -# Extra environment variables passed to the epinio-server pod. -# extraEnv: -# - name: MY_ENV_VAR -# value: "1.0" -# Minio subchart values -minio: - enabled: true - # hardcode this, to avoid problems with release name - fullnameOverride: minio - existingSecret: minio-creds - tls: - enabled: true - certSecret: minio-tls - publicCrt: tls.crt - privateKey: tls.key - persistence: - size: 2Gi - drivesPerNode: 4 - replicas: 1 - resources: - requests: - memory: 1Gi - makeUserJob: - podAnnotations: - linkerd.io/inject: disabled -epinio-ui: - enabled: true - epinioTheme: light - epinioVersion: "v1.2.0" - ingress: - enabled: false -kubed: - enabled: true - fullnameOverride: kubed - enableAnalytics: false -containerregistry: - enabled: true - image: - registry: - repository: rancher/mirrored-library-registry - tag: 2.8.1 - nginx: - repository: rancher/mirrored-library-nginx - tag: 1.23.0-alpine - imagePullPolicy: IfNotPresent - # The ingressClassName is used to select the ingress controller. If - # empty no class will be added to the ingresses. - ingressClassName: "" -serviceCatalog: - # Enable service catalog service for development - enableDevServices: true -global: - rbac: - pspEnabled: true - # The domain that will be used to access the epinio API server and the registry - domain: "" - # Connection details for the container registry. - registryURL: "" # Skip if containerregistry.enabled is true - registryUsername: "admin" - registryPassword: "changeme" - registryNamespace: "apps" # Used in registry path when pushing -> "external.tld/apps/APPNAME" - # The name of the cluster issuer to use. - # Epinio creates three options: 'epinio-ca', 'letsencrypt-production', and 'selfsigned-issuer'. - tlsIssuer: "epinio-ca" - # The URL of the container registry from where to pull container images for the various - # created Pods. Don't confuse this registry with the "Epinio registry" which is the one - # where Epinio stores the application images. - cattle: - systemDefaultRegistry: "" diff --git a/charts/epinio/100.0.5+up1.6.2/Chart.lock b/charts/epinio/100.0.5+up1.6.2/Chart.lock deleted file mode 100644 index 2429c2dc62..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/Chart.lock +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: dex - repository: https://charts.dexidp.io - version: 0.12.1 -- name: minio - repository: https://charts.min.io/ - version: 5.0.4 -- name: kubed - repository: https://charts.appscode.com/stable/ - version: v0.13.2 -- name: epinio-ui - repository: https://epinio.github.io/helm-charts - version: 1.5.3 -digest: sha256:edaf7fec6b9567423ca0175493c21a542afe293e3a48d853acf9eb0b3d36024a -generated: "2023-01-12T09:59:16.775081808+01:00" diff --git a/charts/epinio/100.0.5+up1.6.2/Chart.yaml b/charts/epinio/100.0.5+up1.6.2/Chart.yaml deleted file mode 100644 index c0e1728aae..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/Chart.yaml +++ /dev/null @@ -1,50 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 -apiVersion: v2 -appVersion: v1.6.2 -dependencies: -- condition: dex.enabled, global.dex.enabled - name: dex - repository: file://./charts/dex - tags: - - dex -- condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui -- condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed -- condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio -description: Epinio deploys Kubernetes applications directly from source code in one - step. -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio -sources: -- https://github.com/epinio/epinio -version: 100.0.5+up1.6.2 diff --git a/charts/epinio/100.0.5+up1.6.2/README.md b/charts/epinio/100.0.5+up1.6.2/README.md deleted file mode 100644 index 7bf1d15521..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Epinio Helm Chart - -From app to URL in one command. - -## Introduction - -This chart deploys Epinio PaaS on a Kubernetes cluster. It also deploys some of -its dependencies as subcharts. - -The documentation is centralized in the [doc website](https://docs.epinio.io). - -## Prerequisites - -Epinio needs a number of external components to be running on your cluster in order to -work. You may already have those deployed, otherwise follow the instructions here -to deploy them. - -Important: Some of the namespaces of the components are hardcoded in the Epinio -code and thus are important to be the same as described here. In the future this -may be configurable on the Epinio Helm chart. - -### Ingress Controller - -Epinio creates Ingress resources for the API server, the applications and depending -on your setup, the internal container registry. Those resources won't work unless -an Ingress controller is running on your cluster. - -If you don't have an Ingress controller already running, you can install Traefik with: - -``` -$ kubectl create namespace traefik -$ export LOAD_BALANCER_IP=$(LOAD_BALANCER_IP:-) # Set this to the IP of your load balancer if you know that -$ helm install traefik --namespace traefik "https://helm.traefik.io/traefik/traefik-10.3.4.tgz" \ - --set globalArguments='' \ - --set-string ports.web.redirectTo=websecure \ - --set-string ingressClass.enabled=true \ - --set-string ingressClass.isDefaultClass=true \ - --set-string service.spec.loadBalancerIP=$LOAD_BALANCER_IP -``` - -### Cert Manager - -Epinio needs [cert-manager](https://cert-manager.io/) in order to create TLS -certificates for the various Ingresses (see "Ingress controller" above). - -If cert-manager is not already installed on the cluster, it can be installed like this: - -``` -$ kubectl create namespace cert-manager -$ helm repo add jetstack https://charts.jetstack.io -$ helm repo update -$ helm install cert-manager --namespace cert-manager jetstack/cert-manager \ - --set installCRDs=true \ - --set extraArgs[0]=--enable-certificate-owner-ref=true -``` - -### Kubed - -Kubed is installed as a subchart when `.Values.kubed.enabled` is true (default). -If you already have kubed running, you can skip the installation by setting -the helm value "kubed.enabled" to "false". - -### S3 storage - -Epinio is using an S3 compatible storage to store the application source code. -This chart will install [Minio](https://min.io/) when `.Values.minio.enabled` is -true (default). Any S3 compatible solution can be used instead by setting this -value to `false` and using [the values under `s3`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L44) -to point to the desired S3 server. - -### Container Registry - -When Epinio builds a container image for an application from source, it needs -to store that image to a container registry. Epinio installs a container registry -on the cluster when `.Values.containerregistry.enabled` is `true` (default). - -Any container registry that supports basic auth authentication can be used (e.g. gcr, dockerhub etc) -instead by setting this value to `false` and using -[the values under `registry`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L104-L107) -to point to the desired container registry. - -## Install Epinio - -If the above dependencies are available or going to be installed by this chart, -Epinio can be installed with the following: - -``` -$ helm repo add epinio https://epinio.github.io/helm-charts/ -$ helm install epinio -n epinio --create-namespace epinio/epinio --values epinio-values.yaml --set global.domain=myepiniodomain.org -``` - -The only value that is mandatory is the `.Values.global.domain` which -should be a wildcard domain, pointing to the IP address of your running -Ingress controller. diff --git a/charts/epinio/100.0.5+up1.6.2/app-readme.md b/charts/epinio/100.0.5+up1.6.2/app-readme.md deleted file mode 100644 index f02cc0c364..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -# Epinio PaaS - -Opinionated platform that runs on Kubernetes to take you from Code to URL in one step. - -__Attention__: - - - Requires `cert-manager` as dependency. - - Requires `helm-controller` as dependency. diff --git a/charts/epinio/100.0.5+up1.6.2/assets/epinio-application-0.1.24.tgz b/charts/epinio/100.0.5+up1.6.2/assets/epinio-application-0.1.24.tgz deleted file mode 100644 index 2cac4420b3..0000000000 Binary files a/charts/epinio/100.0.5+up1.6.2/assets/epinio-application-0.1.24.tgz and /dev/null differ diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/Chart.yaml b/charts/epinio/100.0.5+up1.6.2/charts/dex/Chart.yaml deleted file mode 100644 index fe64aabd13..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - artifacthub.io/changes: | - - kind: changed - description: "Update Dex to 2.35.3" - artifacthub.io/images: | - - name: dex - image: ghcr.io/dexidp/dex:v2.35.3 -apiVersion: v2 -appVersion: 2.35.3 -description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable - connectors. -home: https://dexidp.io/ -icon: https://dexidp.io/favicon.png -keywords: -- oidc -- oauth -- identity-provider -- saml -kubeVersion: '>=1.14.0-0' -maintainers: -- email: mark.sagikazar@gmail.com - name: sagikazarmark - url: https://sagikazarmark.hu -name: dex -sources: -- https://github.com/dexidp/dex -- https://github.com/dexidp/helm-charts/tree/master/charts/dex -type: application -version: 0.12.1 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/README.md b/charts/epinio/100.0.5+up1.6.2/charts/dex/README.md deleted file mode 100644 index 87812088cb..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/README.md +++ /dev/null @@ -1,177 +0,0 @@ -# dex - -![version: 0.12.1](https://img.shields.io/badge/version-0.12.1-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.35.3](https://img.shields.io/badge/app%20version-2.35.3-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) - -OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. - -**Homepage:** - -## TL;DR; - -```bash -helm repo add dex https://charts.dexidp.io -helm install --generate-name --wait dex/dex -``` - -## Getting started - -### Minimal configuration - -Dex requires a minimal configuration in order to work. -You can pass configuration to Dex using Helm values: - -```yaml -config: - # Set it to a valid URL - issuer: http://my-issuer-url.com - - # See https://dexidp.io/docs/storage/ for more options - storage: - type: memory - - # Enable at least one connector - # See https://dexidp.io/docs/connectors/ for more options - enablePasswordDB: true -``` - -The above configuration won't make Dex automatically available on the configured URL. -One (and probably the easiest) way to achieve that is configuring ingress: - -```yaml -ingress: - enabled: true - - hosts: - - host: my-issuer-url.com - paths: - - path: / -``` - -### Minimal TLS configuration - -HTTPS is basically mandatory these days, especially for authentication and authorization services. -There are several solutions for protecting services with TlS in Kubernetes, -but by far the most popular and portable is undoubtedly [Cert Manager](https://cert-manager.io). - -Cert Manager can be [installed](https://cert-manager.io/docs/installation/kubernetes) with a few steps: - -```shell -helm repo add jetstack https://charts.jetstack.io -helm repo update -kubectl create namespace cert-manager -helm install \ - cert-manager jetstack/cert-manager \ - --namespace cert-manager \ - --set installCRDs=true -``` - -The next step is setting up an [issuer](https://cert-manager.io/docs/concepts/issuer/) (eg. [Let's Encrypt](https://letsencrypt.org/)): - -```shell -cat <=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/psp.yaml b/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/psp.yaml deleted file mode 100644 index ab874e1f55..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/psp.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/servicemonitor.yaml b/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/servicemonitor.yaml deleted file mode 100644 index 34e161e81a..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/servicemonitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "dex.fullname" . }} - {{- with .Values.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: telemetry - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - jobLabel: {{ include "dex.fullname" . }} - selector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/values.yaml b/charts/epinio/100.0.5+up1.6.2/charts/dex/values.yaml deleted file mode 100644 index 42202be2b6..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/values.yaml +++ /dev/null @@ -1,275 +0,0 @@ -# Default values for dex. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- Number of replicas (pods) to launch. -replicaCount: 1 - -image: - # -- Name of the image repository to pull the container image from. - repository: rancher/mirrored-dexidp-dex - tag: v2.35.3 - - # -- [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for updating already existing images on a node. - pullPolicy: IfNotPresent - -# -- Reference to one or more secrets to be used when [pulling images](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) (from private registries). -imagePullSecrets: [] - -# -- A name in place of the chart name for `app:` labels. -nameOverride: "" - -# -- A name to substitute for the full names of resources. -fullnameOverride: "" - -# -- A list of hosts and IPs that will be injected into the pod's hosts file if specified. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hostname-and-name-resolution) -hostAliases: [] - -https: - # -- Enable the HTTPS endpoint. - enabled: false - -grpc: - # -- Enable the gRPC endpoint. - # Read more in the [documentation](https://dexidp.io/docs/api/). - enabled: false - -configSecret: - # -- Enable creating a secret from the values passed to `config`. - # If set to false, name must point to an existing secret. - create: true - - # -- The name of the secret to mount as configuration in the pod. - # If not set and create is true, a name is generated using the fullname template. - # Must point to secret that contains at least a `config.yaml` key. - name: "" - -# -- Application configuration. -# See the [official documentation](https://dexidp.io/docs/). -config: {} - -# -- Additional storage [volumes](https://kubernetes.io/docs/concepts/storage/volumes/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. -volumes: [] - -# -- Additional [volume mounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. -volumeMounts: [] - -# -- Additional environment variables mounted from [secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) or [config maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -envFrom: [] - -# -- Additional environment variables passed directly to containers. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -env: {} - -# -- Similar to env but with support for all possible configurations. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -envVars: [] -# - name: SOME_ENV_VAR -# value: value -# - name: SOME_ENV_VAR2 -# valueFrom: -# secretKeyRef: -# name: secret-name -# key: secret-key -# - name: SOME_ENV_VAR3 -# valueFrom: -# configMapKeyRef: -# name: config-map-name -# key: config-map-key - -serviceAccount: - # -- Enable service account creation. - create: true - - # -- Annotations to be added to the service account. - annotations: {} - - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - name: "dex-sa" - -rbac: - # -- Specifies whether RBAC resources should be created. - # If disabled, the operator is responsible for creating the necessary resources based on the templates. - create: true - - # -- Specifies which RBAC resources should be created. - # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) - createClusterScoped: true - -# -- Annotations to be added to pods. -podAnnotations: {} - -podDisruptionBudget: - # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). - # It is **highly recommended** for webhooks as disruptions can prevent launching new pods. - enabled: false - - # -- (int/percentage) Number or percentage of pods that must remain available. - minAvailable: - - # -- (int/percentage) Number or percentage of pods that can be unavailable. - maxUnavailable: - -# -- Specify a priority class name to set [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority). -priorityClassName: "" - -# -- Pod [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) for details. -podSecurityContext: {} - # fsGroup: 2000 - -# -- Container [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) for details. -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - # -- Annotations to be added to the service. - annotations: {} - - # -- Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). - type: ClusterIP - - # -- Internal cluster service IP (when applicable) - clusterIP: "" - - ports: - http: - # -- HTTP service port - port: 5556 - - # -- (int) HTTP node port (when applicable) - nodePort: - - https: - # -- HTTPS service port - port: 5554 - - # -- (int) HTTPS node port (when applicable) - nodePort: - - grpc: - # -- gRPC service port - port: 5557 - - # -- (int) gRPC node port (when applicable) - nodePort: - -ingress: - # -- Enable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). - enabled: false - - # -- Ingress [class name](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). - className: "" - - # -- Annotations to be added to the ingress. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress host configuration. - # @default -- See [values.yaml](values.yaml). - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - - # -- Ingress TLS configuration. - # @default -- See [values.yaml](values.yaml). - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -serviceMonitor: - # -- Enable Prometheus ServiceMonitor. - # See the [documentation](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/design.md#servicemonitor) and the [API reference](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) for details. - enabled: false - - # -- Namespace where the ServiceMonitor resource should be deployed. - # @default -- Release namespace. - namespace: "" - - # -- (duration) Prometheus scrape interval. - interval: - - # -- (duration) Prometheus scrape timeout. - scrapeTimeout: - - # -- Labels to be added to the ServiceMonitor. - labels: {} - -# -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. -# @default -- No requests or limits. -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# -- Autoscaling configuration (see [values.yaml](values.yaml) for details). -# @default -- Disabled by default. -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# -- [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. -nodeSelector: {} - -# -- [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for node taints. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -tolerations: [] - -# -- [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) configuration. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -affinity: {} - -# -- [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -topologySpreadConstraints: [] - -# -- Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) configuration. -strategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - -networkPolicy: - # -- Create [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) - enabled: false - # -- A list of network policy egress rules - egressRules: [] - # Allow DNS egress traffic - # - ports: - # - port: 53 - # protocol: UDP - # - port: 53 - # protocol: TCP - # Example to allow LDAP connector to reach LDAPs port on 1.2.3.4 server - # - to: - # - ipBlock - # cidr: 1.2.3.4/32 - # ports: - # - port: 636 - # protocol: TCP diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/.helmignore b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/Chart.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/Chart.yaml deleted file mode 100644 index a92cf86c34..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 -apiVersion: v2 -appVersion: v1.5.1-0.0.3 -description: A Helm chart for the Epinio UI -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio-ui -sources: -- https://github.com/epinio/ui -type: application -version: 1.5.3 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/_helpers.tpl b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/_helpers.tpl deleted file mode 100644 index 042c2f8611..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/_helpers.tpl +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "epinio-ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "epinio-ui.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "epinio-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "epinio-ui.labels" -}} -helm.sh/chart: {{ include "epinio-ui.chart" . }} -{{ include "epinio-ui.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "epinio-ui.selectorLabels" -}} -app.kubernetes.io/name: {{ include "epinio-ui.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "epinio-ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "epinio-ui.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -URL registry prefix for container images (Rancher compatibility support) -*/}} -{{- define "epinio-ui.registry" -}} -{{- if .Values.global.cattle -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/certificate.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/certificate.yaml deleted file mode 100644 index a04bc53fd7..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/certificate.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ .Values.global.tlsIssuer }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/ingress.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/ingress.yaml deleted file mode 100644 index 749ee71d61..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.ingress.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: {{ .Values.global.domain }} - http: - paths: - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - {{ .Values.global.domain }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/security.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/security.yaml deleted file mode 100644 index 3fd2cca0dd..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/security.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-ui-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-ui-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-ui-psp -subjects: - - kind: ServiceAccount - name: epinio-ui - namespace: {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/server.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/server.yaml deleted file mode 100644 index 8252344f76..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/server.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "epinio-ui").data -}} -{{- $encryptionKey := empty $secret | ternary (printf "%x" (randAscii 32)) (b64dec (default "" $secret.encryptionKey)) -}} -{{- $sessionSecret := empty $secret | ternary (randAlphaNum 16) (b64dec (default "" $secret.sessionSecret)) -}} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -stringData: - encryptionKey: {{ $encryptionKey }} - sessionSecret: {{ $sessionSecret }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "epinio-ui.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "epinio-ui.labels" . | nindent 8 }} - spec: - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.global.rbac.pspEnabled }} - serviceAccountName: epinio-ui -{{- end }} - containers: - - name: epinio-ui - image: {{ template "epinio-ui.registry" . }}{{ .Values.epinioUI.image.repository }}:{{ .Values.epinioUI.image.tag }} - imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }} - workingDir: /db - - env: - - name: ALLOWED_ORIGINS - value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioAllowedOrigins }} - - name: EPINIO_API_URL - value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioAPIURL }} - - name: EPINIO_WSS_URL - value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioWSSURL }} - - name: EPINIO_API_SKIP_SSL - value: {{ .Values.epinioAPISkipSSL | quote }} - - name: EPINIO_VERSION - value: {{ (default .Chart.Version .Values.epinioVersion) | quote}} - - name: EPINIO_THEME - value: {{ (default "light" .Values.epinioTheme) | quote }} - - name: HTTP_CLIENT_TIMEOUT_IN_SECS - value: "120" - - name: SESSION_STORE_SECRET - valueFrom: - secretKeyRef: - name: epinio-ui - key: sessionSecret - - name: SESSION_STORE_EXPIRY - value: "1440" - - name: UI_PATH - value: "/ui" - - name: AUTH_ENDPOINT_TYPE - value: epinio - - name: ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: epinio-ui - key: encryptionKey - - - name: DATABASE_PROVIDER - value: sqlite - - name: HTTPS - value: "false" - - name: CONSOLE_PROXY_TLS_ADDRESS - value: 0.0.0.0:8000 - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 8 }} - {{- end }} - - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/service.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/service.yaml deleted file mode 100644 index 442a726425..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- include "epinio-ui.selectorLabels" . | nindent 4 }} - ports: - - name: ui - port: 80 - targetPort: 8000 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/values.yaml b/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/values.yaml deleted file mode 100644 index be8d8e3549..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/epinio-ui/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -epinioUI: - image: - repository: rancher/mirrored-epinio-epinio-ui - tag: v1.5.1-0.0.3 - imagePullPolicy: IfNotPresent -ingress: - enabled: true - # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. - ingressClassName: "" -global: - domain: ui.epinio.dev - tlsIssuer: selfsigned-issuer -logLevel: info -# API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local" -epinioAPIURL: "" -epinioWSSURL: "" -# Domain that will serve the UI and be the origin of browser requests, used by CORS process -epinioAllowedOrigins: "" -# Skip checking for valid SSL cert when making requests to `EPINIO_API_URL` -# epinioAPISkipSSL: "true" -# This is the version that is displayed in the ui and should match that of the epinio it's targetting -# epinioVersion: "v0.8.0" -# Epinio standalone only supports a single theme, either light or dark -epinioTheme: "light" -volumeMounts: - - name: tmp - mountPath: /tmp - readOnly: false - - name: db - mountPath: /db - readOnly: false -# - name: ui -# mountPath: /ui -# subPath: dist -# readOnly: true - -volumes: - - name: tmp - emptyDir: {} - - name: db - emptyDir: {} -# - name: ui -# persistentVolumeClaim: -# claimName: ui diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/.helmignore b/charts/epinio/100.0.5+up1.6.2/charts/kubed/.helmignore deleted file mode 100644 index be86b789d7..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/Chart.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/Chart.yaml deleted file mode 100644 index b01e55e5e0..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: v0.13.2 -description: Config Syncer by AppsCode - Kubernetes daemon -home: https://github.com/kubeops/config-syncer -icon: https://cdn.appscode.com/images/products/kubed/icons/android-icon-192x192.png -maintainers: -- email: support@appscode.com - name: appscode -name: kubed -sources: -- https://github.com/kubeops/config-syncer -version: v0.13.2 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/README.md b/charts/epinio/100.0.5+up1.6.2/charts/kubed/README.md deleted file mode 100644 index d747c51769..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Config Syncer - -[Config Syncer by AppsCode](https://github.com/kubeops/config-syncer) - A Kubernetes cluster manager daemon - -## TL;DR; - -```console -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm install kubed appscode/kubed -n kube-system -``` - -## Introduction - -This chart deploys a Config Syncer operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Installing the Chart - -To install the chart with the release name `kubed`: - -```console -$ helm install kubed appscode/kubed -n kube-system -``` - -The command deploys a Config Syncer operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `kubed`: - -```console -$ helm delete kubed -n kube-system -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `kubed` chart and their default values. - -| Parameter | Description | Default | -|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | Number of Config Syncer operator replicas to create (only 1 is supported) | 1 | -| operator.registry | Docker registry used to pull Config Syncer operator image | appscode | -| operator.repository | Config Syncer operator container image | kubed | -| operator.tag | Config Syncer operator container image tag | v0.13.2 | -| operator.resources | Compute Resources required by the operator container | {} | -| operator.securityContext | Security options the operator container should run with | {} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/kubed \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | IfNotPresent | -| criticalAddon | If true, installs Config Syncer operator as critical addon | false | -| logLevel | Log level for operator | 3 | -| annotations | Annotations applied to operator deployment | {} | -| podAnnotations | Annotations passed to operator pod(s). | {} | -| nodeSelector | Node labels for pod assignment | {} | -| tolerations | Tolerations for pod assignment | [] | -| affinity | Affinity rules for pod assignment | {} | -| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | -| apiserver.securePort | Port used by Config Syncer server | "8443" | -| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | -| apiserver.healthcheck.enabled | healthcheck configures the readiness and liveliness probes for the operator pod. | false | -| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | -| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of Config Syncer server. | "" | -| apiserver.servingCerts.serverCrt | Serving certficate used by Config Syncer server. | "" | -| apiserver.servingCerts.serverKey | Private key for the serving certificate used by Config Syncer server. | "" | -| enableAnalytics | If true, sends usage analytics | true | -| config.clusterName | Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. so that you can distinguish notifications sent by kubed | unicorn | -| config.configSourceNamespace | If set, configmaps and secrets from only this namespace will be synced | "" | -| config.kubeconfigContent | kubeconfig file content for configmap and secret syncer | "" | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --values values.yaml -``` diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/doc.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/doc.yaml deleted file mode 100644 index e3b2d7fae6..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/doc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -project: - name: Config Syncer by AppsCode - shortName: Config Syncer - url: https://github.com/kubeops/config-syncer - description: A Kubernetes cluster manager daemon - app: a Config Syncer operator -repository: - url: https://charts.appscode.com/stable/ - name: appscode -chart: - name: kubed - values: "-- generate from values file --" - valuesExample: "-- generate from values file --" -prerequisites: -- Kubernetes 1.11+ -release: - name: kubed - namespace: kube-system diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/NOTES.txt b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/NOTES.txt deleted file mode 100644 index aa9281fa09..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that Config Syncer has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubed.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/_helpers.tpl b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/_helpers.tpl deleted file mode 100644 index cbdcb8c0df..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/_helpers.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kubed.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubed.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubed.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kubed.labels" -}} -helm.sh/chart: {{ include "kubed.chart" . }} -{{ include "kubed.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kubed.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kubed.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kubed.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "kubed.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ .Values.operator.registry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/apiregistration.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/apiregistration.yaml deleted file mode 100644 index fcbf02a361..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/apiregistration.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- $serverCrt := "" }} -{{- $serverKey := "" }} -{{- if .Values.apiserver.servingCerts.generate }} -{{- $ca := genCA "ca" 3650 }} -{{- $cn := include "kubed.fullname" . -}} -{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} -{{- $serverCrt = b64enc $server.Cert }} -{{- $serverKey = b64enc $server.Key }} -{{- else }} -{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} -{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} -{{- end }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -type: Opaque -data: - tls.crt: {{ $serverCrt }} - tls.key: {{ $serverKey }} ---- -# to read the config for terminating authentication -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-extension-server-authentication-reader - namespace: kube-system - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# to delegate authentication and authorization -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-auth-delegator - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml deleted file mode 100644 index 8ea05646a5..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubed.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role.yaml deleted file mode 100644 index 95e0147902..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/cluster-role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["get", "create", "patch", "delete", "list", "watch"] -- apiGroups: [""] - resources: - - namespaces - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - nodes - verbs: ["list"] -- apiGroups: [""] - resources: - - events - verbs: ["create"] diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/deployment.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/deployment.yaml deleted file mode 100644 index 77efce771c..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} -{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} -{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "kubed.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kubed.selectorLabels" . | nindent 8 }} - annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/apiregistration.yaml") . | sha256sum }} - {{- if $criticalAddon }} - scheduler.alpha.kubernetes.io/critical-pod: '' - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "kubed.serviceAccountName" . }} - containers: - - name: kubed - securityContext: - {{- toYaml .Values.operator.securityContext | nindent 10 }} - image: {{ template "registry-url" . }}{{ .Values.operator.repository }}:{{ .Values.operator.tag }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - run - - --v={{ .Values.logLevel }} - - --secure-port={{ default "8443" .Values.apiserver.securePort }} - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key - - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} - - --enable-analytics={{ .Values.enableAnalytics }} - {{- with .Values.config.clusterName }} - - --cluster-name={{ . }} - {{- end }} - {{- with .Values.config.configSourceNamespace }} - - --config-source-namespace={{ . }} - {{- end }} - {{- if .Values.config.kubeconfigContent }} - - --kubeconfig-file=/srv/kubed/kubeconfig - {{- end }} - {{- range .Values.config.additionalOptions }} - - {{ . }} - {{- end }} - ports: - - containerPort: {{ default "8443" .Values.apiserver.securePort }} - {{- if .Values.apiserver.healthcheck.enabled }} - readinessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - livenessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - {{- end }} - resources: - {{- toYaml .Values.operator.resources | nindent 10 }} - volumeMounts: - - name: config - mountPath: /srv/kubed - - name: scratch - mountPath: /tmp - - mountPath: /var/serving-cert - name: serving-cert - volumes: - - name: config - secret: - secretName: {{ template "kubed.fullname" . }} - - name: scratch - emptyDir: {} - - name: serving-cert - secret: - defaultMode: 420 - secretName: {{ template "kubed.fullname" . }}-apiserver-cert - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if $criticalAddon }} - - key: CriticalAddonsOnly - operator: Exists - {{- end -}} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - {{- if $criticalAddon }} - priorityClassName: system-cluster-critical - {{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/psp.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/psp.yaml deleted file mode 100644 index c10f3a97a7..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/psp.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "kubed.serviceAccountName" . }}-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "kubed.serviceAccountName" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/secret.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/secret.yaml deleted file mode 100644 index a980ae34b4..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -data: - {{- if .Values.config.kubeconfigContent }} - kubeconfig: {{ .Values.config.kubeconfigContent | trim | b64enc | quote }} - {{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/service.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/service.yaml deleted file mode 100644 index 95b76cf645..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -spec: - ports: - # Port used to expose admission webhook apiserver - - name: api - port: 443 - targetPort: {{ default "8443" .Values.apiserver.securePort }} - selector: - {{- include "kubed.selectorLabels" . | nindent 4 }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/serviceaccount.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/serviceaccount.yaml deleted file mode 100644 index 96f9c84c1b..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/kubed/values.yaml b/charts/epinio/100.0.5+up1.6.2/charts/kubed/values.yaml deleted file mode 100644 index 0be091855c..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/kubed/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# Default values for kubed. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Overrides name template -nameOverride: "" -# Overrides fullname template -fullnameOverride: "" - -# Number of Config Syncer operator replicas to create (only 1 is supported) -replicaCount: 1 - -operator: - # Config Syncer operator container image - repository: rancher/mirrored-appscode-kubed - # Config Syncer operator container image tag - tag: v0.13.2 - # Compute Resources required by the operator container - resources: {} - # Security options the operator container should run with - securityContext: {} - -# Specify an array of imagePullSecrets. -# Secrets must be manually created in the namespace. -# -# Example: -# helm template charts/kubed \ -# --set imagePullSecrets[0].name=sec0 \ -# --set imagePullSecrets[1].name=sec1 -imagePullSecrets: [] - -# Container image pull policy -imagePullPolicy: IfNotPresent - -# If true, installs Config Syncer operator as critical addon -criticalAddon: false - -# Log level for operator -logLevel: 3 - -# Annotations applied to operator deployment -annotations: {} - -# Annotations passed to operator pod(s). -podAnnotations: {} - -# Node labels for pod assignment -nodeSelector: {} - -# Tolerations for pod assignment -tolerations: [] - -# Affinity rules for pod assignment -affinity: {} - -# Security options the operator pod should run with. -podSecurityContext: # +doc-gen:break - # ensure that s/a token is readable xref: https://issues.k8s.io/70679 - fsGroup: 65535 - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -apiserver: - # Port used by Config Syncer server - securePort: "8443" - # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) - useKubeapiserverFqdnForAks: true - healthcheck: - # healthcheck configures the readiness and liveliness probes for the operator pod. - enabled: false - servingCerts: - # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) - # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. - generate: true - # CA certficate used by serving certificate of Config Syncer server. - caCrt: "" - # Serving certficate used by Config Syncer server. - serverCrt: "" - # Private key for the serving certificate used by Config Syncer server. - serverKey: "" - -# If true, sends usage analytics -enableAnalytics: true - -config: - # Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. - # so that you can distinguish notifications sent by kubed - clusterName: unicorn - # If set, configmaps and secrets from only this namespace will be synced - configSourceNamespace: "" - # kubeconfig file content for configmap and secret syncer - kubeconfigContent: "" -# additionalOptions: -# - --authentication-skip-lookup diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/.helmignore b/charts/epinio/100.0.5+up1.6.2/charts/minio/.helmignore deleted file mode 100644 index a9fe727881..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS \ No newline at end of file diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_bucket.txt b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_bucket.txt deleted file mode 100644 index 90755aa5e6..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_bucket.txt +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkBucketExists ($bucket) -# Check if the bucket exists, by using the exit code of `mc ls` -checkBucketExists() { - BUCKET=$1 - CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) - return $? -} - -# createBucket ($bucket, $policy, $purge) -# Ensure bucket exists, purging if asked to -createBucket() { - BUCKET=$1 - POLICY=$2 - PURGE=$3 - VERSIONING=$4 - OBJECTLOCKING=$5 - - # Purge the bucket, if set & exists - # Since PURGE is user input, check explicitly for `true` - if [ $PURGE = true ]; then - if checkBucketExists $BUCKET ; then - echo "Purging bucket '$BUCKET'." - set +e ; # don't exit if this fails - ${MC} rm -r --force myminio/$BUCKET - set -e ; # reset `e` as active - else - echo "Bucket '$BUCKET' does not exist, skipping purge." - fi - fi - -# Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) -if ! checkBucketExists $BUCKET ; then - if [ ! -z $OBJECTLOCKING ] ; then - if [ $OBJECTLOCKING = true ] ; then - echo "Creating bucket with OBJECTLOCKING '$BUCKET'" - ${MC} mb --with-lock myminio/$BUCKET - elif [ $OBJECTLOCKING = false ] ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - fi - elif [ -z $OBJECTLOCKING ] ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - else - echo "Bucket '$BUCKET' already exists." - fi - fi - - - # set versioning for bucket if objectlocking is disabled or not set - if [ -z $OBJECTLOCKING ] ; then - if [ ! -z $VERSIONING ] ; then - if [ $VERSIONING = true ] ; then - echo "Enabling versioning for '$BUCKET'" - ${MC} version enable myminio/$BUCKET - elif [ $VERSIONING = false ] ; then - echo "Suspending versioning for '$BUCKET'" - ${MC} version suspend myminio/$BUCKET - fi - fi - else - echo "Bucket '$BUCKET' versioning unchanged." - fi - - - # At this point, the bucket should exist, skip checking for existence - # Set policy on the bucket - echo "Setting policy of bucket '$BUCKET' to '$POLICY'." - ${MC} anonymous set $POLICY myminio/$BUCKET -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.buckets }} -{{ $global := . }} -# Create the buckets -{{- range .Values.buckets }} -createBucket {{ tpl .name $global }} {{ .policy | default "none" | quote }} {{ .purge | default false }} {{ .versioning | default false }} {{ .objectlocking | default false }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_policy.txt b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_policy.txt deleted file mode 100644 index d565b161e3..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_policy.txt +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkPolicyExists ($policy) -# Check if the policy exists, by using the exit code of `mc admin policy info` -checkPolicyExists() { - POLICY=$1 - CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) - return $? -} - -# createPolicy($name, $filename) -createPolicy () { - NAME=$1 - FILENAME=$2 - - # Create the name if it does not exist - echo "Checking policy: $NAME (in /config/$FILENAME.json)" - if ! checkPolicyExists $NAME ; then - echo "Creating policy '$NAME'" - else - echo "Policy '$NAME' already exists." - fi - ${MC} admin policy add myminio $NAME /config/$FILENAME.json - -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.policies }} -# Create the policies -{{- range $idx, $policy := .Values.policies }} -createPolicy {{ $policy.name }} policy_{{ $idx }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt deleted file mode 100644 index 285d50cfe4..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. -# Special characters for example : ',",<,>,{,} -MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp" - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 2 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkSvcacctExists () -# Check if the svcacct exists, by using the exit code of `mc admin user svcacct info` -checkSvcacctExists() { - CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) - return $? -} - -# createSvcacct ($user) -createSvcacct () { - USER=$1 - FILENAME=$2 - #check accessKey_and_secretKey_tmp file - if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then - echo "credentials file does not exist" - return 1 - fi - if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then - echo "credentials file is invalid" - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - return 1 - fi - SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) - # Create the svcacct if it does not exist - if ! checkSvcacctExists ; then - echo "Creating svcacct '$SVCACCT'" - # Check if policy file is define - if [ -z $FILENAME ]; then - ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER - else - ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER - fi - else - echo "Svcacct '$SVCACCT' already exists." - fi - #clean up credentials files. - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.svcaccts }} -{{ $global := . }} -# Create the svcaccts -{{- range $idx, $svc := .Values.svcaccts }} -echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- if .existingSecret }} -cat /config/secrets/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -# Add a new line if it doesn't exist -sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP -{{ else }} -echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- end }} -{{- if $svc.policy}} -createSvcacct {{ .user }} svc_policy_{{ $idx }} -{{ else }} -createSvcacct {{ .user }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_user.txt b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_user.txt deleted file mode 100644 index ea2b3b675c..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_create_user.txt +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. -# Special characters for example : ',",<,>,{,} -MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkUserExists () -# Check if the user exists, by using the exit code of `mc admin user info` -checkUserExists() { - CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) - return $? -} - -# createUser ($policy) -createUser() { - POLICY=$1 - #check accessKey_and_secretKey_tmp file - if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then - echo "credentials file does not exist" - return 1 - fi - if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then - echo "credentials file is invalid" - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - return 1 - fi - USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) - # Create the user if it does not exist - if ! checkUserExists ; then - echo "Creating user '$USER'" - cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio - else - echo "User '$USER' already exists." - fi - #clean up credentials files. - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - - # set policy for user - if [ ! -z $POLICY -a $POLICY != " " ] ; then - echo "Adding policy '$POLICY' for '$USER'" - ${MC} admin policy set myminio $POLICY user=$USER - else - echo "User '$USER' has no policy attached." - fi -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.users }} -{{ $global := . }} -# Create the users -{{- range .Values.users }} -echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- if .existingSecret }} -cat /config/secrets/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -# Add a new line if it doesn't exist -sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP -createUser {{ .policy }} -{{ else }} -echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -createUser {{ .policy }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_custom_command.txt b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_custom_command.txt deleted file mode 100644 index b583a7782f..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_custom_command.txt +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# runCommand ($@) -# Run custom mc command -runCommand() { - ${MC} "$@" - return $? -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.customCommands }} -# Run custom commands -{{- range .Values.customCommands }} -runCommand {{ .command }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helpers.tpl b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helpers.tpl deleted file mode 100644 index 2cd9772ffb..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helpers.tpl +++ /dev/null @@ -1,246 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "minio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "minio.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "minio.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "minio.statefulset.apiVersion" -}} -{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "minio.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for console ingress. -*/}} -{{- define "minio.consoleIngress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Determine secret name. -*/}} -{{- define "minio.secretName" -}} -{{- if .Values.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "minio.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Determine name for scc role and rolebinding -*/}} -{{- define "minio.sccRoleName" -}} -{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Properly format optional additional arguments to MinIO binary -*/}} -{{- define "minio.extraArgs" -}} -{{- range .Values.extraArgs -}} -{{ " " }}{{ . }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "minio.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- end -}} - -{{/* -Formats volumeMount for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolumeMount" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - mountPath: {{ .Values.certsPath }} -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} -- name: trusted-cert-secret-volume - mountPath: {{ $casPath }} -{{- end }} -{{- end -}} - -{{/* -Formats volume for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolume" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - secret: - secretName: {{ tpl .Values.tls.certSecret $ }} - items: - - key: {{ .Values.tls.publicCrt }} - path: public.crt - - key: {{ .Values.tls.privateKey }} - path: private.key -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} -{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} -- name: trusted-cert-secret-volume - secret: - secretName: {{ $certSecret }} - {{- if ne $publicCrt "" }} - items: - - key: {{ $publicCrt }} - path: public.crt - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "minio.getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{- define "minio.root.username" -}} - {{- if .Values.rootUser }} - {{- .Values.rootUser | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }} - {{- end }} -{{- end -}} - -{{- define "minio.root.password" -}} - {{- if .Values.rootPassword }} - {{- .Values.rootPassword | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }} - {{- end }} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/configmap.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/configmap.yaml deleted file mode 100644 index 54d56772cd..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/configmap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - initialize: |- -{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} - add-user: |- -{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} - add-policy: |- -{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} -{{- range $idx, $policy := .Values.policies }} - # Policy: {{ $policy.name }} - policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} -{{ end }} -{{- range $idx, $svc := .Values.svcaccts }} -{{- if $svc.policy }} - # SVC: {{ $svc.accessKey }} - svc_policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") .policy | indent 4 }} -{{- end }} -{{ end }} - add-svcacct: |- -{{ include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | indent 4 }} - custom-command: |- -{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-ingress.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-ingress.yaml deleted file mode 100644 index 2ce9a93bf3..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.consoleIngress.enabled -}} -{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}} -{{- $servicePort := .Values.consoleService.port -}} -{{- $ingressPath := .Values.consoleIngress.path -}} -apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.consoleIngress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.consoleIngress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.consoleIngress.ingressClassName }} - ingressClassName: {{ .Values.consoleIngress.ingressClassName }} -{{- end }} -{{- if .Values.consoleIngress.tls }} - tls: - {{- range .Values.consoleIngress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.consoleIngress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/deployment.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/deployment.yaml deleted file mode 100644 index 3dd0904c0b..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/deployment.yaml +++ /dev/null @@ -1,205 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -apiVersion: {{ template "minio.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - strategy: - type: {{ .Values.DeploymentUpdate.type }} - {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} - rollingUpdate: - maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} - maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} - replicas: 1 - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: "{{ .Values.runtimeClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - "/bin/sh" - - "-ce" - - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" - volumeMounts: - - name: minio-user - mountPath: "/tmp/credentials" - readOnly: true - - name: export - mountPath: {{ .Values.mountPath }} - {{- if and .Values.persistence.enabled .Values.persistence.subPath }} - subPath: "{{ .Values.persistence.subPath }}" - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.oidc.enabled }} - - name: MINIO_IDENTITY_OPENID_CONFIG_URL - value: {{ .Values.oidc.configUrl }} - - name: MINIO_IDENTITY_OPENID_CLIENT_ID - value: {{ .Values.oidc.clientId }} - - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - value: {{ .Values.oidc.clientSecret }} - - name: MINIO_IDENTITY_OPENID_CLAIM_NAME - value: {{ .Values.oidc.claimName }} - - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - value: {{ .Values.oidc.claimPrefix }} - - name: MINIO_IDENTITY_OPENID_SCOPES - value: {{ .Values.oidc.scopes }} - - name: MINIO_IDENTITY_OPENID_REDIRECT_URI - value: {{ .Values.oidc.redirectUri }} - - name: MINIO_IDENTITY_OPENID_COMMENT - value: {{ .Values.oidc.comment }} - {{- end}} - {{- if .Values.etcd.endpoints }} - - name: MINIO_ETCD_ENDPOINTS - value: {{ join "," .Values.etcd.endpoints | quote }} - {{- if .Values.etcd.clientCert }} - - name: MINIO_ETCD_CLIENT_CERT - value: "/tmp/credentials/etcd_client_cert.pem" - {{- end }} - {{- if .Values.etcd.clientCertKey }} - - name: MINIO_ETCD_CLIENT_CERT_KEY - value: "/tmp/credentials/etcd_client_cert_key.pem" - {{- end }} - {{- if .Values.etcd.pathPrefix }} - - name: MINIO_ETCD_PATH_PREFIX - value: {{ .Values.etcd.pathPrefix }} - {{- end }} - {{- if .Values.etcd.corednsPathPrefix }} - - name: MINIO_ETCD_COREDNS_PATH - value: {{ .Values.etcd.corednsPathPrefix }} - {{- end }} - {{- end }} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: export - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/networkpolicy.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/networkpolicy.yaml deleted file mode 100644 index ac219b937b..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/networkpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - podSelector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - ingress: - - ports: - - port: {{ .Values.minioAPIPort }} - - port: {{ .Values.minioConsolePort }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "minio.name" . }}-client: "true" - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml deleted file mode 100644 index 8037eb7430..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: minio - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} -spec: - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - app: {{ template "minio.name" . }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/post-job.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/post-job.yaml deleted file mode 100644 index 684e639405..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/post-job.yaml +++ /dev/null @@ -1,230 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-post-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-post-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - {{- with .Values.postJob.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.postJob.podAnnotations }} - annotations: - {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} - {{- end }} - spec: - restartPolicy: OnFailure - {{- include "minio.imagePullSecrets" . | nindent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - {{- with .Values.postJob.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.postJob.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.postJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.postJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.postJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.postJob.securityContext.fsGroup }} - {{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- range .Values.users }} - {{- if .existingSecret }} - - secret: - name: {{ tpl .existingSecret $ }} - items: - - key: {{ .existingSecretKey }} - path: secrets/{{ tpl .existingSecretKey $ }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - {{- if .Values.buckets }} - - name: minio-make-bucket - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeBucketJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeBucketJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/initialize" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.users }} - - name: minio-make-user - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeUserJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeUserJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/add-user" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeUserJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.policies }} - - name: minio-make-policy - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makePolicyJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/add-policy" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.customCommands }} - - name: minio-custom-command - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.customCommandJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.customCommandJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/custom-command; EV=$?; {{ .Values.customCommandJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/custom-command" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.customCommandJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.svcaccts }} - - name: minio-make-svcacct - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeServiceAccountJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeServiceAccountJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeServiceAccountJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeServiceAccountJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeServiceAccountJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: ["/bin/sh /config/add-svcacct; EV=$?; {{ .Values.makeServiceAccountJob.exitCommand }} && exit $EV" ] - {{- else }} - command: ["/bin/sh", "/config/add-svcacct"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} - {{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/psp.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/psp.yaml deleted file mode 100644 index ab874e1f55..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/psp.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/pvc.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/pvc.yaml deleted file mode 100644 index 369aade415..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.persistence.VolumeName }} - volumeName: "{{ .Values.persistence.VolumeName }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/secrets.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/secrets.yaml deleted file mode 100644 index da2ecab4a1..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "minio.secretName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - rootUser: {{ include "minio.root.username" . | b64enc | quote }} - rootPassword: {{ include "minio.root.password" . | b64enc | quote }} - {{- if .Values.etcd.clientCert }} - etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }} - {{- end }} - {{- if .Values.etcd.clientCertKey }} - etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml deleted file mode 100644 index 4bac7e3728..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: false -allowedCapabilities: [] -readOnlyRootFilesystem: false -defaultAddCapabilities: [] -requiredDropCapabilities: -- KILL -- MKNOD -- SETUID -- SETGID -fsGroup: - type: MustRunAs - ranges: - - max: {{ .Values.securityContext.fsGroup }} - min: {{ .Values.securityContext.fsGroup }} -runAsUser: - type: MustRunAs - uid: {{ .Values.securityContext.runAsUser }} -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- projected -- secret -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/service.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/service.yaml deleted file mode 100644 index 741528df45..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - monitoring: "true" -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} - type: ClusterIP - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP -{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} -{{- else }} - targetPort: {{ .Values.minioAPIPort }} -{{- end}} -{{- if .Values.service.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.service.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/serviceaccount.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index 6a4bd94b3d..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/statefulset.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/statefulset.yaml deleted file mode 100644 index eaedfc6294..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/statefulset.yaml +++ /dev/null @@ -1,258 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -{{ $poolCount := .Values.pools | int }} -{{ $nodeCount := .Values.replicas | int }} -{{ $replicas := mul $poolCount $nodeCount }} -{{ $drivesPerNode := .Values.drivesPerNode | int }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $mountPath := .Values.mountPath }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -{{ $subPath := .Values.persistence.subPath }} -{{ $penabled := .Values.persistence.enabled }} -{{ $accessMode := .Values.persistence.accessMode }} -{{ $storageClass := .Values.persistence.storageClass }} -{{ $psize := .Values.persistence.size }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-svc - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - publishNotReadyAddresses: true - clusterIP: None - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.minioAPIPort }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} ---- -apiVersion: {{ template "minio.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - updateStrategy: - type: {{ .Values.StatefulSetUpdate.updateStrategy }} - podManagementPolicy: "Parallel" - serviceName: {{ template "minio.fullname" . }}-svc - replicas: {{ $replicas }} - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: "{{ .Values.runtimeClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", - "-ce", - "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] - volumeMounts: - {{- if $penabled }} - {{- if (gt $drivesPerNode 1) }} - {{- range $i := until $drivesPerNode }} - - name: export-{{ $i }} - mountPath: {{ $mountPath }}-{{ $i }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- else }} - - name: export - mountPath: {{ $mountPath }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.oidc.enabled }} - - name: MINIO_IDENTITY_OPENID_CONFIG_URL - value: {{ .Values.oidc.configUrl }} - - name: MINIO_IDENTITY_OPENID_CLIENT_ID - value: {{ .Values.oidc.clientId }} - - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - value: {{ .Values.oidc.clientSecret }} - - name: MINIO_IDENTITY_OPENID_CLAIM_NAME - value: {{ .Values.oidc.claimName }} - - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - value: {{ .Values.oidc.claimPrefix }} - - name: MINIO_IDENTITY_OPENID_SCOPES - value: {{ .Values.oidc.scopes }} - - name: MINIO_IDENTITY_OPENID_REDIRECT_URI - value: {{ .Values.oidc.redirectUri }} - - name: MINIO_IDENTITY_OPENID_COMMENT - value: {{ .Values.oidc.comment }} - {{- end}} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml . | indent 8 }} - {{- end }} - {{- end }} - volumes: - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} - {{- range $diskId := until $drivesPerNode}} - - metadata: - name: export-{{ $diskId }} - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} - {{- else }} - - metadata: - name: export - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/values.yaml b/charts/epinio/100.0.5+up1.6.2/charts/minio/values.yaml deleted file mode 100644 index 233c615720..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/values.yaml +++ /dev/null @@ -1,540 +0,0 @@ -## Provide a name in place of minio for `app:` labels -## -nameOverride: "" - -## Provide a name to substitute for the full names of resources -## -fullnameOverride: "" - -## set kubernetes cluster domain where minio is running -## -clusterDomain: cluster.local - -## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the -## -image: - repository: rancher/mirrored-minio-minio - tag: RELEASE.2022-12-12T19-27-27Z - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio -## client used to create a default bucket). -## -mcImage: - repository: rancher/mirrored-minio-mc - tag: RELEASE.2022-12-13T00-23-28Z - pullPolicy: IfNotPresent - -## minio mode, i.e. standalone or distributed -mode: distributed ## other supported values are "standalone" - -## Additional labels to include with deployment or statefulset -additionalLabels: {} - -## Additional annotations to include with deployment or statefulset -additionalAnnotations: {} - -## Typically the deployment/statefulset includes checksums of secrets/config, -## So that when these change on a subsequent helm install, the deployment/statefulset -## is restarted. This can result in unnecessary restarts under GitOps tooling such as -## flux, so set to "true" to disable this behaviour. -ignoreChartChecksums: false - -## Additional arguments to pass to minio binary -extraArgs: [] - -## Additional volumes to minio container -extraVolumes: [] - -## Additional volumeMounts to minio container -extraVolumeMounts: [] - -## Additional sidecar containers -extraContainers: [] - -## Internal port number for MinIO S3 API container -## Change service.port to change external port number -minioAPIPort: "9000" - -## Internal port number for MinIO Browser Console container -## Change consoleService.port to change external port number -minioConsolePort: "9001" - -## Update strategy for Deployments -DeploymentUpdate: - type: RollingUpdate - maxUnavailable: 0 - maxSurge: 100% - -## Update strategy for StatefulSets -StatefulSetUpdate: - updateStrategy: RollingUpdate - -## Pod priority settings -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" - -## Pod runtime class name -## ref https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" - -## Set default rootUser, rootPassword -## AccessKey and secretKey is generated when not set -## Distributed MinIO ref: https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html -## -rootUser: "" -rootPassword: "" - -## Use existing Secret that store following variables: -## -## | Chart var | .data. in Secret | -## |:----------------------|:-------------------------| -## | rootUser | rootUser | -## | rootPassword | rootPassword | -## -## All mentioned variables will be ignored in values file. -## .data.rootUser and .data.rootPassword are mandatory, -## others depend on enabled status of corresponding sections. -existingSecret: "" - -## Directory on the MinIO pof -certsPath: "/etc/minio/certs/" -configPathmc: "/etc/minio/mc/" - -## Path where PV would be mounted on the MinIO Pod -mountPath: "/export" -## Override the root directory which the minio server should serve from. -## If left empty, it defaults to the value of {{ .Values.mountPath }} -## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} -## -bucketRoot: "" - -# Number of drives attached to a node -drivesPerNode: 1 -# Number of MinIO containers running -replicas: 16 -# Number of expanded MinIO clusters -pools: 1 - -## TLS Settings for MinIO -tls: - enabled: false - ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - certSecret: "" - publicCrt: public.crt - privateKey: private.key - -## Trusted Certificates Settings for MinIO. Ref: https://min.io/docs/minio/linux/operations/network-encryption.html#third-party-certificate-authorities -## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret -## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt. -## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret. -trustedCertsSecret: "" - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - annotations: {} - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## minio data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - ## Storage class of PV to bind. By default it looks for standard storage class. - ## If the PV uses a different storage class, specify that here. - storageClass: "" - VolumeName: "" - accessMode: ReadWriteOnce - size: 500Gi - - ## If subPath is set mount a sub folder of a volume instead of the root of the volume. - ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). - ## - subPath: "" - -## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - clusterIP: ~ - port: "9000" - nodePort: 32000 - -## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## - -ingress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -consoleService: - type: ClusterIP - clusterIP: ~ - port: "9001" - nodePort: 32001 - -consoleIngress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - console.minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -tolerations: [] -affinity: {} -topologySpreadConstraints: [] - -## Add stateful containers to have security context, if enabled MinIO will run as this -## user and group NOTE: securityContext is only enabled if persistence.enabled=true -securityContext: - enabled: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - -# Additational pod annotations -podAnnotations: {} - -# Additional pod labels -podLabels: {} - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 16Gi - -## List of policies to be created after minio install -## -## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics] -## you can define additional policies with custom supported actions and resources -policies: [] -## writeexamplepolicy policy grants creation or deletion of buckets with name -## starting with example. In addition, grants objects write permissions on buckets starting with -## example. -# - name: writeexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:AbortMultipartUpload" -# - "s3:GetObject" -# - "s3:DeleteObject" -# - "s3:PutObject" -# - "s3:ListMultipartUploadParts" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:CreateBucket" -# - "s3:DeleteBucket" -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## readonlyexamplepolicy policy grants access to buckets with name starting with example. -## In addition, grants objects read permissions on buckets starting with example. -# - name: readonlyexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:GetObject" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only -# - name: conditionsexample -# statements: -# - resources: -# - 'arn:aws:s3:::example/*' -# actions: -# - 's3:*' -# conditions: -# - StringEquals: '"aws:username": "johndoe"' -# - IpAddress: | -# "aws:SourceIp": [ -# "10.0.0.0/8", -# "192.168.0.0/24" -# ] -# -## Additional Annotations for the Kubernetes Job makePolicyJob -makePolicyJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of users to be created after minio install -## -users: - ## Username, password and policy to be assigned to the user - ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] - ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management - ## NOTE: this will fail if LDAP is enabled in your MinIO deployment - ## make sure to disable this if you are using LDAP. - - accessKey: console - secretKey: console123 - policy: consoleAdmin - # Or you can refer to specific secret - #- accessKey: externalSecret - # existingSecret: my-secret - # existingSecretKey: password - # policy: readonly - -## Additional Annotations for the Kubernetes Job makeUserJob -makeUserJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of service accounts to be created after minio install -## -# svcaccts: - ## accessKey, secretKey and parent user to be assigned to the service accounts - ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts - # - accessKey: console-svcacct - # secretKey: console123 - # user: console - ## Or you can refer to specific secret - # - accessKey: externalSecret - # existingSecret: my-secret - # existingSecretKey: password - # user: console - ## You also can pass custom policy - # - accessKey: console-svcacct - # secretKey: console123 - # user: console - # policy: - # statements: - # - resources: - # - 'arn:aws:s3:::example*/*' - # actions: - # - "s3:AbortMultipartUpload" - # - "s3:GetObject" - # - "s3:DeleteObject" - # - "s3:PutObject" - # - "s3:ListMultipartUploadParts" - -makeServiceAccountJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of buckets to be created after minio install -## -buckets: - # # Name of the bucket - # - name: bucket1 - # # Policy to be set on the - # # bucket [none|download|upload|public] - # policy: none - # # Purge if bucket exists already - # purge: false - # # set versioning for - # # bucket [true|false] - # versioning: false - # # set objectlocking for - # # bucket [true|false] NOTE: versioning is enabled by default if you use locking - # objectlocking: false - # - name: bucket2 - # policy: none - # purge: false - # versioning: true - # # set objectlocking for - # # bucket [true|false] NOTE: versioning is enabled by default if you use locking - # objectlocking: false - -## Additional Annotations for the Kubernetes Job makeBucketJob -makeBucketJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of command to run after minio install -## NOTE: the mc command TARGET is always "myminio" -customCommands: - # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'" - -## Additional Annotations for the Kubernetes Job customCommandJob -customCommandJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## Merge jobs -postJob: - podAnnotations: {} - annotations: {} - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} - -## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) -## when Chart is deployed -environment: - ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html - ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io" - ## MINIO_BROWSER: "off" - -## The name of a secret in the same kubernetes namespace which contain secret values -## This can be useful for LDAP password, etc -## The key in the secret must be 'config.env' -## -# extraSecret: minio-extraenv - -## OpenID Identity Management -## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. -## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. -oidc: - enabled: false - configUrl: "https://identity-provider-url/.well-known/openid-configuration" - clientId: "minio" - clientSecret: "" - claimName: "policy" - scopes: "openid,profile,email" - redirectUri: "https://console-endpoint-url/oauth_callback" - # Can leave empty - claimPrefix: "" - comment: "" - -networkPolicy: - enabled: false - allowExternal: true - -## PodDisruptionBudget settings -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## -podDisruptionBudget: - enabled: false - maxUnavailable: 1 - -## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' -## and 'name' is left unspecified, the account 'default' will be used. -serviceAccount: - create: true - ## The name of the service account to use. If 'create' is 'true', a service account with that name - ## will be created. - name: "minio-sa" - -metrics: - serviceMonitor: - enabled: false - # scrape each node/pod individually for additional metrics - includeNode: false - public: true - additionalLabels: {} - # for node metrics - relabelConfigs: {} - # for cluster metrics - relabelConfigsCluster: {} - # metricRelabelings: - # - regex: (server|pod) - # action: labeldrop - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - -## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md -## Define endpoints to enable this section. -etcd: - endpoints: [] - pathPrefix: "" - corednsPathPrefix: "" - clientCert: "" - clientCertKey: "" diff --git a/charts/epinio/100.0.5+up1.6.2/questions.yml b/charts/epinio/100.0.5+up1.6.2/questions.yml deleted file mode 100644 index 2c969c6505..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/questions.yml +++ /dev/null @@ -1,165 +0,0 @@ -questions: -- variable: email - label: Email - description: "Email to use for getting notifications about your certificates" - type: string - required: false - group: "General settings" -- variable: certManagerNamespace - label: Cert-manager namespace - description: "Namespace where cert-manager is installed in" - type: string - required: false - group: "Advanced settings" -- variable: ingress.ingressClassName - label: Ingress class name for the server - description: "Set a class name to select the ingress controller you want to use for the server" - type: string - group: "Advanced settings" -- variable: server.ingressClassName - label: Ingress class name for apps - description: "Set a class name to select the ingress controller you want to use for your apps" - type: string - group: "Advanced settings" -- variable: server.disableTracking - label: Disable tracking - description: "Disable tracking of the running Epinio and Kubernetes versions" - type: boolean - group: "Advanced settings" -- variable: serviceCatalog.enableDevServices - label: Enable catalog services for development - default: "true" - description: "Enables services in the Epinio service catalog, meant to be used in development (because they are running in-cluster)" - type: boolean - group: "Advanced settings" -- variable: useCustomTlsIssuer - label: Use your own TLS issuer - default: "false" - description: "Use your own TLS issuer" - type: boolean - group: "General settings" - show_subquestion_if: true - subquestions: - - variable: customTlsIssuer - label: TLS issuer - description: "Name of the cluster issuer to use" - type: string - required: false -- variable: global.tlsIssuer - show_if: "useCustomTlsIssuer=false" - label: TLS issuer - description: "Name of the predefined cluster issuer to use" - type: enum - required: false - group: "General settings" - options: - - "epinio-ca" - - "selfsigned-issuer" - - "letsencrypt-production" -- variable: api.username - label: API username - description: "The user name for authenticating all API requests" - type: string - required: false - group: "General settings" -- variable: api.passwordBcrypt - label: API password - description: "The password for authenticating all API requests (hashed with Bcrypt)" - type: password - required: false - group: "General settings" -- variable: global.domain - label: Domain - description: "Domain for the application" - type: string - required: true - group: "General settings" -- variable: server.accessControlAllowOrigin - label: Access control allow origin - description: "Domain which serves the Rancher UI (to access the API)" - type: string - required: false - group: "General settings" -- variable: kubed.enabled - label: Install kubed - description: "Deploy kubed or skip it if you get it installed already" - type: boolean - group: "Advanced settings" -- variable: containerregistry.enabled - description: "Disable local container registry to configure an external registry." - label: Install local container registry - type: boolean - show_subquestion_if: false - group: "External registry" - subquestions: - - variable: global.registryURL - label: External registry url - description: "URL of your external registry" - type: string - required: false - - variable: global.registryUsername - label: External registry username - description: "Username to authenticate to the external registry" - type: string - required: false - - variable: global.registryPassword - label: External registry password - description: "Password to authenticate to the external registry" - type: password - required: false - - variable: global.registryNamespace - label: External registry namespace - description: "The organization part of the registry path for an external registry where you have push access" - type: string - required: false -- variable: minio.enabled - label: Install Minio - description: "Disable Minio to configure an external s3 storage." - type: boolean - show_subquestion_if: false - group: "External S3 storage" - subquestions: - - variable: s3.endpoint - label: S3 endpoint - description: "Endpoint of your S3 storage" - type: string - required: false - - variable: s3.accessKeyID - label: S3 access key id - description: "Access key id to authenticate to your S3 storage" - type: string - required: false - - variable: s3.secretAccessKey - label: S3 access key secret - description: "Secret access key to authenticate to your S3 storage" - type: password - required: false - - variable: s3.bucket - label: S3 bucket - description: "Bucket of your S3 storage" - type: string - required: false - - variable: s3.region - label: S3 region - description: "Region of your S3 storage" - type: string - required: false - - variable: s3.useSSL - label: S3 use SSL - type: boolean - required: false - - variable: s3.certificateSecret - label: Self signed certificate for S3 - description: Set it to an existing secret if s3 is using a self signed certificate - type: string - required: false -- variable: server.traceLevel - label: Epinio API Log Level - required: false - type: string - group: "Debugging" -- variable: server.timeoutMultiplier - label: Timeout Multiplier - required: false - type: string - group: "Debugging" diff --git a/charts/epinio/100.0.5+up1.6.2/templates/NOTES.txt b/charts/epinio/100.0.5+up1.6.2/templates/NOTES.txt deleted file mode 100644 index f0c1dd2bad..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -To interact with your Epinio installation download the latest epinio binary from https://github.com/epinio/epinio/releases/latest. - -Login to the cluster with any of -{{ range .Values.api.users }} - `epinio login -u {{ .username }} https://epinio.{{ $.Values.global.domain }}` -{{- end }} - -or go to the dashboard at: https://epinio.{{ .Values.global.domain }} - -If you didn't specify a password the default one is `password`. - -For more information about Epinio, feel free to checkout https://epinio.io/ and https://docs.epinio.io/. diff --git a/charts/epinio/100.0.5+up1.6.2/templates/_helpers.tpl b/charts/epinio/100.0.5+up1.6.2/templates/_helpers.tpl deleted file mode 100644 index 2784ae6c0e..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/_helpers.tpl +++ /dev/null @@ -1,179 +0,0 @@ -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} - -{{/* -URL of the registry epinio uses to store workload images -*/}} -{{- define "epinio.registry-url" -}} -{{- if .Values.containerregistry.enabled -}} -{{- printf "registry.%s.svc.cluster.local:5000" .Release.Namespace }} -{{- else -}} -{{- .Values.global.registryURL }} -{{- end -}} -{{- end -}} - -{{/* -URL of the minio epinio installed -*/}} -{{- define "epinio.minio-url" -}} -{{- if .Values.minio.enabled -}} -{{- printf "%s.%s.svc.cluster.local:9000" .Values.minio.fullnameOverride .Release.Namespace }} -{{- else -}} -{{- .Values.s3.endpoint }} -{{- end -}} -{{- end -}} - -{{/* -Host name of the minio epinio installed -*/}} -{{- define "epinio.minio-hostname" -}} -{{- printf "%s.%s.svc.cluster.local" .Values.minio.fullnameOverride .Release.Namespace }} -{{- end -}} - - -{{/* -PVC cleanup hooks for bitnami helm chart based catalog services -# https://github.com/epinio/epinio/issues/1386 -# https://docs.bitnami.com/kubernetes/apps/aspnet-core/administration/deploy-extra-resources/ -*/}} -{{- define "epinio.catalog-service-values" -}} -{{ printf ` -extraDeploy: - - | - # Create a service account, role and binding to allow to list, get and - # delete PVCs. It should be used by the job below. - - # To ensure the resources are deleted, use this annotation: - # - # annotations: - # "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - - # https://helm.sh/docs/topics/charts_hooks/#hook-resources-are-not-managed-with-corresponding-releases - # https://helm.sh/docs/topics/charts_hooks/#hook-deletion-policies - - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - - --- - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - kind: Role - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - rules: - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - delete - - list - - --- - kind: RoleBinding - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-5" - subjects: - - kind: ServiceAccount - name: "pvc-deleter-{{ .Release.Name }}" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "pvc-deleter-{{ .Release.Name }}" - - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": hook-succeeded - spec: - template: - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - serviceAccountName: "pvc-deleter-{{ .Release.Name }}" - containers: - - name: post-install-job - image: "%s" - command: ["kubectl", "delete", "pvc", "-n", "{{ .Release.Namespace }}", "-l", "app.kubernetes.io/instance={{ .Release.Name }}"] -` (print (include "registry-url" .) .Values.image.kubectl.repository ":" .Values.image.kubectl.tag) | indent 4}} -{{- end -}} - -{{/* -Removes characters that are invalid for kubernetes resource names from the -given string -*/}} -{{- define "epinio-name-sanitize" -}} -{{ regexReplaceAll "[^-a-z0-9]*" . "" }} -{{- end }} - -{{/* -Resource name sanitization and truncation. -- Always suffix the sha1sum (40 characters long) -- Always add an "r" prefix to make sure we don't have leading digits -- The rest of the characters up to 63 are the original string with invalid -character removed. -*/}} -{{- define "epinio-truncate" -}} -{{ print "r" (trunc 21 (include "epinio-name-sanitize" .)) "-" (sha1sum .) }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/assets.yaml b/charts/epinio/100.0.5+up1.6.2/templates/assets.yaml deleted file mode 100644 index 3614c7a967..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/assets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: {{ .Release.Namespace }} - name: epinio-assets - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/name: epinio-assets - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: Opaque -data: -{{ (.Files.Glob "assets/*").AsSecrets | indent 2 }} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/certificate.yaml b/charts/epinio/100.0.5+up1.6.2/templates/certificate.yaml deleted file mode 100644 index 0256415331..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/certificate.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - epinio.{{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }} - secretName: epinio-tls - -{{- if .Values.minio.enabled }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: minio-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ include "epinio.minio-hostname" . }} - issuerRef: - kind: ClusterIssuer - # We always trust the CA for minio so we can always use selfsigned certs - # Because Letsencrypt doesn't create certs for non public domains - name: epinio-ca - secretName: minio-tls - secretTemplate: - annotations: - kubed.appscode.com/sync: "kubed-s3-tls-from={{ .Release.Namespace }}" -{{- end }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ca - namespace: {{ .Values.certManagerNamespace }} -spec: - commonName: epinio-ca - isCA: true - issuerRef: - kind: ClusterIssuer - name: selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: epinio-ca-root diff --git a/charts/epinio/100.0.5+up1.6.2/templates/cluster-issuers.yaml b/charts/epinio/100.0.5+up1.6.2/templates/cluster-issuers.yaml deleted file mode 100644 index 319f81b537..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/cluster-issuers.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Self-signed issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} - ---- -# Let's encrypt production issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - email: {{ .Values.email }} - preferredChain: "" - privateKeySecretRef: - name: letsencrypt-production - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - {{- if .Values.ingress.ingressClassName }} - class: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - ingressTemplate: - metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - ---- -# Private CA (epinio-ca) issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: epinio-ca -spec: - ca: - secretName: epinio-ca-root - diff --git a/charts/epinio/100.0.5+up1.6.2/templates/container-registry.yaml b/charts/epinio/100.0.5+up1.6.2/templates/container-registry.yaml deleted file mode 100644 index c1099284bf..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/container-registry.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth - namespace: {{ .Release.Namespace }} -stringData: - # The only supported password format is bcrypt - htpasswd: {{ htpasswd .Values.global.registryUsername .Values.global.registryPassword | quote }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-registry - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - registry.{{ .Release.Namespace }}.svc.cluster.local - ipAddresses: - - 127.0.0.1 - issuerRef: - kind: ClusterIssuer - name: epinio-ca - secretName: epinio-registry-tls - ---- -apiVersion: v1 -kind: Service -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry - port: 5000 - targetPort: 5000 - -{{ if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: registry-node - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: NodePort - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry-sidecar - port: 30500 - targetPort: 30500 - nodePort: 30500 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: {{ .Release.Namespace }} -data: - nginx.conf: | - server { - listen 30500 default_server; - server_name 127.0.0.1; - - location / { - proxy_pass https://localhost:5000/; - } - } -{{- end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - template: - metadata: - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - spec: - containers: -{{ if .Values.containerregistry.enabled }} - - name: nginx - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.nginx.repository}}:{{ .Values.containerregistry.image.nginx.tag }}" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 5000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 5000 - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /var/cache/nginx/ - name: nginx-run - - mountPath: /var/run/ - name: nginx-run -{{- end }} - - name: registry - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.registry.repository}}:{{ .Values.containerregistry.image.registry.tag }}" - imagePullPolicy: {{ .Values.containerregistry.imagePullPolicy }} - env: - - name: REGISTRY_AUTH - value: htpasswd - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: Registry Realm - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: /etc/registry/auth/htpasswd - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: "/certs/tls.crt" - - name: REGISTRY_HTTP_TLS_KEY - value: "/certs/tls.key" - volumeMounts: - - name: registry - mountPath: /var/lib/registry - readOnly: false - - name: auth - mountPath: /etc/registry/auth - readOnly: true - - name: certs - mountPath: /certs - readOnly: true - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: registry - emptyDir: {} - - name: auth - secret: - secretName: auth - - name: certs - secret: - secretName: epinio-registry-tls -{{ if .Values.containerregistry.enabled }} - - name: nginx-conf - configMap: - name: nginx-conf - - name: nginx-cache - emptyDir: {} - - name: nginx-run - emptyDir: {} -{{- end }} -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/default-app-chart.yaml b/charts/epinio/100.0.5+up1.6.2/templates/default-app-chart.yaml deleted file mode 100644 index 6c7b13928c..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/default-app-chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: application.epinio.io/v1 -kind: AppChart -metadata: - namespace: {{ .Release.Namespace }} - name: standard - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-standard-app-chart - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} -spec: - shortDescription: Epinio standard deployment - description: Epinio standard support chart for application deployment - helmChart: /assets/epinio-application-0.1.24.tgz diff --git a/charts/epinio/100.0.5+up1.6.2/templates/dex.yaml b/charts/epinio/100.0.5+up1.6.2/templates/dex.yaml deleted file mode 100644 index 3f49f6684a..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/dex.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.dex.enabled -}} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - annotations: - name: dex-config - namespace: {{ .Release.Namespace }} -stringData: - issuer: "https://auth.{{ .Values.global.domain }}" - endpoint: {{ printf "http://%s.%s.svc.cluster.local:5556" .Values.dex.fullnameOverride .Release.Namespace }} - config.yaml: |- - issuer: "https://auth.{{ .Values.global.domain }}" - storage: - type: kubernetes - config: - inCluster: true - enablePasswordDB: true - staticPasswords: - - email: "admin@epinio.io" - # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2) - hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" - username: "admin" - userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" - - email: "epinio@epinio.io" - hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" - userID: "08a8684b-db88-4b73-90a9-3cd1661f5467" - - staticClients: - - id: epinio-api - name: 'Epinio API' - public: true - # The 'Epinio API' lets the 'Epinio cli' issue ID tokens on its behalf. - # https://dexidp.io/docs/custom-scopes-claims-clients/#cross-client-trust-and-authorized-party - trustedPeers: - - epinio-cli - - - id: epinio-cli - name: 'Epinio cli' - public: true - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - labels: - epinio.io/api-user-credentials: "true" - epinio.io/role: "admin" - name: {{ include "epinio-truncate" (print "user-" "admin@epinio.io") }} - namespace: {{ .Release.Namespace }} -stringData: - username: "admin@epinio.io" - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dex - namespace: {{ .Release.Namespace }} - annotations: - cert-manager.io/cluster-issuer: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }} - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: "auth.{{ .Values.global.domain }}" - http: - paths: - - backend: - service: - name: dex - port: - number: 5556 - path: / - pathType: Prefix - tls: - - hosts: - - "auth.{{ .Values.global.domain }}" - secretName: dex-tls - -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/ingress.yaml b/charts/epinio/100.0.5+up1.6.2/templates/ingress.yaml deleted file mode 100644 index 29890c8ce2..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - nginx.ingress.kubernetes.io/ssl-redirect: {{ .Values.ingress.nginxSSLRedirect | quote }} - nginx.ingress.kubernetes.io/proxy-body-size: 100m - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - labels: - app.kubernetes.io/name: epinio - name: epinio - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: "epinio.{{ .Values.global.domain }}" - http: - paths: - - backend: - service: - name: epinio-server - port: - number: 80 - path: /api - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /wapi - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /ready - pathType: Exact - {{- if ".Values.epinio-ui.enabled" }} - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: Prefix - {{- end }} - tls: - - hosts: - - "epinio.{{ .Values.global.domain }}" - secretName: epinio-tls diff --git a/charts/epinio/100.0.5+up1.6.2/templates/psp.yaml b/charts/epinio/100.0.5+up1.6.2/templates/psp.yaml deleted file mode 100644 index 3e0240be26..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/psp.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-server-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-server-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server-psp -subjects: - - kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - -{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/registry-secret.yaml b/charts/epinio/100.0.5+up1.6.2/templates/registry-secret.yaml deleted file mode 100644 index 6539d35032..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/registry-secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - annotations: - epinio.io/registry-namespace: {{ .Values.global.registryNamespace }} - kubed.appscode.com/sync: kubed-sync=registry-creds - name: registry-creds - namespace: {{ .Release.Namespace }} -stringData: - .dockerconfigjson: |- - { - "auths": { - "{{ template "epinio.registry-url" . }}": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } {{- if .Values.containerregistry.enabled }} , - "127.0.0.1:30500": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } - {{- end -}} - } - } diff --git a/charts/epinio/100.0.5+up1.6.2/templates/s3-secret.yaml b/charts/epinio/100.0.5+up1.6.2/templates/s3-secret.yaml deleted file mode 100644 index 294735447f..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/s3-secret.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Generated credentials for minio. Used only if minio is enabled. -{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace "minio-creds").data -}} -{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.accesskey)) -}} -{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.secretkey)) -}} - -# Minio values if minio is enabled, otherwise the user provided values -{{- $s3Endpoint := include "epinio.minio-url" . -}} -{{- $s3AccessKey := .Values.minio.enabled | ternary $accessKey .Values.s3.accessKeyID -}} -{{- $s3SecretKey := .Values.minio.enabled | ternary $secretKey .Values.s3.secretAccessKey -}} -{{- $s3Bucket := .Values.minio.enabled | ternary "epinio" .Values.s3.bucket -}} -{{- $s3UseSSL := .Values.minio.enabled | ternary true .Values.s3.useSSL -}} -{{- $s3Region := .Values.minio.enabled | ternary "" .Values.s3.region -}} - ---- -# The S3 connection details as required by the staging Job (in "ini" format) -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-s3-connection-details - namespace: {{ .Release.Namespace }} -stringData: - bucket: {{ $s3Bucket }} - config: |- - [default] - region={{ $s3Region }} - credentials: |- - [default] - aws_access_key_id={{ $s3AccessKey }} - aws_secret_access_key={{ $s3SecretKey }} - endpoint: {{ $s3Endpoint | quote }} - useSSL: {{ $s3UseSSL | quote }} - -# The S3 connection details as required by minio deployment -# https://github.com/minio/minio/blob/8ae46bce937567e682d14f7fe845b8ff67e549d2/helm/minio/values.yaml#L81 -# Secrets get created first so Minio should find it there when it needs it. -# https://github.com/helm/helm/blob/release-3.0/pkg/releaseutil/kind_sorter.go ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: minio-creds - namespace: {{ .Release.Namespace }} -stringData: - rootUser: {{ $s3AccessKey | quote }} - rootPassword: {{ $s3SecretKey | quote }} - accesskey: {{ $s3AccessKey | quote }} - secretkey: {{ $s3SecretKey | quote }} diff --git a/charts/epinio/100.0.5+up1.6.2/templates/server.yaml b/charts/epinio/100.0.5+up1.6.2/templates/server.yaml deleted file mode 100644 index 27c01489a4..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/server.yaml +++ /dev/null @@ -1,387 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - update - - delete -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - post -- apiGroups: - - "" - resources: - - pods/portforward - verbs: - - get -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - update - - delete - - get - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - update - - patch -- apiGroups: - - servicecatalog.k8s.io - resources: - - servicebindings - verbs: - - create - - get - - delete - - list -- apiGroups: - - servicecatalog.k8s.io - resources: - - serviceinstances - verbs: - - create - - delete - - get - - list -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - create - - delete -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete -- apiGroups: - - "cert-manager.io" - resources: - - certificates - verbs: - - create -- apiGroups: - - application.epinio.io - resources: - - apps - verbs: - - get - - list - - create - - delete - - patch - - update -- apiGroups: - - "metrics.k8s.io" - resources: - - pods - verbs: - - list -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: epinio-server-role - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - template: - metadata: - labels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - spec: - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - serviceAccountName: epinio-server - volumes: - - name: asset-volume - secret: - secretName: epinio-assets - - name: tmp-volume - emptyDir: {} - - name: image-export-volume - persistentVolumeClaim: - claimName: image-export-pvc -{{- if .Values.dex.enabled }} - - name: dex-tls - secret: - secretName: dex-tls - optional: false -{{- end }} - containers: - - command: ["/epinio", "server"] - args: ["--port", "8030"] - env: - - name: EPINIO_SETTINGS - value: /tmp/settings.yaml - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - - name: ACCESS_CONTROL_ALLOW_ORIGIN - value: "{{ .Values.server.accessControlAllowOrigin }}" - - name: EPINIO_TIMEOUT_MULTIPLIER - value: "{{ .Values.server.timeoutMultiplier }}" - - name: TLS_ISSUER - value: "{{ .Values.global.tlsIssuer }}" - - name: TRACE_LEVEL - value: "{{ .Values.server.traceLevel }}" - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - {{- $imageSkopeo := .Values.image.skopeo -}} - {{- if $imageSkopeo }} - - name: APP_IMAGE_EXPORTER - value: "{{ default $imageSkopeo.registry (include "registry-url" .) }}{{ $imageSkopeo.repository}}:{{ $imageSkopeo.tag }}" - {{- end }} - {{- if .Values.server.disableTracking }} - - name: DISABLE_TRACKING - value: "true" - {{- end }} - {{- if or .Values.s3.certificateSecret .Values.minio.enabled }} - - name: S3_CERTIFICATE_SECRET - value: {{ default "minio-tls" .Values.s3.certificateSecret }} - {{- end }} - {{- if .Values.containerregistry.enabled }} - - name: REGISTRY_CERTIFICATE_SECRET - value: "epinio-registry-tls" - {{- end }} - {{- if .Values.server.ingressClassName }} - - name: INGRESS_CLASS_NAME - value: "{{ .Values.server.ingressClassName }}" - {{- else if .Values.ingress.ingressClassName }} - - name: INGRESS_CLASS_NAME - value: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 12 -}} - {{- end }} - image: "{{ default .Values.image.epinio.registry (include "registry-url" .) }}{{ .Values.image.epinio.repository }}:{{ default .Chart.AppVersion .Values.image.epinio.tag }}" - livenessProbe: - httpGet: - path: /ready - port: 8030 - name: epinio-server - ports: - - containerPort: 8030 - volumeMounts: - - name: asset-volume - mountPath: /assets - - name: tmp-volume - mountPath: /tmp - - name: image-export-volume - mountPath: /image-export -{{- if .Values.dex.enabled }} - - name: dex-tls - mountPath: /etc/ssl/certs/dex-tls.pem - subPath: tls.crt -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8030 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: image-export-pvc - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8030 - selector: - app.kubernetes.io/name: epinio-server diff --git a/charts/epinio/100.0.5+up1.6.2/templates/stage-scripts.yaml b/charts/epinio/100.0.5+up1.6.2/templates/stage-scripts.yaml deleted file mode 100644 index bf1db19e6a..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/stage-scripts.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: epinio-stage-scripts - namespace: {{ .Release.Namespace }} -data: - builderImage: "{{ default .Values.image.builder.registry (include "registry-url" .) }}{{ .Values.image.builder.repository}}:{{ .Values.image.builder.tag }}" - downloadImage: "{{ default .Values.image.awscli.registry (include "registry-url" .) }}{{ .Values.image.awscli.repository}}:{{ .Values.image.awscli.tag }}" - unpackImage: "{{ default .Values.image.bash.registry (include "registry-url" .) }}{{ .Values.image.bash.repository}}:{{ default .Chart.AppVersion .Values.image.bash.tag }}" - download: |- - # Parameters - # - PROTOCOL # s3 protocol - # - ENDPOINT # s3 endpoint - # - BUCKET # s3 bucket - # - BLOBID # blob id / file name for source archive - # - # This data is set in the chart only for an external s3. For - # internal s3 the chart has no information. Therefore we cannot - # use helm templating to insert these. - echo By _ _ __ ___ _____ $(whoami) $(pwd) - cat /etc/ssl/certs/ca-bundle.crt > /tmp/ca-bundle.pem - test -f /certs/ca.crt && cat /certs/ca.crt >> /tmp/ca-bundle.pem - test -f /certs/tls.crt && cat /certs/tls.crt >> /tmp/ca-bundle.pem - aws --ca-bundle /tmp/ca-bundle.pem --endpoint-url "${PROTOCOL}://${ENDPOINT}" s3 cp "s3://${BUCKET}/${BLOBID}" "/workspace/source/${BLOBID}" - echo _ _ __ ___ _____ Done - unpack: |- - # Parameters - # - BLOBID # blob id / file name for source archive - # - # Attempting to unpack the sources as, in order: - # .tar - epinio cli - # .zip - epinio UI - # -z .tar.gz - # -j .tar.bz2 - # -J .tar.xz - # - # __Note__: While it would have been nicer, IMNSHO, to use `file` to determine the - # type of the file and then directly dispatch to the proper unpacker, the `file` - # command is not available in the `bash` image. The code as written now relies on each - # unpacker to recognize/reject input properly. - # - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -f "/workspace/source/${BLOBID}" ; then - echo Nothing to unpack - exit - fi - mkdir /workspace/source/app - ( cd /workspace/source/app - ( echo Tar? ; tar -xvf "../${BLOBID}" ) || \ - ( echo Zip? ; unzip "../${BLOBID}" ) || \ - ( echo Tgz? ; tar -xvzf "../${BLOBID}" ) || \ - ( echo Tbz? ; tar -xvjf "../${BLOBID}" ) || \ - ( echo Txz? ; tar -xvJf "../${BLOBID}" ) || \ - ( echo "Unable to unpack. No supported archive file format found" ; exit 1 ) - echo OK - ) - rm "/workspace/source/${BLOBID}" - mkdir -p /workspace/source/env - cp -vL /workspace/source/appenv/* /workspace/source/env - chown -R 1000:1000 /workspace 2> /dev/null - find /workspace - echo _ _ __ ___ _____ Done - build: |- - # Parameters - # - PREIMAGE # url of previous image - # - APPIMAGE # url of application image - # - # ATTENTION: The `curl localhost:4191` command is used to stop the linkerd proxy - # container gracefully. We use `|| true` in case linkerd is not deployed. Further, it - # is placed into a trap to ensure that it will always run, even for a staging failure. - # Error output generated when linkerd is not present/up is squashed (dev/null). - # These messages are irrelevant, the situation is not an error, and allowing them through - # would confuse users (readers of app staging logs). - set -e - trap "curl -X POST http://localhost:4191/shutdown 2> /dev/null || true" EXIT - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -d "/workspace/source/app" ; then - echo Nothing to build - sleep 60 # linkerd is a pain - If we exit to quickly, with the sidecar not ready our curl to shut it down does nothing, and then the sidecar comes up and prevents the pod from ending - exit 1 - fi - find /workspace - /cnb/lifecycle/creator \ - -app=/workspace/source/app \ - -cache-dir=/workspace/cache \ - -uid=1000 \ - -gid=1000 \ - -layers=/layers \ - -platform=/workspace/source \ - -report=/layers/report.toml \ - -process-type=web \ - -skip-restore=false \ - "-previous-image=${PREIMAGE}" \ - "${APPIMAGE}" - echo _ _ __ ___ _____ Done diff --git a/charts/epinio/100.0.5+up1.6.2/templates/validate-cert-manager-crd.yaml b/charts/epinio/100.0.5+up1.6.2/templates/validate-cert-manager-crd.yaml deleted file mode 100644 index 87e12c558c..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/validate-cert-manager-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "acme.cert-manager.io/v1/Challenge" false -}} -# {{- set $found "acme.cert-manager.io/v1/Order" false -}} -# {{- set $found "cert-manager.io/v1/CertificateRequest" false -}} -# {{- set $found "cert-manager.io/v1/Certificate" false -}} -# {{- set $found "cert-manager.io/v1/ClusterIssuer" false -}} -# {{- set $found "cert-manager.io/v1/Issuer" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/100.0.5+up1.6.2/templates/validate-install-crd.yaml b/charts/epinio/100.0.5+up1.6.2/templates/validate-install-crd.yaml deleted file mode 100644 index afa6e4fb4d..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/templates/validate-install-crd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "application.epinio.io/v1/App" false -}} -# {{- set $found "application.epinio.io/v1/AppChart" false -}} -# {{- set $found "application.epinio.io/v1/Service" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/100.0.5+up1.6.2/values.schema.json b/charts/epinio/100.0.5+up1.6.2/values.schema.json deleted file mode 100644 index 766891678d..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/values.schema.json +++ /dev/null @@ -1,424 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "epinio": { - "type": "object", - "properties": { - "registry": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "bash": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "awscli": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "kubectl": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - } - }, - "server": { - "description": "server configuration", - "type": "object", - "properties": { - "accessControlAllowOrigin": { - "type": "string" - }, - "timeoutMultiplier": { - "type": "integer" - }, - "traceLevel": { - "type": "integer" - }, - "registryCertificateSecret": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - } - }, - "ingress": { - "ingressClassName": { - "type": "string" - }, - "annotations": { - "type": "object" - }, - "nginxSSLRedirect": { - "type": "string" - } - }, - "s3": { - "description": "s3 connection details", - "type": "object", - "properties": { - "endpoint": { - "type": "string" - }, - "bucket": { - "type": "string" - }, - "region": { - "type": "string" - }, - "accessKeyID": { - "type": "string" - }, - "secretAccessKey": { - "type": "string" - }, - "certificateSecret": { - "type": "string" - }, - "useSSL": { - "type": "boolean" - } - }, - "required": [ - "endpoint", - "bucket", - "accessKeyID", - "secretAccessKey" - ] - }, - "api": { - "description": "API access configuration", - "type": "object", - "properties": { - "users": { - "description": "Default Epinio users", - "type": "array", - "items": { - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "passwordBcrypt": { - "type": "string" - }, - "role": { - "type": "string" - }, - "workspaces": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "username", - "passwordBcrypt", - "role" - ] - } - } - } - }, - "certManagerNamespace": { - "description": "the namespace there cert-manager controller is deployed", - "type": "string" - }, - "domain": { - "description": "the domain that will be used to access the Epinio API", - "type": "string" - }, - "global": { - "type": "object", - "properties": { - "cattle": { - "type": "object", - "properties": { - "systemDefaultRegistry": { - "type": "string" - } - } - }, - "domain": { - "type": "string" - }, - "tlsIssuer": { - "type": "string" - }, - "registryURL": { - "type": "string" - }, - "registryUsername": { - "type": "string" - }, - "registryPassword": { - "type": "string" - }, - "registryNamespace": { - "type": "string" - } - }, - "required": [ - "domain" - ] - }, - "containerregistry": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "nginx": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "registry": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - }, - "required": [ - "nginx", - "registry" - ] - }, - "imagePullPolicy": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - }, - "required": [ - "enabled", - "image", - "imagePullPolicy", - "ingressClassName" - ] - }, - "dex": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "fullnameOverride": { - "type": "string" - }, - "configSecret": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "create", - "name" - ] - } - }, - "required": [ - "enabled", - "configSecret", - "fullnameOverride" - ] - }, - "epinio-ui": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ] - } - }, - "required": [ - "enabled", - "ingress" - ] - }, - "kubed": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "enableAnalytics": { - "type": "boolean" - }, - "fullnameOverride": { - "type": "string" - } - }, - "required": [ - "enabled", - "enableAnalytics", - "fullnameOverride" - ] - }, - "minio": { - "type": "object", - "properties": { - "drivesPerNode": { - "type": "integer" - }, - "enabled": { - "type": "boolean" - }, - "existingSecret": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "makeUserJob": { - "type": "object", - "properties": { - "podAnnotations": { - "type": "object" - } - }, - "required": [ - "podAnnotations" - ] - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string" - } - }, - "required": [ - "size" - ] - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string" - } - }, - "required": [ - "memory" - ] - } - }, - "required": [ - "requests" - ] - }, - "tls": { - "type": "object", - "properties": { - "certSecret": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "privateKey": { - "type": "string" - }, - "publicCrt": { - "type": "string" - } - }, - "required": [ - "certSecret", - "enabled", - "privateKey", - "publicCrt" - ] - } - }, - "required": [ - "drivesPerNode", - "enabled", - "existingSecret", - "fullnameOverride", - "makeUserJob", - "persistence", - "replicas", - "resources", - "tls" - ] - } - }, - "required": [ - "certManagerNamespace", - "s3" - ] -} diff --git a/charts/epinio/100.0.5+up1.6.2/values.yaml b/charts/epinio/100.0.5+up1.6.2/values.yaml deleted file mode 100644 index b8db4c20c2..0000000000 --- a/charts/epinio/100.0.5+up1.6.2/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -## Default values for Epinio Helm Chart. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# The email address you are planning to use for getting notifications about your certificates. -email: "epinio@suse.com" - -image: - epinio: - repository: rancher/mirrored-epinio-epinio-server - tag: v1.6.2 - bash: - repository: rancher/mirrored-epinio-epinio-unpacker - tag: v1.6.2 - awscli: - repository: rancher/mirrored-amazon-aws-cli - tag: 2.9.14 - skopeo: - repository: rancher/mirrored-skopeo-skopeo - tag: v1.10.0 - kubectl: - repository: rancher/kubectl - tag: v1.22.6 - builder: - repository: rancher/mirrored-paketobuildpacks-builder - tag: 0.2.289-full - -server: - # Domain which serves the Rancher UI (to access the API) - accessControlAllowOrigin: "" - # increase this value to increase all timeouts by the same factor - timeoutMultiplier: 1 - # Increase this value to instruct the API server to produce more debug output - traceLevel: 0 - # The ingressClassName is used to select the ingress controller for apps. If empty ingress.ingressClassName (see below) is used - ingressClassName: "" - # Disable tracking of the Epinio and Kubernetes cluster version - disableTracking: false -ingress: - # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. - ingressClassName: "" - # Annotations to add to the API ingress - # e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false' - annotations: {} - # nginxSSLRedirect to controll https->http redirects - nginxSSLRedirect: "true" - -certManagerNamespace: cert-manager - -# Connection details for the S3 storage -s3: - endpoint: s3.amazonaws.com - bucket: "" - region: "" - accessKeyID: "" - secretAccessKey: "" - useSSL: true - # Set it to an existing secret if S3 is using a self signed cert - certificateSecret: "" - -api: - # Default users - users: - - username: admin - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: admin - - username: epinio - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: user - workspaces: - - workspace - -# Dex subchart values -- None for now, and sub chart disabled -dex: - enabled: true - # hardcode this, to avoid problems with release name - fullnameOverride: "dex" - configSecret: - create: false - name: "dex-config" - -# Extra environment variables passed to the epinio-server pod. -# extraEnv: -# - name: MY_ENV_VAR -# value: "1.0" -# Minio subchart values -minio: - enabled: true - # hardcode this, to avoid problems with release name - fullnameOverride: minio - existingSecret: minio-creds - tls: - enabled: true - certSecret: minio-tls - publicCrt: tls.crt - privateKey: tls.key - persistence: - size: 2Gi - drivesPerNode: 4 - replicas: 1 - resources: - requests: - memory: 1Gi - makeUserJob: - podAnnotations: - linkerd.io/inject: disabled - -epinio-ui: - enabled: true - epinioTheme: light - epinioVersion: "v1.6.2" - ingress: - enabled: false - -kubed: - enabled: true - fullnameOverride: kubed - enableAnalytics: false - -containerregistry: - enabled: true - image: - registry: - repository: rancher/mirrored-library-registry - tag: 2.8.1 - nginx: - repository: rancher/mirrored-library-nginx - tag: 1.23.2-alpine - imagePullPolicy: IfNotPresent - # The ingressClassName is used to select the ingress controller. If - # empty no class will be added to the ingresses. - ingressClassName: "" - -serviceCatalog: - # Enable service catalog service for development - enableDevServices: true - -global: - rbac: - pspEnabled: true - # The domain that will be used to access the epinio API server and the registry - domain: "" - # Connection details for the container registry. - registryURL: "" # Skip if containerregistry.enabled is true - registryUsername: "admin" - registryPassword: "changeme" - registryNamespace: "apps" # Used in registry path when pushing -> "external.tld/apps/APPNAME" - # The name of the cluster issuer to use. - # Epinio creates three options: 'epinio-ca', 'letsencrypt-production', and 'selfsigned-issuer'. - tlsIssuer: "epinio-ca" - # The URL of the container registry from where to pull container images for the various - # created Pods. Don't confuse this registry with the "Epinio registry" which is the one - # where Epinio stores the application images. - cattle: - systemDefaultRegistry: "" diff --git a/charts/epinio/102.0.1+up1.6.2/Chart.lock b/charts/epinio/102.0.1+up1.6.2/Chart.lock deleted file mode 100644 index 2429c2dc62..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/Chart.lock +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: dex - repository: https://charts.dexidp.io - version: 0.12.1 -- name: minio - repository: https://charts.min.io/ - version: 5.0.4 -- name: kubed - repository: https://charts.appscode.com/stable/ - version: v0.13.2 -- name: epinio-ui - repository: https://epinio.github.io/helm-charts - version: 1.5.3 -digest: sha256:edaf7fec6b9567423ca0175493c21a542afe293e3a48d853acf9eb0b3d36024a -generated: "2023-01-12T09:59:16.775081808+01:00" diff --git a/charts/epinio/102.0.1+up1.6.2/Chart.yaml b/charts/epinio/102.0.1+up1.6.2/Chart.yaml deleted file mode 100644 index 5f64065322..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/Chart.yaml +++ /dev/null @@ -1,50 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 -apiVersion: v2 -appVersion: v1.6.2 -dependencies: -- condition: dex.enabled, global.dex.enabled - name: dex - repository: file://./charts/dex - tags: - - dex -- condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui -- condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed -- condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio -description: Epinio deploys Kubernetes applications directly from source code in one - step. -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio -sources: -- https://github.com/epinio/epinio -version: 102.0.1+up1.6.2 diff --git a/charts/epinio/102.0.1+up1.6.2/README.md b/charts/epinio/102.0.1+up1.6.2/README.md deleted file mode 100644 index 7bf1d15521..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Epinio Helm Chart - -From app to URL in one command. - -## Introduction - -This chart deploys Epinio PaaS on a Kubernetes cluster. It also deploys some of -its dependencies as subcharts. - -The documentation is centralized in the [doc website](https://docs.epinio.io). - -## Prerequisites - -Epinio needs a number of external components to be running on your cluster in order to -work. You may already have those deployed, otherwise follow the instructions here -to deploy them. - -Important: Some of the namespaces of the components are hardcoded in the Epinio -code and thus are important to be the same as described here. In the future this -may be configurable on the Epinio Helm chart. - -### Ingress Controller - -Epinio creates Ingress resources for the API server, the applications and depending -on your setup, the internal container registry. Those resources won't work unless -an Ingress controller is running on your cluster. - -If you don't have an Ingress controller already running, you can install Traefik with: - -``` -$ kubectl create namespace traefik -$ export LOAD_BALANCER_IP=$(LOAD_BALANCER_IP:-) # Set this to the IP of your load balancer if you know that -$ helm install traefik --namespace traefik "https://helm.traefik.io/traefik/traefik-10.3.4.tgz" \ - --set globalArguments='' \ - --set-string ports.web.redirectTo=websecure \ - --set-string ingressClass.enabled=true \ - --set-string ingressClass.isDefaultClass=true \ - --set-string service.spec.loadBalancerIP=$LOAD_BALANCER_IP -``` - -### Cert Manager - -Epinio needs [cert-manager](https://cert-manager.io/) in order to create TLS -certificates for the various Ingresses (see "Ingress controller" above). - -If cert-manager is not already installed on the cluster, it can be installed like this: - -``` -$ kubectl create namespace cert-manager -$ helm repo add jetstack https://charts.jetstack.io -$ helm repo update -$ helm install cert-manager --namespace cert-manager jetstack/cert-manager \ - --set installCRDs=true \ - --set extraArgs[0]=--enable-certificate-owner-ref=true -``` - -### Kubed - -Kubed is installed as a subchart when `.Values.kubed.enabled` is true (default). -If you already have kubed running, you can skip the installation by setting -the helm value "kubed.enabled" to "false". - -### S3 storage - -Epinio is using an S3 compatible storage to store the application source code. -This chart will install [Minio](https://min.io/) when `.Values.minio.enabled` is -true (default). Any S3 compatible solution can be used instead by setting this -value to `false` and using [the values under `s3`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L44) -to point to the desired S3 server. - -### Container Registry - -When Epinio builds a container image for an application from source, it needs -to store that image to a container registry. Epinio installs a container registry -on the cluster when `.Values.containerregistry.enabled` is `true` (default). - -Any container registry that supports basic auth authentication can be used (e.g. gcr, dockerhub etc) -instead by setting this value to `false` and using -[the values under `registry`](https://github.com/epinio/helm-charts/blob/main/chart/epinio/values.yaml#L104-L107) -to point to the desired container registry. - -## Install Epinio - -If the above dependencies are available or going to be installed by this chart, -Epinio can be installed with the following: - -``` -$ helm repo add epinio https://epinio.github.io/helm-charts/ -$ helm install epinio -n epinio --create-namespace epinio/epinio --values epinio-values.yaml --set global.domain=myepiniodomain.org -``` - -The only value that is mandatory is the `.Values.global.domain` which -should be a wildcard domain, pointing to the IP address of your running -Ingress controller. diff --git a/charts/epinio/102.0.1+up1.6.2/assets/epinio-application-0.1.24.tgz b/charts/epinio/102.0.1+up1.6.2/assets/epinio-application-0.1.24.tgz deleted file mode 100644 index 2cac4420b3..0000000000 Binary files a/charts/epinio/102.0.1+up1.6.2/assets/epinio-application-0.1.24.tgz and /dev/null differ diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/.helmignore b/charts/epinio/102.0.1+up1.6.2/charts/dex/.helmignore deleted file mode 100644 index 00ca644b23..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -README.md.gotmpl diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/Chart.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/Chart.yaml deleted file mode 100644 index fe64aabd13..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - artifacthub.io/changes: | - - kind: changed - description: "Update Dex to 2.35.3" - artifacthub.io/images: | - - name: dex - image: ghcr.io/dexidp/dex:v2.35.3 -apiVersion: v2 -appVersion: 2.35.3 -description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable - connectors. -home: https://dexidp.io/ -icon: https://dexidp.io/favicon.png -keywords: -- oidc -- oauth -- identity-provider -- saml -kubeVersion: '>=1.14.0-0' -maintainers: -- email: mark.sagikazar@gmail.com - name: sagikazarmark - url: https://sagikazarmark.hu -name: dex -sources: -- https://github.com/dexidp/dex -- https://github.com/dexidp/helm-charts/tree/master/charts/dex -type: application -version: 0.12.1 diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/LICENSE b/charts/epinio/102.0.1+up1.6.2/charts/dex/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/README.md b/charts/epinio/102.0.1+up1.6.2/charts/dex/README.md deleted file mode 100644 index 87812088cb..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/README.md +++ /dev/null @@ -1,177 +0,0 @@ -# dex - -![version: 0.12.1](https://img.shields.io/badge/version-0.12.1-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.35.3](https://img.shields.io/badge/app%20version-2.35.3-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) - -OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. - -**Homepage:** - -## TL;DR; - -```bash -helm repo add dex https://charts.dexidp.io -helm install --generate-name --wait dex/dex -``` - -## Getting started - -### Minimal configuration - -Dex requires a minimal configuration in order to work. -You can pass configuration to Dex using Helm values: - -```yaml -config: - # Set it to a valid URL - issuer: http://my-issuer-url.com - - # See https://dexidp.io/docs/storage/ for more options - storage: - type: memory - - # Enable at least one connector - # See https://dexidp.io/docs/connectors/ for more options - enablePasswordDB: true -``` - -The above configuration won't make Dex automatically available on the configured URL. -One (and probably the easiest) way to achieve that is configuring ingress: - -```yaml -ingress: - enabled: true - - hosts: - - host: my-issuer-url.com - paths: - - path: / -``` - -### Minimal TLS configuration - -HTTPS is basically mandatory these days, especially for authentication and authorization services. -There are several solutions for protecting services with TlS in Kubernetes, -but by far the most popular and portable is undoubtedly [Cert Manager](https://cert-manager.io). - -Cert Manager can be [installed](https://cert-manager.io/docs/installation/kubernetes) with a few steps: - -```shell -helm repo add jetstack https://charts.jetstack.io -helm repo update -kubectl create namespace cert-manager -helm install \ - cert-manager jetstack/cert-manager \ - --namespace cert-manager \ - --set installCRDs=true -``` - -The next step is setting up an [issuer](https://cert-manager.io/docs/concepts/issuer/) (eg. [Let's Encrypt](https://letsencrypt.org/)): - -```shell -cat <=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/networkpolicy.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/networkpolicy.yaml deleted file mode 100644 index acd51b9d89..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/networkpolicy.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -{{- if semverCompare "<1.7-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: extensions/v1beta1 -{{- else -}} -apiVersion: networking.k8s.io/v1 -{{- end }} -kind: NetworkPolicy -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -spec: - policyTypes: - {{- if .Values.networkPolicy.egressRules }} - - Egress - {{- end }} - - Ingress - podSelector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} - ingress: - - ports: - - port: http - {{- if .Values.https.enabled }} - - port: https - {{- end }} - {{- if .Values.grpc.enabled }} - - port: grpc - {{- end }} - - port: telemetry - {{- with .Values.networkPolicy.egressRules }} - egress: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/poddisruptionbudget.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/poddisruptionbudget.yaml deleted file mode 100644 index 6ec1032ad7..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ template "dex.fullname" . }} - labels: -{{ include "dex.labels" . | indent 4 }} -spec: - {{- with .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} - {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/rbac.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/rbac.yaml deleted file mode 100644 index 333f2f1000..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/rbac.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -rules: - - apiGroups: ["dex.coreos.com"] - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ include "dex.fullname" . }} -subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: {{ include "dex.serviceAccountName" . }} -{{- if .Values.rbac.createClusterScoped }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["list", "create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "dex.fullname" . }}-cluster - labels: - {{- include "dex.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ include "dex.fullname" . }} -subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: {{ include "dex.serviceAccountName" . }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/secret.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/secret.yaml deleted file mode 100644 index 27d39546ed..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.configSecret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "dex.configSecretName" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -type: Opaque -data: - config.yaml: {{ .Values.config | toYaml | b64enc | quote }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/service.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/service.yaml deleted file mode 100644 index 8114e8d59e..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- with .Values.service.clusterIP }} - clusterIP: {{ . }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.ports.http.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.http.nodePort }} - nodePort: {{ .Values.service.ports.http.nodePort }} - {{- end }} - targetPort: http - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - {{- if .Values.https.enabled }} - - name: https - port: {{ .Values.service.ports.https.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.https.nodePort }} - nodePort: {{ .Values.service.ports.https.nodePort }} - {{- end }} - targetPort: https - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: https - {{- end }} - {{- end }} - {{- if .Values.grpc.enabled }} - - name: grpc - port: {{ .Values.service.ports.grpc.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.grpc.nodePort }} - nodePort: {{ .Values.service.ports.grpc.nodePort }} - {{- end }} - targetPort: grpc - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - {{- end }} - - name: telemetry - port: 5558 - targetPort: telemetry - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - selector: - {{- include "dex.selectorLabels" . | nindent 4 }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/serviceaccount.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/serviceaccount.yaml deleted file mode 100644 index 30c3ddd90e..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "dex.serviceAccountName" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/tests/no-config-secret.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/tests/no-config-secret.yaml deleted file mode 100644 index 4b7804f540..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/tests/no-config-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if not .Values.configSecret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "dex.configSecretName" . }}-test-no-create - labels: - {{- include "dex.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -type: Opaque -data: - config.yaml: {{ .Values.config | toYaml | b64enc | quote }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/values.yaml b/charts/epinio/102.0.1+up1.6.2/charts/dex/values.yaml deleted file mode 100644 index 42202be2b6..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/values.yaml +++ /dev/null @@ -1,275 +0,0 @@ -# Default values for dex. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- Number of replicas (pods) to launch. -replicaCount: 1 - -image: - # -- Name of the image repository to pull the container image from. - repository: rancher/mirrored-dexidp-dex - tag: v2.35.3 - - # -- [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for updating already existing images on a node. - pullPolicy: IfNotPresent - -# -- Reference to one or more secrets to be used when [pulling images](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) (from private registries). -imagePullSecrets: [] - -# -- A name in place of the chart name for `app:` labels. -nameOverride: "" - -# -- A name to substitute for the full names of resources. -fullnameOverride: "" - -# -- A list of hosts and IPs that will be injected into the pod's hosts file if specified. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hostname-and-name-resolution) -hostAliases: [] - -https: - # -- Enable the HTTPS endpoint. - enabled: false - -grpc: - # -- Enable the gRPC endpoint. - # Read more in the [documentation](https://dexidp.io/docs/api/). - enabled: false - -configSecret: - # -- Enable creating a secret from the values passed to `config`. - # If set to false, name must point to an existing secret. - create: true - - # -- The name of the secret to mount as configuration in the pod. - # If not set and create is true, a name is generated using the fullname template. - # Must point to secret that contains at least a `config.yaml` key. - name: "" - -# -- Application configuration. -# See the [official documentation](https://dexidp.io/docs/). -config: {} - -# -- Additional storage [volumes](https://kubernetes.io/docs/concepts/storage/volumes/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. -volumes: [] - -# -- Additional [volume mounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. -volumeMounts: [] - -# -- Additional environment variables mounted from [secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) or [config maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -envFrom: [] - -# -- Additional environment variables passed directly to containers. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -env: {} - -# -- Similar to env but with support for all possible configurations. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. -envVars: [] -# - name: SOME_ENV_VAR -# value: value -# - name: SOME_ENV_VAR2 -# valueFrom: -# secretKeyRef: -# name: secret-name -# key: secret-key -# - name: SOME_ENV_VAR3 -# valueFrom: -# configMapKeyRef: -# name: config-map-name -# key: config-map-key - -serviceAccount: - # -- Enable service account creation. - create: true - - # -- Annotations to be added to the service account. - annotations: {} - - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - name: "dex-sa" - -rbac: - # -- Specifies whether RBAC resources should be created. - # If disabled, the operator is responsible for creating the necessary resources based on the templates. - create: true - - # -- Specifies which RBAC resources should be created. - # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) - createClusterScoped: true - -# -- Annotations to be added to pods. -podAnnotations: {} - -podDisruptionBudget: - # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). - # It is **highly recommended** for webhooks as disruptions can prevent launching new pods. - enabled: false - - # -- (int/percentage) Number or percentage of pods that must remain available. - minAvailable: - - # -- (int/percentage) Number or percentage of pods that can be unavailable. - maxUnavailable: - -# -- Specify a priority class name to set [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority). -priorityClassName: "" - -# -- Pod [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) for details. -podSecurityContext: {} - # fsGroup: 2000 - -# -- Container [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) for details. -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - # -- Annotations to be added to the service. - annotations: {} - - # -- Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). - type: ClusterIP - - # -- Internal cluster service IP (when applicable) - clusterIP: "" - - ports: - http: - # -- HTTP service port - port: 5556 - - # -- (int) HTTP node port (when applicable) - nodePort: - - https: - # -- HTTPS service port - port: 5554 - - # -- (int) HTTPS node port (when applicable) - nodePort: - - grpc: - # -- gRPC service port - port: 5557 - - # -- (int) gRPC node port (when applicable) - nodePort: - -ingress: - # -- Enable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). - enabled: false - - # -- Ingress [class name](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). - className: "" - - # -- Annotations to be added to the ingress. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- Ingress host configuration. - # @default -- See [values.yaml](values.yaml). - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - - # -- Ingress TLS configuration. - # @default -- See [values.yaml](values.yaml). - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -serviceMonitor: - # -- Enable Prometheus ServiceMonitor. - # See the [documentation](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/design.md#servicemonitor) and the [API reference](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) for details. - enabled: false - - # -- Namespace where the ServiceMonitor resource should be deployed. - # @default -- Release namespace. - namespace: "" - - # -- (duration) Prometheus scrape interval. - interval: - - # -- (duration) Prometheus scrape timeout. - scrapeTimeout: - - # -- Labels to be added to the ServiceMonitor. - labels: {} - -# -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. -# @default -- No requests or limits. -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# -- Autoscaling configuration (see [values.yaml](values.yaml) for details). -# @default -- Disabled by default. -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -# -- [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. -nodeSelector: {} - -# -- [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for node taints. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -tolerations: [] - -# -- [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) configuration. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -affinity: {} - -# -- [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration. -# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. -topologySpreadConstraints: [] - -# -- Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) configuration. -strategy: {} - # rollingUpdate: - # maxUnavailable: 1 - # type: RollingUpdate - -networkPolicy: - # -- Create [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) - enabled: false - # -- A list of network policy egress rules - egressRules: [] - # Allow DNS egress traffic - # - ports: - # - port: 53 - # protocol: UDP - # - port: 53 - # protocol: TCP - # Example to allow LDAP connector to reach LDAPs port on 1.2.3.4 server - # - to: - # - ipBlock - # cidr: 1.2.3.4/32 - # ports: - # - port: 636 - # protocol: TCP diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/.helmignore b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/Chart.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/Chart.yaml deleted file mode 100644 index a92cf86c34..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -annotations: - artifacthub.io/license: Apache-2.0 -apiVersion: v2 -appVersion: v1.5.1-0.0.3 -description: A Helm chart for the Epinio UI -home: https://github.com/epinio/epinio -icon: https://charts.rancher.io/assets/logos/epinio.svg -keywords: -- epinio -- paas -maintainers: -- email: team@epinio.io - name: SUSE -name: epinio-ui -sources: -- https://github.com/epinio/ui -type: application -version: 1.5.3 diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/_helpers.tpl b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/_helpers.tpl deleted file mode 100644 index 042c2f8611..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/_helpers.tpl +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "epinio-ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "epinio-ui.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "epinio-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "epinio-ui.labels" -}} -helm.sh/chart: {{ include "epinio-ui.chart" . }} -{{ include "epinio-ui.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "epinio-ui.selectorLabels" -}} -app.kubernetes.io/name: {{ include "epinio-ui.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "epinio-ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "epinio-ui.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -URL registry prefix for container images (Rancher compatibility support) -*/}} -{{- define "epinio-ui.registry" -}} -{{- if .Values.global.cattle -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- else -}} -{{ if .Values.epinioUI.image.registry }} -{{ .Values.epinioUI.image.registry }}/ -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/certificate.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/certificate.yaml deleted file mode 100644 index a04bc53fd7..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/certificate.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ .Values.global.tlsIssuer }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/ingress.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/ingress.yaml deleted file mode 100644 index 749ee71d61..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.ingress.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} - name: epinio-ui - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: {{ .Values.global.domain }} - http: - paths: - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - {{ .Values.global.domain }} - secretName: epinio-ui-tls -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/server.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/server.yaml deleted file mode 100644 index 82573cf6fa..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/server.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "epinio-ui").data -}} -{{- $encryptionKey := empty $secret | ternary (printf "%x" (randAscii 32)) (b64dec (default "" $secret.encryptionKey)) -}} -{{- $sessionSecret := empty $secret | ternary (randAlphaNum 16) (b64dec (default "" $secret.sessionSecret)) -}} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} -stringData: - encryptionKey: {{ $encryptionKey }} - sessionSecret: {{ $sessionSecret }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "epinio-ui.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "epinio-ui.labels" . | nindent 8 }} - spec: - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -{{- if .Values.global.rbac.pspEnabled }} - serviceAccountName: epinio-ui -{{- end }} -{{- end }} - containers: - - name: epinio-ui - image: {{ template "epinio-ui.registry" . }}{{ .Values.epinioUI.image.repository }}:{{ .Values.epinioUI.image.tag }} - imagePullPolicy: {{ .Values.epinioUI.imagePullPolicy }} - workingDir: /db - - env: - - name: ALLOWED_ORIGINS - value: {{ default (printf "https://epinio.%s" .Values.global.domain) .Values.epinioAllowedOrigins }} - - name: EPINIO_API_URL - value: {{ default (printf "http://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioAPIURL }} - - name: EPINIO_WSS_URL - value: {{ default (printf "ws://epinio-server.%s.svc.cluster.local" .Release.Namespace) .Values.epinioWSSURL }} - - name: EPINIO_API_SKIP_SSL - value: {{ .Values.epinioAPISkipSSL | quote }} - - name: EPINIO_VERSION - value: {{ (default .Chart.Version .Values.epinioVersion) | quote}} - - name: EPINIO_THEME - value: {{ (default "light" .Values.epinioTheme) | quote }} - - name: HTTP_CLIENT_TIMEOUT_IN_SECS - value: "120" - - name: SESSION_STORE_SECRET - valueFrom: - secretKeyRef: - name: epinio-ui - key: sessionSecret - - name: SESSION_STORE_EXPIRY - value: "1440" - - name: UI_PATH - value: "/ui" - - name: AUTH_ENDPOINT_TYPE - value: epinio - - name: ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: epinio-ui - key: encryptionKey - - - name: DATABASE_PROVIDER - value: sqlite - - name: HTTPS - value: "false" - - name: CONSOLE_PROXY_TLS_ADDRESS - value: 0.0.0.0:8000 - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 8 }} - {{- end }} - - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 6 }} - {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/service.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/service.yaml deleted file mode 100644 index 442a726425..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - labels: - {{- include "epinio-ui.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- include "epinio-ui.selectorLabels" . | nindent 4 }} - ports: - - name: ui - port: 80 - targetPort: 8000 diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/values.yaml b/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/values.yaml deleted file mode 100644 index be8d8e3549..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -epinioUI: - image: - repository: rancher/mirrored-epinio-epinio-ui - tag: v1.5.1-0.0.3 - imagePullPolicy: IfNotPresent -ingress: - enabled: true - # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. - ingressClassName: "" -global: - domain: ui.epinio.dev - tlsIssuer: selfsigned-issuer -logLevel: info -# API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local" -epinioAPIURL: "" -epinioWSSURL: "" -# Domain that will serve the UI and be the origin of browser requests, used by CORS process -epinioAllowedOrigins: "" -# Skip checking for valid SSL cert when making requests to `EPINIO_API_URL` -# epinioAPISkipSSL: "true" -# This is the version that is displayed in the ui and should match that of the epinio it's targetting -# epinioVersion: "v0.8.0" -# Epinio standalone only supports a single theme, either light or dark -epinioTheme: "light" -volumeMounts: - - name: tmp - mountPath: /tmp - readOnly: false - - name: db - mountPath: /db - readOnly: false -# - name: ui -# mountPath: /ui -# subPath: dist -# readOnly: true - -volumes: - - name: tmp - emptyDir: {} - - name: db - emptyDir: {} -# - name: ui -# persistentVolumeClaim: -# claimName: ui diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/.helmignore b/charts/epinio/102.0.1+up1.6.2/charts/kubed/.helmignore deleted file mode 100644 index be86b789d7..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/Chart.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/Chart.yaml deleted file mode 100644 index b01e55e5e0..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: v0.13.2 -description: Config Syncer by AppsCode - Kubernetes daemon -home: https://github.com/kubeops/config-syncer -icon: https://cdn.appscode.com/images/products/kubed/icons/android-icon-192x192.png -maintainers: -- email: support@appscode.com - name: appscode -name: kubed -sources: -- https://github.com/kubeops/config-syncer -version: v0.13.2 diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/README.md b/charts/epinio/102.0.1+up1.6.2/charts/kubed/README.md deleted file mode 100644 index d747c51769..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Config Syncer - -[Config Syncer by AppsCode](https://github.com/kubeops/config-syncer) - A Kubernetes cluster manager daemon - -## TL;DR; - -```console -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm install kubed appscode/kubed -n kube-system -``` - -## Introduction - -This chart deploys a Config Syncer operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Installing the Chart - -To install the chart with the release name `kubed`: - -```console -$ helm install kubed appscode/kubed -n kube-system -``` - -The command deploys a Config Syncer operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `kubed`: - -```console -$ helm delete kubed -n kube-system -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `kubed` chart and their default values. - -| Parameter | Description | Default | -|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | Number of Config Syncer operator replicas to create (only 1 is supported) | 1 | -| operator.registry | Docker registry used to pull Config Syncer operator image | appscode | -| operator.repository | Config Syncer operator container image | kubed | -| operator.tag | Config Syncer operator container image tag | v0.13.2 | -| operator.resources | Compute Resources required by the operator container | {} | -| operator.securityContext | Security options the operator container should run with | {} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/kubed \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | IfNotPresent | -| criticalAddon | If true, installs Config Syncer operator as critical addon | false | -| logLevel | Log level for operator | 3 | -| annotations | Annotations applied to operator deployment | {} | -| podAnnotations | Annotations passed to operator pod(s). | {} | -| nodeSelector | Node labels for pod assignment | {} | -| tolerations | Tolerations for pod assignment | [] | -| affinity | Affinity rules for pod assignment | {} | -| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | -| apiserver.securePort | Port used by Config Syncer server | "8443" | -| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | -| apiserver.healthcheck.enabled | healthcheck configures the readiness and liveliness probes for the operator pod. | false | -| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | -| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of Config Syncer server. | "" | -| apiserver.servingCerts.serverCrt | Serving certficate used by Config Syncer server. | "" | -| apiserver.servingCerts.serverKey | Private key for the serving certificate used by Config Syncer server. | "" | -| enableAnalytics | If true, sends usage analytics | true | -| config.clusterName | Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. so that you can distinguish notifications sent by kubed | unicorn | -| config.configSourceNamespace | If set, configmaps and secrets from only this namespace will be synced | "" | -| config.kubeconfigContent | kubeconfig file content for configmap and secret syncer | "" | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --values values.yaml -``` diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/doc.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/doc.yaml deleted file mode 100644 index e3b2d7fae6..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/doc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -project: - name: Config Syncer by AppsCode - shortName: Config Syncer - url: https://github.com/kubeops/config-syncer - description: A Kubernetes cluster manager daemon - app: a Config Syncer operator -repository: - url: https://charts.appscode.com/stable/ - name: appscode -chart: - name: kubed - values: "-- generate from values file --" - valuesExample: "-- generate from values file --" -prerequisites: -- Kubernetes 1.11+ -release: - name: kubed - namespace: kube-system diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/NOTES.txt b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/NOTES.txt deleted file mode 100644 index aa9281fa09..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that Config Syncer has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubed.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/_helpers.tpl b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/_helpers.tpl deleted file mode 100644 index cbdcb8c0df..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/_helpers.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kubed.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubed.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubed.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kubed.labels" -}} -helm.sh/chart: {{ include "kubed.chart" . }} -{{ include "kubed.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kubed.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kubed.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kubed.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "kubed.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ .Values.operator.registry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/apiregistration.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/apiregistration.yaml deleted file mode 100644 index fcbf02a361..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/apiregistration.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- $serverCrt := "" }} -{{- $serverKey := "" }} -{{- if .Values.apiserver.servingCerts.generate }} -{{- $ca := genCA "ca" 3650 }} -{{- $cn := include "kubed.fullname" . -}} -{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} -{{- $serverCrt = b64enc $server.Cert }} -{{- $serverKey = b64enc $server.Key }} -{{- else }} -{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} -{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} -{{- end }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -type: Opaque -data: - tls.crt: {{ $serverCrt }} - tls.key: {{ $serverKey }} ---- -# to read the config for terminating authentication -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-extension-server-authentication-reader - namespace: kube-system - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# to delegate authentication and authorization -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-auth-delegator - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml deleted file mode 100644 index 8ea05646a5..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubed.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role.yaml deleted file mode 100644 index 95e0147902..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/cluster-role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["get", "create", "patch", "delete", "list", "watch"] -- apiGroups: [""] - resources: - - namespaces - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - nodes - verbs: ["list"] -- apiGroups: [""] - resources: - - events - verbs: ["create"] diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/deployment.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/deployment.yaml deleted file mode 100644 index 77efce771c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} -{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} -{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "kubed.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kubed.selectorLabels" . | nindent 8 }} - annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/apiregistration.yaml") . | sha256sum }} - {{- if $criticalAddon }} - scheduler.alpha.kubernetes.io/critical-pod: '' - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "kubed.serviceAccountName" . }} - containers: - - name: kubed - securityContext: - {{- toYaml .Values.operator.securityContext | nindent 10 }} - image: {{ template "registry-url" . }}{{ .Values.operator.repository }}:{{ .Values.operator.tag }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - run - - --v={{ .Values.logLevel }} - - --secure-port={{ default "8443" .Values.apiserver.securePort }} - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key - - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} - - --enable-analytics={{ .Values.enableAnalytics }} - {{- with .Values.config.clusterName }} - - --cluster-name={{ . }} - {{- end }} - {{- with .Values.config.configSourceNamespace }} - - --config-source-namespace={{ . }} - {{- end }} - {{- if .Values.config.kubeconfigContent }} - - --kubeconfig-file=/srv/kubed/kubeconfig - {{- end }} - {{- range .Values.config.additionalOptions }} - - {{ . }} - {{- end }} - ports: - - containerPort: {{ default "8443" .Values.apiserver.securePort }} - {{- if .Values.apiserver.healthcheck.enabled }} - readinessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - livenessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - {{- end }} - resources: - {{- toYaml .Values.operator.resources | nindent 10 }} - volumeMounts: - - name: config - mountPath: /srv/kubed - - name: scratch - mountPath: /tmp - - mountPath: /var/serving-cert - name: serving-cert - volumes: - - name: config - secret: - secretName: {{ template "kubed.fullname" . }} - - name: scratch - emptyDir: {} - - name: serving-cert - secret: - defaultMode: 420 - secretName: {{ template "kubed.fullname" . }}-apiserver-cert - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if $criticalAddon }} - - key: CriticalAddonsOnly - operator: Exists - {{- end -}} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - {{- if $criticalAddon }} - priorityClassName: system-cluster-critical - {{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/secret.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/secret.yaml deleted file mode 100644 index a980ae34b4..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -data: - {{- if .Values.config.kubeconfigContent }} - kubeconfig: {{ .Values.config.kubeconfigContent | trim | b64enc | quote }} - {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/service.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/service.yaml deleted file mode 100644 index 95b76cf645..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -spec: - ports: - # Port used to expose admission webhook apiserver - - name: api - port: 443 - targetPort: {{ default "8443" .Values.apiserver.securePort }} - selector: - {{- include "kubed.selectorLabels" . | nindent 4 }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/serviceaccount.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/serviceaccount.yaml deleted file mode 100644 index 96f9c84c1b..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/values.yaml b/charts/epinio/102.0.1+up1.6.2/charts/kubed/values.yaml deleted file mode 100644 index 0be091855c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/kubed/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# Default values for kubed. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Overrides name template -nameOverride: "" -# Overrides fullname template -fullnameOverride: "" - -# Number of Config Syncer operator replicas to create (only 1 is supported) -replicaCount: 1 - -operator: - # Config Syncer operator container image - repository: rancher/mirrored-appscode-kubed - # Config Syncer operator container image tag - tag: v0.13.2 - # Compute Resources required by the operator container - resources: {} - # Security options the operator container should run with - securityContext: {} - -# Specify an array of imagePullSecrets. -# Secrets must be manually created in the namespace. -# -# Example: -# helm template charts/kubed \ -# --set imagePullSecrets[0].name=sec0 \ -# --set imagePullSecrets[1].name=sec1 -imagePullSecrets: [] - -# Container image pull policy -imagePullPolicy: IfNotPresent - -# If true, installs Config Syncer operator as critical addon -criticalAddon: false - -# Log level for operator -logLevel: 3 - -# Annotations applied to operator deployment -annotations: {} - -# Annotations passed to operator pod(s). -podAnnotations: {} - -# Node labels for pod assignment -nodeSelector: {} - -# Tolerations for pod assignment -tolerations: [] - -# Affinity rules for pod assignment -affinity: {} - -# Security options the operator pod should run with. -podSecurityContext: # +doc-gen:break - # ensure that s/a token is readable xref: https://issues.k8s.io/70679 - fsGroup: 65535 - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -apiserver: - # Port used by Config Syncer server - securePort: "8443" - # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) - useKubeapiserverFqdnForAks: true - healthcheck: - # healthcheck configures the readiness and liveliness probes for the operator pod. - enabled: false - servingCerts: - # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) - # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. - generate: true - # CA certficate used by serving certificate of Config Syncer server. - caCrt: "" - # Serving certficate used by Config Syncer server. - serverCrt: "" - # Private key for the serving certificate used by Config Syncer server. - serverKey: "" - -# If true, sends usage analytics -enableAnalytics: true - -config: - # Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. - # so that you can distinguish notifications sent by kubed - clusterName: unicorn - # If set, configmaps and secrets from only this namespace will be synced - configSourceNamespace: "" - # kubeconfig file content for configmap and secret syncer - kubeconfigContent: "" -# additionalOptions: -# - --authentication-skip-lookup diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/.helmignore b/charts/epinio/102.0.1+up1.6.2/charts/minio/.helmignore deleted file mode 100644 index a9fe727881..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS \ No newline at end of file diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/Chart.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/Chart.yaml deleted file mode 100644 index 55ed285672..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: RELEASE.2022-12-12T19-27-27Z -description: Multi-Cloud Object Storage -home: https://min.io -icon: https://min.io/resources/img/logo/MINIO_wordmark.png -keywords: -- minio -- storage -- object-storage -- s3 -- cluster -maintainers: -- email: dev@minio.io - name: MinIO, Inc -name: minio -sources: -- https://github.com/minio/minio -version: 5.0.4 diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/README.md b/charts/epinio/102.0.1+up1.6.2/charts/minio/README.md deleted file mode 100644 index 6de4fb16b3..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/README.md +++ /dev/null @@ -1,260 +0,0 @@ -# MinIO Helm Chart - -[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE) - -MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. - -For more detailed documentation please visit [here](https://min.io/docs/minio/linux/index.html) - -## Introduction - -This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Helm cli with Kubernetes cluster configured. -- PV provisioner support in the underlying infrastructure. (We recommend using ) -- Use Kubernetes version v1.19 and later for best experience. - -## Configure MinIO Helm repo - -```bash -helm repo add minio https://charts.min.io/ -``` - -### Installing the Chart - -Install this chart using: - -```bash -helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio -``` - -The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Installing the Chart (toy-setup) - -Minimal toy setup for testing purposes can be deployed using: - -```bash -helm install --set resources.requests.memory=512Mi --set replicas=1 --set persistence.enabled=false --set mode=standalone --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio -``` - -### Upgrading the Chart - -You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: - -```bash -helm get values my-release > old_values.yaml -``` - -Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using - -```bash -helm upgrade -f old_values.yaml my-release minio/minio -``` - -Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. - -### Configuration - -Refer the [Values file](./values.yaml) for all the possible config fields. - -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install --name my-release --set persistence.size=1Ti minio/minio -``` - -The above command deploys MinIO server with a 1Ti backing persistent volume. - -Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, - -```bash -helm install --name my-release -f values.yaml minio/minio -``` - -### Persistence - -This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: - -```bash -helm install --set persistence.enabled=false minio/minio -``` - -> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* - -### Existing PersistentVolumeClaim - -If a Persistent Volume Claim already exists, specify it during installation. - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```bash -helm install --set persistence.existingClaim=PVC_NAME minio/minio -``` - -### NetworkPolicy - -To enable network policy for MinIO, -install [a networking plugin that implements the Kubernetes -NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), -and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: - -``` -kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 9000. - -For more precise policy, set `networkPolicy.allowExternal=true`. This will -only allow pods with the generated client label to connect to MinIO. -This label will be displayed in the output of a successful install. - -### Existing secret - -Instead of having this chart create the secret for you, you can supply a preexisting secret, much -like an existing PersistentVolumeClaim. - -First, create the secret: - -```bash -kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux -``` - -Then install the chart, specifying that you want to use an existing secret: - -```bash -helm install --set existingSecret=my-minio-secret minio/minio -``` - -The following fields are expected in the secret: - -| .data.\ in Secret | Corresponding variable | Description | Required | -|:------------------------|:-----------------------|:---------------|:---------| -| `rootUser` | `rootUser` | Root user. | yes | -| `rootPassword` | `rootPassword` | Root password. | yes | - -All corresponding variables will be ignored in values file. - -### Configure TLS - -To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using - -```bash -kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt -``` - -Then install the chart, specifying that you want to use the TLS secret: - -```bash -helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio -``` - -### Installing certificates from third party CAs - -MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. - -For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt -``` - -If TLS is not enabled, you would need only the third party CA: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt -``` - -The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter: - -``` -trustedCertsSecret: "minio-trusted-certs" - -or - ---set trustedCertsSecret=minio-trusted-certs -``` - -### Create buckets after install - -Install the chart, specifying the buckets you want to create after install: - -```bash -helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio -``` - -Description of the configuration parameters used above - - -- `buckets[].name` - name of the bucket to create, must be a string with length > 0 -- `buckets[].policy` - can be one of none|download|upload|public -- `buckets[].purge` - purge if bucket exists already - -### Create policies after install - -Install the chart, specifying the policies you want to create after install: - -```bash -helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio -``` - -Description of the configuration parameters used above - - -- `policies[].name` - name of the policy to create, must be a string with length > 0 -- `policies[].statements[]` - list of statements, includes actions and resources -- `policies[].statements[].resources[]` - list of resources that applies the statement -- `policies[].statements[].actions[]` - list of actions granted - -### Create user after install - -Install the chart, specifying the users you want to create after install: - -```bash -helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio -``` - -Description of the configuration parameters used above - - -- `users[].accessKey` - accessKey of user -- `users[].secretKey` - secretKey of usersecretRef -- `users[].existingSecret` - secret name that contains the secretKey of user -- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey -- `users[].policy` - name of the policy to assign to user - -### Create service account after install - -Install the chart, specifying the service accounts you want to create after install: - -```bash -helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio -``` - -Description of the configuration parameters used above - - -- `svcaccts[].accessKey` - accessKey of service account -- `svcaccts[].secretKey` - secretKey of svcacctsecretRef -- `svcaccts[].existingSecret` - secret name that contains the secretKey of service account -- `svcaccts[].existingSecretKey` - data key in existingSecret secret containing the secretKey -- `svcaccts[].user` - name of the parent user to assign to service account - -## Uninstalling the Chart - -Assuming your release is named as `my-release`, delete it using the command: - -```bash -helm delete my-release -``` - -or - -```bash -helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/NOTES.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/NOTES.txt deleted file mode 100644 index 7051b1e62c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/NOTES.txt +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.service.type "ClusterIP" "NodePort" }} -MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: -{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access MinIO from localhost, run the below commands: - - 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - - 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} - -Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ - -You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }}-local - -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} -MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: -kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} - -Note that the public IP may take a couple of minutes to be available. - -You can now access MinIO server on http://:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }} - -Alternately, you can use your browser or the MinIO SDK to access the server - https://min.io/docs/minio/linux/reference/minio-server/minio-server.html -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label -{{ template "minio.fullname" . }}-client=true" -will be able to connect to this minio cluster. -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_bucket.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_bucket.txt deleted file mode 100644 index 90755aa5e6..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_bucket.txt +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkBucketExists ($bucket) -# Check if the bucket exists, by using the exit code of `mc ls` -checkBucketExists() { - BUCKET=$1 - CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) - return $? -} - -# createBucket ($bucket, $policy, $purge) -# Ensure bucket exists, purging if asked to -createBucket() { - BUCKET=$1 - POLICY=$2 - PURGE=$3 - VERSIONING=$4 - OBJECTLOCKING=$5 - - # Purge the bucket, if set & exists - # Since PURGE is user input, check explicitly for `true` - if [ $PURGE = true ]; then - if checkBucketExists $BUCKET ; then - echo "Purging bucket '$BUCKET'." - set +e ; # don't exit if this fails - ${MC} rm -r --force myminio/$BUCKET - set -e ; # reset `e` as active - else - echo "Bucket '$BUCKET' does not exist, skipping purge." - fi - fi - -# Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) -if ! checkBucketExists $BUCKET ; then - if [ ! -z $OBJECTLOCKING ] ; then - if [ $OBJECTLOCKING = true ] ; then - echo "Creating bucket with OBJECTLOCKING '$BUCKET'" - ${MC} mb --with-lock myminio/$BUCKET - elif [ $OBJECTLOCKING = false ] ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - fi - elif [ -z $OBJECTLOCKING ] ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - else - echo "Bucket '$BUCKET' already exists." - fi - fi - - - # set versioning for bucket if objectlocking is disabled or not set - if [ -z $OBJECTLOCKING ] ; then - if [ ! -z $VERSIONING ] ; then - if [ $VERSIONING = true ] ; then - echo "Enabling versioning for '$BUCKET'" - ${MC} version enable myminio/$BUCKET - elif [ $VERSIONING = false ] ; then - echo "Suspending versioning for '$BUCKET'" - ${MC} version suspend myminio/$BUCKET - fi - fi - else - echo "Bucket '$BUCKET' versioning unchanged." - fi - - - # At this point, the bucket should exist, skip checking for existence - # Set policy on the bucket - echo "Setting policy of bucket '$BUCKET' to '$POLICY'." - ${MC} anonymous set $POLICY myminio/$BUCKET -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.buckets }} -{{ $global := . }} -# Create the buckets -{{- range .Values.buckets }} -createBucket {{ tpl .name $global }} {{ .policy | default "none" | quote }} {{ .purge | default false }} {{ .versioning | default false }} {{ .objectlocking | default false }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_policy.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_policy.txt deleted file mode 100644 index d565b161e3..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_policy.txt +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkPolicyExists ($policy) -# Check if the policy exists, by using the exit code of `mc admin policy info` -checkPolicyExists() { - POLICY=$1 - CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) - return $? -} - -# createPolicy($name, $filename) -createPolicy () { - NAME=$1 - FILENAME=$2 - - # Create the name if it does not exist - echo "Checking policy: $NAME (in /config/$FILENAME.json)" - if ! checkPolicyExists $NAME ; then - echo "Creating policy '$NAME'" - else - echo "Policy '$NAME' already exists." - fi - ${MC} admin policy add myminio $NAME /config/$FILENAME.json - -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.policies }} -# Create the policies -{{- range $idx, $policy := .Values.policies }} -createPolicy {{ $policy.name }} policy_{{ $idx }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt deleted file mode 100644 index 285d50cfe4..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_svcacct.txt +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. -# Special characters for example : ',",<,>,{,} -MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp" - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 2 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkSvcacctExists () -# Check if the svcacct exists, by using the exit code of `mc admin user svcacct info` -checkSvcacctExists() { - CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) - return $? -} - -# createSvcacct ($user) -createSvcacct () { - USER=$1 - FILENAME=$2 - #check accessKey_and_secretKey_tmp file - if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then - echo "credentials file does not exist" - return 1 - fi - if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then - echo "credentials file is invalid" - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - return 1 - fi - SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) - # Create the svcacct if it does not exist - if ! checkSvcacctExists ; then - echo "Creating svcacct '$SVCACCT'" - # Check if policy file is define - if [ -z $FILENAME ]; then - ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER - else - ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER - fi - else - echo "Svcacct '$SVCACCT' already exists." - fi - #clean up credentials files. - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.svcaccts }} -{{ $global := . }} -# Create the svcaccts -{{- range $idx, $svc := .Values.svcaccts }} -echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- if .existingSecret }} -cat /config/secrets/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -# Add a new line if it doesn't exist -sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP -{{ else }} -echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- end }} -{{- if $svc.policy}} -createSvcacct {{ .user }} svc_policy_{{ $idx }} -{{ else }} -createSvcacct {{ .user }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_user.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_user.txt deleted file mode 100644 index ea2b3b675c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_create_user.txt +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. -# Special characters for example : ',",<,>,{,} -MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# checkUserExists () -# Check if the user exists, by using the exit code of `mc admin user info` -checkUserExists() { - CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) - return $? -} - -# createUser ($policy) -createUser() { - POLICY=$1 - #check accessKey_and_secretKey_tmp file - if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then - echo "credentials file does not exist" - return 1 - fi - if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then - echo "credentials file is invalid" - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - return 1 - fi - USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) - # Create the user if it does not exist - if ! checkUserExists ; then - echo "Creating user '$USER'" - cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio - else - echo "User '$USER' already exists." - fi - #clean up credentials files. - rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP - - # set policy for user - if [ ! -z $POLICY -a $POLICY != " " ] ; then - echo "Adding policy '$POLICY' for '$USER'" - ${MC} admin policy set myminio $POLICY user=$USER - else - echo "User '$USER' has no policy attached." - fi -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.users }} -{{ $global := . }} -# Create the users -{{- range .Values.users }} -echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP -{{- if .existingSecret }} -cat /config/secrets/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -# Add a new line if it doesn't exist -sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP -createUser {{ .policy }} -{{ else }} -echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP -createUser {{ .policy }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_custom_command.txt b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_custom_command.txt deleted file mode 100644 index b583a7782f..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_custom_command.txt +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# runCommand ($@) -# Run custom mc command -runCommand() { - ${MC} "$@" - return $? -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.customCommands }} -# Run custom commands -{{- range .Values.customCommands }} -runCommand {{ .command }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_policy.tpl b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_policy.tpl deleted file mode 100644 index f2150530b4..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helper_policy.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{- $statements_length := len .statements -}} -{{- $statements_length := sub $statements_length 1 -}} -{ - "Version": "2012-10-17", - "Statement": [ -{{- range $i, $statement := .statements }} - { - "Effect": "Allow", - "Action": [ -"{{ $statement.actions | join "\",\n\"" }}" - ]{{ if $statement.resources }}, - "Resource": [ -"{{ $statement.resources | join "\",\n\"" }}" - ]{{ end }} -{{- if $statement.conditions }} -{{- $condition_len := len $statement.conditions }} -{{- $condition_len := sub $condition_len 1 }} - , - "Condition": { - {{- range $k,$v := $statement.conditions }} - {{- range $operator,$object := $v }} - "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }} - {{- end }}{{- end }} - }{{- end }} - }{{ if lt $i $statements_length }},{{end }} -{{- end }} - ] -} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/configmap.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/configmap.yaml deleted file mode 100644 index 54d56772cd..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/configmap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - initialize: |- -{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} - add-user: |- -{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} - add-policy: |- -{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} -{{- range $idx, $policy := .Values.policies }} - # Policy: {{ $policy.name }} - policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} -{{ end }} -{{- range $idx, $svc := .Values.svcaccts }} -{{- if $svc.policy }} - # SVC: {{ $svc.accessKey }} - svc_policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") .policy | indent 4 }} -{{- end }} -{{ end }} - add-svcacct: |- -{{ include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | indent 4 }} - custom-command: |- -{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-service.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-service.yaml deleted file mode 100644 index 46da359744..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-console - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.consoleService.annotations }} - annotations: -{{ toYaml .Values.consoleService.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} - type: ClusterIP - {{- if not (empty .Values.consoleService.clusterIP) }} - clusterIP: {{ .Values.consoleService.clusterIP }} - {{end}} -{{- else if eq .Values.consoleService.type "LoadBalancer" }} - type: {{ .Values.consoleService.type }} - loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} -{{- else }} - type: {{ .Values.consoleService.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.consoleService.port }} - protocol: TCP -{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} - nodePort: {{ .Values.consoleService.nodePort }} -{{- else }} - targetPort: {{ .Values.minioConsolePort }} -{{- end}} -{{- if .Values.consoleService.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.consoleService.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/deployment.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/deployment.yaml deleted file mode 100644 index 3dd0904c0b..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/deployment.yaml +++ /dev/null @@ -1,205 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -apiVersion: {{ template "minio.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - strategy: - type: {{ .Values.DeploymentUpdate.type }} - {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} - rollingUpdate: - maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} - maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} - replicas: 1 - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: "{{ .Values.runtimeClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - "/bin/sh" - - "-ce" - - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" - volumeMounts: - - name: minio-user - mountPath: "/tmp/credentials" - readOnly: true - - name: export - mountPath: {{ .Values.mountPath }} - {{- if and .Values.persistence.enabled .Values.persistence.subPath }} - subPath: "{{ .Values.persistence.subPath }}" - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.oidc.enabled }} - - name: MINIO_IDENTITY_OPENID_CONFIG_URL - value: {{ .Values.oidc.configUrl }} - - name: MINIO_IDENTITY_OPENID_CLIENT_ID - value: {{ .Values.oidc.clientId }} - - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - value: {{ .Values.oidc.clientSecret }} - - name: MINIO_IDENTITY_OPENID_CLAIM_NAME - value: {{ .Values.oidc.claimName }} - - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - value: {{ .Values.oidc.claimPrefix }} - - name: MINIO_IDENTITY_OPENID_SCOPES - value: {{ .Values.oidc.scopes }} - - name: MINIO_IDENTITY_OPENID_REDIRECT_URI - value: {{ .Values.oidc.redirectUri }} - - name: MINIO_IDENTITY_OPENID_COMMENT - value: {{ .Values.oidc.comment }} - {{- end}} - {{- if .Values.etcd.endpoints }} - - name: MINIO_ETCD_ENDPOINTS - value: {{ join "," .Values.etcd.endpoints | quote }} - {{- if .Values.etcd.clientCert }} - - name: MINIO_ETCD_CLIENT_CERT - value: "/tmp/credentials/etcd_client_cert.pem" - {{- end }} - {{- if .Values.etcd.clientCertKey }} - - name: MINIO_ETCD_CLIENT_CERT_KEY - value: "/tmp/credentials/etcd_client_cert_key.pem" - {{- end }} - {{- if .Values.etcd.pathPrefix }} - - name: MINIO_ETCD_PATH_PREFIX - value: {{ .Values.etcd.pathPrefix }} - {{- end }} - {{- if .Values.etcd.corednsPathPrefix }} - - name: MINIO_ETCD_COREDNS_PATH - value: {{ .Values.etcd.corednsPathPrefix }} - {{- end }} - {{- end }} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: export - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/ingress.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/ingress.yaml deleted file mode 100644 index 8d9a837dc8..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "minio.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "minio.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.ingress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml deleted file mode 100644 index 8037eb7430..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: minio - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} -spec: - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - selector: - matchLabels: - app: {{ template "minio.name" . }} -{{- end }} \ No newline at end of file diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/post-job.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/post-job.yaml deleted file mode 100644 index 684e639405..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/post-job.yaml +++ /dev/null @@ -1,230 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-post-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-post-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - {{- with .Values.postJob.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - {{- if .Values.postJob.podAnnotations }} - annotations: - {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} - {{- end }} - spec: - restartPolicy: OnFailure - {{- include "minio.imagePullSecrets" . | nindent 6 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - {{- with .Values.postJob.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.postJob.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.postJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.postJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.postJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.postJob.securityContext.fsGroup }} - {{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- range .Values.users }} - {{- if .existingSecret }} - - secret: - name: {{ tpl .existingSecret $ }} - items: - - key: {{ .existingSecretKey }} - path: secrets/{{ tpl .existingSecretKey $ }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - {{- if .Values.buckets }} - - name: minio-make-bucket - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeBucketJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeBucketJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/initialize" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.users }} - - name: minio-make-user - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeUserJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeUserJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/add-user" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeUserJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.policies }} - - name: minio-make-policy - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makePolicyJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/add-policy" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.customCommands }} - - name: minio-custom-command - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.customCommandJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.customCommandJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/custom-command; EV=$?; {{ .Values.customCommandJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/custom-command" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.customCommandJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.svcaccts }} - - name: minio-make-svcacct - image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeServiceAccountJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeServiceAccountJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeServiceAccountJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeServiceAccountJob.securityContext.fsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeServiceAccountJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: ["/bin/sh /config/add-svcacct; EV=$?; {{ .Values.makeServiceAccountJob.exitCommand }} && exit $EV" ] - {{- else }} - command: ["/bin/sh", "/config/add-svcacct"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} - {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml deleted file mode 100644 index 4bac7e3728..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/securitycontextconstraints.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: false -allowedCapabilities: [] -readOnlyRootFilesystem: false -defaultAddCapabilities: [] -requiredDropCapabilities: -- KILL -- MKNOD -- SETUID -- SETGID -fsGroup: - type: MustRunAs - ranges: - - max: {{ .Values.securityContext.fsGroup }} - min: {{ .Values.securityContext.fsGroup }} -runAsUser: - type: MustRunAs - uid: {{ .Values.securityContext.runAsUser }} -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- projected -- secret -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/serviceaccount.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index 6a4bd94b3d..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/servicemonitor.yaml b/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/servicemonitor.yaml deleted file mode 100644 index 955273b526..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/servicemonitor.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "minio.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -{{- if .Values.metrics.serviceMonitor.annotations }} - annotations: -{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - endpoints: - {{- if .Values.tls.enabled }} - - port: https - scheme: https - tlsConfig: - ca: - secret: - name: {{ .Values.tls.certSecret }} - key: {{ .Values.tls.publicCrt }} - serverName: {{ template "minio.fullname" . }} - {{ else }} - - port: http - scheme: http - {{- end }} - path: /minio/v2/metrics/node - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelConfigs }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} - {{- end }} - {{- if not .Values.metrics.serviceMonitor.public }} - bearerTokenSecret: - name: {{ template "minio.fullname" . }}-prometheus - key: token - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: - app: {{ include "minio.name" . }} - release: {{ .Release.Name }} - monitoring: "true" -{{- end }} -{{- if .Values.metrics.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: Probe -metadata: - name: {{ template "minio.fullname" . }}-cluster - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - jobName: {{ template "minio.fullname" . }} - {{- if .Values.tls.enabled }} - tlsConfig: - ca: - secret: - name: {{ .Values.tls.certSecret }} - key: {{ .Values.tls.publicCrt }} - serverName: {{ template "minio.fullname" . }} - {{- end }} - prober: - url: {{ template "minio.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} - path: /minio/v2/metrics/cluster - {{- if .Values.tls.enabled }} - scheme: https - {{ else }} - scheme: http - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }} - {{- end }} - targets: - staticConfig: - static: - - {{ template "minio.fullname" . }}.{{ .Release.Namespace }} - {{- if not .Values.metrics.serviceMonitor.public }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - bearerTokenSecret: - name: {{ template "minio.fullname" . }}-prometheus - key: token - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/questions.yml b/charts/epinio/102.0.1+up1.6.2/questions.yml deleted file mode 100644 index a62b17d946..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/questions.yml +++ /dev/null @@ -1,171 +0,0 @@ -questions: -- variable: global.rbac.pspEnabled - default: "false" - description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false." - label: "Enable PodSecurityPolicies" - type: boolean - group: "Security Settings" -- variable: email - label: Email - description: "Email to use for getting notifications about your certificates" - type: string - required: false - group: "General settings" -- variable: certManagerNamespace - label: Cert-manager namespace - description: "Namespace where cert-manager is installed in" - type: string - required: false - group: "Advanced settings" -- variable: ingress.ingressClassName - label: Ingress class name for the server - description: "Set a class name to select the ingress controller you want to use for the server" - type: string - group: "Advanced settings" -- variable: server.ingressClassName - label: Ingress class name for apps - description: "Set a class name to select the ingress controller you want to use for your apps" - type: string - group: "Advanced settings" -- variable: server.disableTracking - label: Disable tracking - description: "Disable tracking of the running Epinio and Kubernetes versions" - type: boolean - group: "Advanced settings" -- variable: serviceCatalog.enableDevServices - label: Enable catalog services for development - default: "true" - description: "Enables services in the Epinio service catalog, meant to be used in development (because they are running in-cluster)" - type: boolean - group: "Advanced settings" -- variable: useCustomTlsIssuer - label: Use your own TLS issuer - default: "false" - description: "Use your own TLS issuer" - type: boolean - group: "General settings" - show_subquestion_if: true - subquestions: - - variable: customTlsIssuer - label: TLS issuer - description: "Name of the cluster issuer to use" - type: string - required: false -- variable: global.tlsIssuer - show_if: "useCustomTlsIssuer=false" - label: TLS issuer - description: "Name of the predefined cluster issuer to use" - type: enum - required: false - group: "General settings" - options: - - "epinio-ca" - - "selfsigned-issuer" - - "letsencrypt-production" -- variable: api.username - label: API username - description: "The user name for authenticating all API requests" - type: string - required: false - group: "General settings" -- variable: api.passwordBcrypt - label: API password - description: "The password for authenticating all API requests (hashed with Bcrypt)" - type: password - required: false - group: "General settings" -- variable: global.domain - label: Domain - description: "Domain for the application" - type: string - required: true - group: "General settings" -- variable: server.accessControlAllowOrigin - label: Access control allow origin - description: "Domain which serves the Rancher UI (to access the API)" - type: string - required: false - group: "General settings" -- variable: kubed.enabled - label: Install kubed - description: "Deploy kubed or skip it if you get it installed already" - type: boolean - group: "Advanced settings" -- variable: containerregistry.enabled - description: "Disable local container registry to configure an external registry." - label: Install local container registry - type: boolean - show_subquestion_if: false - group: "External registry" - subquestions: - - variable: global.registryURL - label: External registry url - description: "URL of your external registry" - type: string - required: false - - variable: global.registryUsername - label: External registry username - description: "Username to authenticate to the external registry" - type: string - required: false - - variable: global.registryPassword - label: External registry password - description: "Password to authenticate to the external registry" - type: password - required: false - - variable: global.registryNamespace - label: External registry namespace - description: "The organization part of the registry path for an external registry where you have push access" - type: string - required: false -- variable: minio.enabled - label: Install Minio - description: "Disable Minio to configure an external s3 storage." - type: boolean - show_subquestion_if: false - group: "External S3 storage" - subquestions: - - variable: s3.endpoint - label: S3 endpoint - description: "Endpoint of your S3 storage" - type: string - required: false - - variable: s3.accessKeyID - label: S3 access key id - description: "Access key id to authenticate to your S3 storage" - type: string - required: false - - variable: s3.secretAccessKey - label: S3 access key secret - description: "Secret access key to authenticate to your S3 storage" - type: password - required: false - - variable: s3.bucket - label: S3 bucket - description: "Bucket of your S3 storage" - type: string - required: false - - variable: s3.region - label: S3 region - description: "Region of your S3 storage" - type: string - required: false - - variable: s3.useSSL - label: S3 use SSL - type: boolean - required: false - - variable: s3.certificateSecret - label: Self signed certificate for S3 - description: Set it to an existing secret if s3 is using a self signed certificate - type: string - required: false -- variable: server.traceLevel - label: Epinio API Log Level - required: false - type: string - group: "Debugging" -- variable: server.timeoutMultiplier - label: Timeout Multiplier - required: false - type: string - group: "Debugging" diff --git a/charts/epinio/102.0.1+up1.6.2/templates/NOTES.txt b/charts/epinio/102.0.1+up1.6.2/templates/NOTES.txt deleted file mode 100644 index f0c1dd2bad..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -To interact with your Epinio installation download the latest epinio binary from https://github.com/epinio/epinio/releases/latest. - -Login to the cluster with any of -{{ range .Values.api.users }} - `epinio login -u {{ .username }} https://epinio.{{ $.Values.global.domain }}` -{{- end }} - -or go to the dashboard at: https://epinio.{{ .Values.global.domain }} - -If you didn't specify a password the default one is `password`. - -For more information about Epinio, feel free to checkout https://epinio.io/ and https://docs.epinio.io/. diff --git a/charts/epinio/102.0.1+up1.6.2/templates/_helpers.tpl b/charts/epinio/102.0.1+up1.6.2/templates/_helpers.tpl deleted file mode 100644 index 2784ae6c0e..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/_helpers.tpl +++ /dev/null @@ -1,179 +0,0 @@ -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} - -{{/* -URL of the registry epinio uses to store workload images -*/}} -{{- define "epinio.registry-url" -}} -{{- if .Values.containerregistry.enabled -}} -{{- printf "registry.%s.svc.cluster.local:5000" .Release.Namespace }} -{{- else -}} -{{- .Values.global.registryURL }} -{{- end -}} -{{- end -}} - -{{/* -URL of the minio epinio installed -*/}} -{{- define "epinio.minio-url" -}} -{{- if .Values.minio.enabled -}} -{{- printf "%s.%s.svc.cluster.local:9000" .Values.minio.fullnameOverride .Release.Namespace }} -{{- else -}} -{{- .Values.s3.endpoint }} -{{- end -}} -{{- end -}} - -{{/* -Host name of the minio epinio installed -*/}} -{{- define "epinio.minio-hostname" -}} -{{- printf "%s.%s.svc.cluster.local" .Values.minio.fullnameOverride .Release.Namespace }} -{{- end -}} - - -{{/* -PVC cleanup hooks for bitnami helm chart based catalog services -# https://github.com/epinio/epinio/issues/1386 -# https://docs.bitnami.com/kubernetes/apps/aspnet-core/administration/deploy-extra-resources/ -*/}} -{{- define "epinio.catalog-service-values" -}} -{{ printf ` -extraDeploy: - - | - # Create a service account, role and binding to allow to list, get and - # delete PVCs. It should be used by the job below. - - # To ensure the resources are deleted, use this annotation: - # - # annotations: - # "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - - # https://helm.sh/docs/topics/charts_hooks/#hook-resources-are-not-managed-with-corresponding-releases - # https://helm.sh/docs/topics/charts_hooks/#hook-deletion-policies - - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - - --- - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - kind: Role - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-6" - rules: - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - delete - - list - - --- - kind: RoleBinding - apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-5" - subjects: - - kind: ServiceAccount - name: "pvc-deleter-{{ .Release.Name }}" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "pvc-deleter-{{ .Release.Name }}" - - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": hook-succeeded - spec: - template: - metadata: - name: "pvc-deleter-{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - serviceAccountName: "pvc-deleter-{{ .Release.Name }}" - containers: - - name: post-install-job - image: "%s" - command: ["kubectl", "delete", "pvc", "-n", "{{ .Release.Namespace }}", "-l", "app.kubernetes.io/instance={{ .Release.Name }}"] -` (print (include "registry-url" .) .Values.image.kubectl.repository ":" .Values.image.kubectl.tag) | indent 4}} -{{- end -}} - -{{/* -Removes characters that are invalid for kubernetes resource names from the -given string -*/}} -{{- define "epinio-name-sanitize" -}} -{{ regexReplaceAll "[^-a-z0-9]*" . "" }} -{{- end }} - -{{/* -Resource name sanitization and truncation. -- Always suffix the sha1sum (40 characters long) -- Always add an "r" prefix to make sure we don't have leading digits -- The rest of the characters up to 63 are the original string with invalid -character removed. -*/}} -{{- define "epinio-truncate" -}} -{{ print "r" (trunc 21 (include "epinio-name-sanitize" .)) "-" (sha1sum .) }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/assets.yaml b/charts/epinio/102.0.1+up1.6.2/templates/assets.yaml deleted file mode 100644 index 3614c7a967..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/assets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: {{ .Release.Namespace }} - name: epinio-assets - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/name: epinio-assets - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: Opaque -data: -{{ (.Files.Glob "assets/*").AsSecrets | indent 2 }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/certificate.yaml b/charts/epinio/102.0.1+up1.6.2/templates/certificate.yaml deleted file mode 100644 index 0256415331..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/certificate.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - epinio.{{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }} - secretName: epinio-tls - -{{- if .Values.minio.enabled }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: minio-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ include "epinio.minio-hostname" . }} - issuerRef: - kind: ClusterIssuer - # We always trust the CA for minio so we can always use selfsigned certs - # Because Letsencrypt doesn't create certs for non public domains - name: epinio-ca - secretName: minio-tls - secretTemplate: - annotations: - kubed.appscode.com/sync: "kubed-s3-tls-from={{ .Release.Namespace }}" -{{- end }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ca - namespace: {{ .Values.certManagerNamespace }} -spec: - commonName: epinio-ca - isCA: true - issuerRef: - kind: ClusterIssuer - name: selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: epinio-ca-root diff --git a/charts/epinio/102.0.1+up1.6.2/templates/cluster-issuers.yaml b/charts/epinio/102.0.1+up1.6.2/templates/cluster-issuers.yaml deleted file mode 100644 index 319f81b537..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/cluster-issuers.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Self-signed issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} - ---- -# Let's encrypt production issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - email: {{ .Values.email }} - preferredChain: "" - privateKeySecretRef: - name: letsencrypt-production - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - {{- if .Values.ingress.ingressClassName }} - class: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - ingressTemplate: - metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - ---- -# Private CA (epinio-ca) issuer -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: epinio-ca -spec: - ca: - secretName: epinio-ca-root - diff --git a/charts/epinio/102.0.1+up1.6.2/templates/container-registry.yaml b/charts/epinio/102.0.1+up1.6.2/templates/container-registry.yaml deleted file mode 100644 index c1099284bf..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/container-registry.yaml +++ /dev/null @@ -1,191 +0,0 @@ -{{- if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth - namespace: {{ .Release.Namespace }} -stringData: - # The only supported password format is bcrypt - htpasswd: {{ htpasswd .Values.global.registryUsername .Values.global.registryPassword | quote }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-registry - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - registry.{{ .Release.Namespace }}.svc.cluster.local - ipAddresses: - - 127.0.0.1 - issuerRef: - kind: ClusterIssuer - name: epinio-ca - secretName: epinio-registry-tls - ---- -apiVersion: v1 -kind: Service -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry - port: 5000 - targetPort: 5000 - -{{ if .Values.containerregistry.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: registry-node - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - type: NodePort - selector: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - ports: - - name: registry-sidecar - port: 30500 - targetPort: 30500 - nodePort: 30500 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: {{ .Release.Namespace }} -data: - nginx.conf: | - server { - listen 30500 default_server; - server_name 127.0.0.1; - - location / { - proxy_pass https://localhost:5000/; - } - } -{{- end }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - template: - metadata: - labels: - app.kubernetes.io/name: "epinio-registry" - app.kubernetes.io/instance: "epinio-registry" - spec: - containers: -{{ if .Values.containerregistry.enabled }} - - name: nginx - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.nginx.repository}}:{{ .Values.containerregistry.image.nginx.tag }}" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - tcpSocket: - port: 5000 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - tcpSocket: - port: 5000 - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /var/cache/nginx/ - name: nginx-run - - mountPath: /var/run/ - name: nginx-run -{{- end }} - - name: registry - image: "{{ template "registry-url" . }}{{ .Values.containerregistry.image.registry.repository}}:{{ .Values.containerregistry.image.registry.tag }}" - imagePullPolicy: {{ .Values.containerregistry.imagePullPolicy }} - env: - - name: REGISTRY_AUTH - value: htpasswd - - name: REGISTRY_AUTH_HTPASSWD_REALM - value: Registry Realm - - name: REGISTRY_AUTH_HTPASSWD_PATH - value: /etc/registry/auth/htpasswd - - name: REGISTRY_HTTP_TLS_CERTIFICATE - value: "/certs/tls.crt" - - name: REGISTRY_HTTP_TLS_KEY - value: "/certs/tls.key" - volumeMounts: - - name: registry - mountPath: /var/lib/registry - readOnly: false - - name: auth - mountPath: /etc/registry/auth - readOnly: true - - name: certs - mountPath: /certs - readOnly: true - securityContext: - runAsUser: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - livenessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - port: 5000 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: registry - emptyDir: {} - - name: auth - secret: - secretName: auth - - name: certs - secret: - secretName: epinio-registry-tls -{{ if .Values.containerregistry.enabled }} - - name: nginx-conf - configMap: - name: nginx-conf - - name: nginx-cache - emptyDir: {} - - name: nginx-run - emptyDir: {} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/default-app-chart.yaml b/charts/epinio/102.0.1+up1.6.2/templates/default-app-chart.yaml deleted file mode 100644 index 6c7b13928c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/default-app-chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: application.epinio.io/v1 -kind: AppChart -metadata: - namespace: {{ .Release.Namespace }} - name: standard - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-standard-app-chart - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} -spec: - shortDescription: Epinio standard deployment - description: Epinio standard support chart for application deployment - helmChart: /assets/epinio-application-0.1.24.tgz diff --git a/charts/epinio/102.0.1+up1.6.2/templates/default-user.yaml b/charts/epinio/102.0.1+up1.6.2/templates/default-user.yaml deleted file mode 100644 index 0929de38ae..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/default-user.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- range .Values.api.users }} ---- -apiVersion: v1 -kind: Secret -type: BasicAuth -metadata: - labels: - epinio.io/api-user-credentials: "true" - epinio.io/role: {{ .role }} - name: {{ include "epinio-truncate" (print "user-" .username) }} - namespace: {{ $.Release.Namespace }} -stringData: - username: {{ .username | quote }} - password: {{ .passwordBcrypt | quote }} - namespaces: | - {{ join "\n" .workspaces -}} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/dex.yaml b/charts/epinio/102.0.1+up1.6.2/templates/dex.yaml deleted file mode 100644 index 3f49f6684a..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/dex.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.dex.enabled -}} - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - annotations: - name: dex-config - namespace: {{ .Release.Namespace }} -stringData: - issuer: "https://auth.{{ .Values.global.domain }}" - endpoint: {{ printf "http://%s.%s.svc.cluster.local:5556" .Values.dex.fullnameOverride .Release.Namespace }} - config.yaml: |- - issuer: "https://auth.{{ .Values.global.domain }}" - storage: - type: kubernetes - config: - inCluster: true - enablePasswordDB: true - staticPasswords: - - email: "admin@epinio.io" - # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2) - hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" - username: "admin" - userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" - - email: "epinio@epinio.io" - hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" - userID: "08a8684b-db88-4b73-90a9-3cd1661f5467" - - staticClients: - - id: epinio-api - name: 'Epinio API' - public: true - # The 'Epinio API' lets the 'Epinio cli' issue ID tokens on its behalf. - # https://dexidp.io/docs/custom-scopes-claims-clients/#cross-client-trust-and-authorized-party - trustedPeers: - - epinio-cli - - - id: epinio-cli - name: 'Epinio cli' - public: true - ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - labels: - epinio.io/api-user-credentials: "true" - epinio.io/role: "admin" - name: {{ include "epinio-truncate" (print "user-" "admin@epinio.io") }} - namespace: {{ .Release.Namespace }} -stringData: - username: "admin@epinio.io" - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dex - namespace: {{ .Release.Namespace }} - annotations: - cert-manager.io/cluster-issuer: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }} - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: "auth.{{ .Values.global.domain }}" - http: - paths: - - backend: - service: - name: dex - port: - number: 5556 - path: / - pathType: Prefix - tls: - - hosts: - - "auth.{{ .Values.global.domain }}" - secretName: dex-tls - -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/ingress.yaml b/charts/epinio/102.0.1+up1.6.2/templates/ingress.yaml deleted file mode 100644 index 29890c8ce2..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - nginx.ingress.kubernetes.io/ssl-redirect: {{ .Values.ingress.nginxSSLRedirect | quote }} - nginx.ingress.kubernetes.io/proxy-body-size: 100m - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - labels: - app.kubernetes.io/name: epinio - name: epinio - namespace: {{ .Release.Namespace }} -spec: - {{- if .Values.ingress.ingressClassName }} - ingressClassName: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - rules: - - host: "epinio.{{ .Values.global.domain }}" - http: - paths: - - backend: - service: - name: epinio-server - port: - number: 80 - path: /api - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /wapi - pathType: Prefix - - backend: - service: - name: epinio-server - port: - number: 80 - path: /ready - pathType: Exact - {{- if ".Values.epinio-ui.enabled" }} - - backend: - service: - name: epinio-ui - port: - number: 80 - path: / - pathType: Prefix - {{- end }} - tls: - - hosts: - - "epinio.{{ .Values.global.domain }}" - secretName: epinio-tls diff --git a/charts/epinio/102.0.1+up1.6.2/templates/registry-secret.yaml b/charts/epinio/102.0.1+up1.6.2/templates/registry-secret.yaml deleted file mode 100644 index 6539d35032..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/registry-secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - annotations: - epinio.io/registry-namespace: {{ .Values.global.registryNamespace }} - kubed.appscode.com/sync: kubed-sync=registry-creds - name: registry-creds - namespace: {{ .Release.Namespace }} -stringData: - .dockerconfigjson: |- - { - "auths": { - "{{ template "epinio.registry-url" . }}": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } {{- if .Values.containerregistry.enabled }} , - "127.0.0.1:30500": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } - {{- end -}} - } - } diff --git a/charts/epinio/102.0.1+up1.6.2/templates/s3-secret.yaml b/charts/epinio/102.0.1+up1.6.2/templates/s3-secret.yaml deleted file mode 100644 index 294735447f..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/s3-secret.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Generated credentials for minio. Used only if minio is enabled. -{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace "minio-creds").data -}} -{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.accesskey)) -}} -{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.secretkey)) -}} - -# Minio values if minio is enabled, otherwise the user provided values -{{- $s3Endpoint := include "epinio.minio-url" . -}} -{{- $s3AccessKey := .Values.minio.enabled | ternary $accessKey .Values.s3.accessKeyID -}} -{{- $s3SecretKey := .Values.minio.enabled | ternary $secretKey .Values.s3.secretAccessKey -}} -{{- $s3Bucket := .Values.minio.enabled | ternary "epinio" .Values.s3.bucket -}} -{{- $s3UseSSL := .Values.minio.enabled | ternary true .Values.s3.useSSL -}} -{{- $s3Region := .Values.minio.enabled | ternary "" .Values.s3.region -}} - ---- -# The S3 connection details as required by the staging Job (in "ini" format) -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: epinio-s3-connection-details - namespace: {{ .Release.Namespace }} -stringData: - bucket: {{ $s3Bucket }} - config: |- - [default] - region={{ $s3Region }} - credentials: |- - [default] - aws_access_key_id={{ $s3AccessKey }} - aws_secret_access_key={{ $s3SecretKey }} - endpoint: {{ $s3Endpoint | quote }} - useSSL: {{ $s3UseSSL | quote }} - -# The S3 connection details as required by minio deployment -# https://github.com/minio/minio/blob/8ae46bce937567e682d14f7fe845b8ff67e549d2/helm/minio/values.yaml#L81 -# Secrets get created first so Minio should find it there when it needs it. -# https://github.com/helm/helm/blob/release-3.0/pkg/releaseutil/kind_sorter.go ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: minio-creds - namespace: {{ .Release.Namespace }} -stringData: - rootUser: {{ $s3AccessKey | quote }} - rootPassword: {{ $s3SecretKey | quote }} - accesskey: {{ $s3AccessKey | quote }} - secretkey: {{ $s3SecretKey | quote }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/server.yaml b/charts/epinio/102.0.1+up1.6.2/templates/server.yaml deleted file mode 100644 index 27c01489a4..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/server.yaml +++ /dev/null @@ -1,387 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - update - - delete -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - post -- apiGroups: - - "" - resources: - - pods/portforward - verbs: - - get -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - update - - delete - - get - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - update - - patch -- apiGroups: - - servicecatalog.k8s.io - resources: - - servicebindings - verbs: - - create - - get - - delete - - list -- apiGroups: - - servicecatalog.k8s.io - resources: - - serviceinstances - verbs: - - create - - delete - - get - - list -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - create - - delete -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete -- apiGroups: - - "cert-manager.io" - resources: - - certificates - verbs: - - create -- apiGroups: - - application.epinio.io - resources: - - apps - verbs: - - get - - list - - create - - delete - - patch - - update -- apiGroups: - - "metrics.k8s.io" - resources: - - pods - verbs: - - list -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: epinio-server-cluster-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - delete - - list -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: epinio-server-role - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: epinio-server -subjects: -- kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - template: - metadata: - labels: - app.kubernetes.io/component: epinio-server - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - spec: - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - serviceAccountName: epinio-server - volumes: - - name: asset-volume - secret: - secretName: epinio-assets - - name: tmp-volume - emptyDir: {} - - name: image-export-volume - persistentVolumeClaim: - claimName: image-export-pvc -{{- if .Values.dex.enabled }} - - name: dex-tls - secret: - secretName: dex-tls - optional: false -{{- end }} - containers: - - command: ["/epinio", "server"] - args: ["--port", "8030"] - env: - - name: EPINIO_SETTINGS - value: /tmp/settings.yaml - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - - name: ACCESS_CONTROL_ALLOW_ORIGIN - value: "{{ .Values.server.accessControlAllowOrigin }}" - - name: EPINIO_TIMEOUT_MULTIPLIER - value: "{{ .Values.server.timeoutMultiplier }}" - - name: TLS_ISSUER - value: "{{ .Values.global.tlsIssuer }}" - - name: TRACE_LEVEL - value: "{{ .Values.server.traceLevel }}" - - name: CHART_VERSION - value: "{{ .Chart.Version }}" - {{- $imageSkopeo := .Values.image.skopeo -}} - {{- if $imageSkopeo }} - - name: APP_IMAGE_EXPORTER - value: "{{ default $imageSkopeo.registry (include "registry-url" .) }}{{ $imageSkopeo.repository}}:{{ $imageSkopeo.tag }}" - {{- end }} - {{- if .Values.server.disableTracking }} - - name: DISABLE_TRACKING - value: "true" - {{- end }} - {{- if or .Values.s3.certificateSecret .Values.minio.enabled }} - - name: S3_CERTIFICATE_SECRET - value: {{ default "minio-tls" .Values.s3.certificateSecret }} - {{- end }} - {{- if .Values.containerregistry.enabled }} - - name: REGISTRY_CERTIFICATE_SECRET - value: "epinio-registry-tls" - {{- end }} - {{- if .Values.server.ingressClassName }} - - name: INGRESS_CLASS_NAME - value: "{{ .Values.server.ingressClassName }}" - {{- else if .Values.ingress.ingressClassName }} - - name: INGRESS_CLASS_NAME - value: "{{ .Values.ingress.ingressClassName }}" - {{- end }} - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 12 -}} - {{- end }} - image: "{{ default .Values.image.epinio.registry (include "registry-url" .) }}{{ .Values.image.epinio.repository }}:{{ default .Chart.AppVersion .Values.image.epinio.tag }}" - livenessProbe: - httpGet: - path: /ready - port: 8030 - name: epinio-server - ports: - - containerPort: 8030 - volumeMounts: - - name: asset-volume - mountPath: /assets - - name: tmp-volume - mountPath: /tmp - - name: image-export-volume - mountPath: /image-export -{{- if .Values.dex.enabled }} - - name: dex-tls - mountPath: /etc/ssl/certs/dex-tls.pem - subPath: tls.crt -{{- end }} - readinessProbe: - httpGet: - path: /ready - port: 8030 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: image-export-pvc - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/instance: default - app.kubernetes.io/name: epinio-server - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} - name: epinio-server - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8030 - selector: - app.kubernetes.io/name: epinio-server diff --git a/charts/epinio/102.0.1+up1.6.2/templates/service-catalog.yaml b/charts/epinio/102.0.1+up1.6.2/templates/service-catalog.yaml deleted file mode 100644 index 7391c9c382..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/service-catalog.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# These are three simple Services to fill the Service Catalog -{{ if .Values.serviceCatalog.enableDevServices }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: postgresql-dev - namespace: {{ .Release.Namespace }} -spec: - name: postgresql-dev - shortDescription: A PostgreSQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami PostreSQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/postgresql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: postgresql - chartVersion: 12.1.6 - serviceIcon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png - appVersion: 15.1.0 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mysql-dev - namespace: {{ .Release.Namespace }} -spec: - name: mysql-dev - shortDescription: A MySQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MySQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mysql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mysql - chartVersion: 9.4.5 - serviceIcon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png - appVersion: 8.0.31 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: redis-dev - namespace: {{ .Release.Namespace }} -spec: - name: redis-dev - shortDescription: A Redis service that can be used during development - description: | - This service is going to deploy a simple default Bitnami Redis instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/redis/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: redis - chartVersion: 17.3.17 - serviceIcon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png - appVersion: 7.0.7 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: rabbitmq-dev - namespace: {{ .Release.Namespace }} -spec: - name: rabbitmq-dev - shortDescription: A RabbitMQ service that can be used during development - description: | - This service is going to deploy a simple default Bitnami RabbitMQ instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: rabbitmq - chartVersion: 11.2.2 - serviceIcon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png - appVersion: 3.11.5 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mongodb-dev - namespace: {{ .Release.Namespace }} -spec: - name: mongodb-dev - shortDescription: A MongoDB service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MongoDB instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mongodb/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mongodb - chartVersion: 13.6.2 - serviceIcon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png - appVersion: 6.0.3 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/templates/stage-scripts.yaml b/charts/epinio/102.0.1+up1.6.2/templates/stage-scripts.yaml deleted file mode 100644 index bf1db19e6a..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/stage-scripts.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: epinio-stage-scripts - namespace: {{ .Release.Namespace }} -data: - builderImage: "{{ default .Values.image.builder.registry (include "registry-url" .) }}{{ .Values.image.builder.repository}}:{{ .Values.image.builder.tag }}" - downloadImage: "{{ default .Values.image.awscli.registry (include "registry-url" .) }}{{ .Values.image.awscli.repository}}:{{ .Values.image.awscli.tag }}" - unpackImage: "{{ default .Values.image.bash.registry (include "registry-url" .) }}{{ .Values.image.bash.repository}}:{{ default .Chart.AppVersion .Values.image.bash.tag }}" - download: |- - # Parameters - # - PROTOCOL # s3 protocol - # - ENDPOINT # s3 endpoint - # - BUCKET # s3 bucket - # - BLOBID # blob id / file name for source archive - # - # This data is set in the chart only for an external s3. For - # internal s3 the chart has no information. Therefore we cannot - # use helm templating to insert these. - echo By _ _ __ ___ _____ $(whoami) $(pwd) - cat /etc/ssl/certs/ca-bundle.crt > /tmp/ca-bundle.pem - test -f /certs/ca.crt && cat /certs/ca.crt >> /tmp/ca-bundle.pem - test -f /certs/tls.crt && cat /certs/tls.crt >> /tmp/ca-bundle.pem - aws --ca-bundle /tmp/ca-bundle.pem --endpoint-url "${PROTOCOL}://${ENDPOINT}" s3 cp "s3://${BUCKET}/${BLOBID}" "/workspace/source/${BLOBID}" - echo _ _ __ ___ _____ Done - unpack: |- - # Parameters - # - BLOBID # blob id / file name for source archive - # - # Attempting to unpack the sources as, in order: - # .tar - epinio cli - # .zip - epinio UI - # -z .tar.gz - # -j .tar.bz2 - # -J .tar.xz - # - # __Note__: While it would have been nicer, IMNSHO, to use `file` to determine the - # type of the file and then directly dispatch to the proper unpacker, the `file` - # command is not available in the `bash` image. The code as written now relies on each - # unpacker to recognize/reject input properly. - # - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -f "/workspace/source/${BLOBID}" ; then - echo Nothing to unpack - exit - fi - mkdir /workspace/source/app - ( cd /workspace/source/app - ( echo Tar? ; tar -xvf "../${BLOBID}" ) || \ - ( echo Zip? ; unzip "../${BLOBID}" ) || \ - ( echo Tgz? ; tar -xvzf "../${BLOBID}" ) || \ - ( echo Tbz? ; tar -xvjf "../${BLOBID}" ) || \ - ( echo Txz? ; tar -xvJf "../${BLOBID}" ) || \ - ( echo "Unable to unpack. No supported archive file format found" ; exit 1 ) - echo OK - ) - rm "/workspace/source/${BLOBID}" - mkdir -p /workspace/source/env - cp -vL /workspace/source/appenv/* /workspace/source/env - chown -R 1000:1000 /workspace 2> /dev/null - find /workspace - echo _ _ __ ___ _____ Done - build: |- - # Parameters - # - PREIMAGE # url of previous image - # - APPIMAGE # url of application image - # - # ATTENTION: The `curl localhost:4191` command is used to stop the linkerd proxy - # container gracefully. We use `|| true` in case linkerd is not deployed. Further, it - # is placed into a trap to ensure that it will always run, even for a staging failure. - # Error output generated when linkerd is not present/up is squashed (dev/null). - # These messages are irrelevant, the situation is not an error, and allowing them through - # would confuse users (readers of app staging logs). - set -e - trap "curl -X POST http://localhost:4191/shutdown 2> /dev/null || true" EXIT - echo By _ _ __ ___ _____ $(whoami) $(pwd) - if test ! -d "/workspace/source/app" ; then - echo Nothing to build - sleep 60 # linkerd is a pain - If we exit to quickly, with the sidecar not ready our curl to shut it down does nothing, and then the sidecar comes up and prevents the pod from ending - exit 1 - fi - find /workspace - /cnb/lifecycle/creator \ - -app=/workspace/source/app \ - -cache-dir=/workspace/cache \ - -uid=1000 \ - -gid=1000 \ - -layers=/layers \ - -platform=/workspace/source \ - -report=/layers/report.toml \ - -process-type=web \ - -skip-restore=false \ - "-previous-image=${PREIMAGE}" \ - "${APPIMAGE}" - echo _ _ __ ___ _____ Done diff --git a/charts/epinio/102.0.1+up1.6.2/templates/validate-cert-manager-crd.yaml b/charts/epinio/102.0.1+up1.6.2/templates/validate-cert-manager-crd.yaml deleted file mode 100644 index 87e12c558c..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/validate-cert-manager-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "acme.cert-manager.io/v1/Challenge" false -}} -# {{- set $found "acme.cert-manager.io/v1/Order" false -}} -# {{- set $found "cert-manager.io/v1/CertificateRequest" false -}} -# {{- set $found "cert-manager.io/v1/Certificate" false -}} -# {{- set $found "cert-manager.io/v1/ClusterIssuer" false -}} -# {{- set $found "cert-manager.io/v1/Issuer" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/102.0.1+up1.6.2/templates/validate-install-crd.yaml b/charts/epinio/102.0.1+up1.6.2/templates/validate-install-crd.yaml deleted file mode 100644 index afa6e4fb4d..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/templates/validate-install-crd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "application.epinio.io/v1/App" false -}} -# {{- set $found "application.epinio.io/v1/AppChart" false -}} -# {{- set $found "application.epinio.io/v1/Service" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/102.0.1+up1.6.2/values.schema.json b/charts/epinio/102.0.1+up1.6.2/values.schema.json deleted file mode 100644 index 766891678d..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/values.schema.json +++ /dev/null @@ -1,424 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft-07/schema#", - "title": "Values", - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "epinio": { - "type": "object", - "properties": { - "registry": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "bash": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "awscli": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "kubectl": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - } - }, - "server": { - "description": "server configuration", - "type": "object", - "properties": { - "accessControlAllowOrigin": { - "type": "string" - }, - "timeoutMultiplier": { - "type": "integer" - }, - "traceLevel": { - "type": "integer" - }, - "registryCertificateSecret": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - } - }, - "ingress": { - "ingressClassName": { - "type": "string" - }, - "annotations": { - "type": "object" - }, - "nginxSSLRedirect": { - "type": "string" - } - }, - "s3": { - "description": "s3 connection details", - "type": "object", - "properties": { - "endpoint": { - "type": "string" - }, - "bucket": { - "type": "string" - }, - "region": { - "type": "string" - }, - "accessKeyID": { - "type": "string" - }, - "secretAccessKey": { - "type": "string" - }, - "certificateSecret": { - "type": "string" - }, - "useSSL": { - "type": "boolean" - } - }, - "required": [ - "endpoint", - "bucket", - "accessKeyID", - "secretAccessKey" - ] - }, - "api": { - "description": "API access configuration", - "type": "object", - "properties": { - "users": { - "description": "Default Epinio users", - "type": "array", - "items": { - "type": "object", - "properties": { - "username": { - "type": "string" - }, - "passwordBcrypt": { - "type": "string" - }, - "role": { - "type": "string" - }, - "workspaces": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "username", - "passwordBcrypt", - "role" - ] - } - } - } - }, - "certManagerNamespace": { - "description": "the namespace there cert-manager controller is deployed", - "type": "string" - }, - "domain": { - "description": "the domain that will be used to access the Epinio API", - "type": "string" - }, - "global": { - "type": "object", - "properties": { - "cattle": { - "type": "object", - "properties": { - "systemDefaultRegistry": { - "type": "string" - } - } - }, - "domain": { - "type": "string" - }, - "tlsIssuer": { - "type": "string" - }, - "registryURL": { - "type": "string" - }, - "registryUsername": { - "type": "string" - }, - "registryPassword": { - "type": "string" - }, - "registryNamespace": { - "type": "string" - } - }, - "required": [ - "domain" - ] - }, - "containerregistry": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "nginx": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "registry": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - }, - "required": [ - "nginx", - "registry" - ] - }, - "imagePullPolicy": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - } - }, - "required": [ - "enabled", - "image", - "imagePullPolicy", - "ingressClassName" - ] - }, - "dex": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "fullnameOverride": { - "type": "string" - }, - "configSecret": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "create", - "name" - ] - } - }, - "required": [ - "enabled", - "configSecret", - "fullnameOverride" - ] - }, - "epinio-ui": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ] - } - }, - "required": [ - "enabled", - "ingress" - ] - }, - "kubed": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "enableAnalytics": { - "type": "boolean" - }, - "fullnameOverride": { - "type": "string" - } - }, - "required": [ - "enabled", - "enableAnalytics", - "fullnameOverride" - ] - }, - "minio": { - "type": "object", - "properties": { - "drivesPerNode": { - "type": "integer" - }, - "enabled": { - "type": "boolean" - }, - "existingSecret": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "makeUserJob": { - "type": "object", - "properties": { - "podAnnotations": { - "type": "object" - } - }, - "required": [ - "podAnnotations" - ] - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string" - } - }, - "required": [ - "size" - ] - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object", - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string" - } - }, - "required": [ - "memory" - ] - } - }, - "required": [ - "requests" - ] - }, - "tls": { - "type": "object", - "properties": { - "certSecret": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "privateKey": { - "type": "string" - }, - "publicCrt": { - "type": "string" - } - }, - "required": [ - "certSecret", - "enabled", - "privateKey", - "publicCrt" - ] - } - }, - "required": [ - "drivesPerNode", - "enabled", - "existingSecret", - "fullnameOverride", - "makeUserJob", - "persistence", - "replicas", - "resources", - "tls" - ] - } - }, - "required": [ - "certManagerNamespace", - "s3" - ] -} diff --git a/charts/epinio/102.0.1+up1.6.2/values.yaml b/charts/epinio/102.0.1+up1.6.2/values.yaml deleted file mode 100644 index 23e585e6f5..0000000000 --- a/charts/epinio/102.0.1+up1.6.2/values.yaml +++ /dev/null @@ -1,155 +0,0 @@ -## Default values for Epinio Helm Chart. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# The email address you are planning to use for getting notifications about your certificates. -email: "epinio@suse.com" - -image: - epinio: - repository: rancher/mirrored-epinio-epinio-server - tag: v1.6.2 - bash: - repository: rancher/mirrored-epinio-epinio-unpacker - tag: v1.6.2 - awscli: - repository: rancher/mirrored-amazon-aws-cli - tag: 2.9.14 - skopeo: - repository: rancher/mirrored-skopeo-skopeo - tag: v1.10.0 - kubectl: - repository: rancher/kubectl - tag: v1.22.6 - builder: - repository: rancher/mirrored-paketobuildpacks-builder - tag: 0.2.289-full - -server: - # Domain which serves the Rancher UI (to access the API) - accessControlAllowOrigin: "" - # increase this value to increase all timeouts by the same factor - timeoutMultiplier: 1 - # Increase this value to instruct the API server to produce more debug output - traceLevel: 0 - # The ingressClassName is used to select the ingress controller for apps. If empty ingress.ingressClassName (see below) is used - ingressClassName: "" - # Disable tracking of the Epinio and Kubernetes cluster version - disableTracking: false -ingress: - # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. - ingressClassName: "" - # Annotations to add to the API ingress - # e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false' - annotations: {} - # nginxSSLRedirect to controll https->http redirects - nginxSSLRedirect: "true" - -certManagerNamespace: cert-manager - -# Connection details for the S3 storage -s3: - endpoint: s3.amazonaws.com - bucket: "" - region: "" - accessKeyID: "" - secretAccessKey: "" - useSSL: true - # Set it to an existing secret if S3 is using a self signed cert - certificateSecret: "" - -api: - # Default users - users: - - username: admin - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: admin - - username: epinio - passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" - role: user - workspaces: - - workspace - -# Dex subchart values -- None for now, and sub chart disabled -dex: - enabled: true - # hardcode this, to avoid problems with release name - fullnameOverride: "dex" - configSecret: - create: false - name: "dex-config" - -# Extra environment variables passed to the epinio-server pod. -# extraEnv: -# - name: MY_ENV_VAR -# value: "1.0" -# Minio subchart values -minio: - enabled: true - # hardcode this, to avoid problems with release name - fullnameOverride: minio - existingSecret: minio-creds - tls: - enabled: true - certSecret: minio-tls - publicCrt: tls.crt - privateKey: tls.key - persistence: - size: 2Gi - drivesPerNode: 4 - replicas: 1 - resources: - requests: - memory: 1Gi - makeUserJob: - podAnnotations: - linkerd.io/inject: disabled - -epinio-ui: - enabled: true - epinioTheme: light - epinioVersion: "v1.6.2" - ingress: - enabled: false - -kubed: - enabled: true - fullnameOverride: kubed - enableAnalytics: false - -containerregistry: - enabled: true - image: - registry: - repository: rancher/mirrored-library-registry - tag: 2.8.1 - nginx: - repository: rancher/mirrored-library-nginx - tag: 1.23.2-alpine - imagePullPolicy: IfNotPresent - # The ingressClassName is used to select the ingress controller. If - # empty no class will be added to the ingresses. - ingressClassName: "" - -serviceCatalog: - # Enable service catalog service for development - enableDevServices: true - -global: - rbac: - pspEnabled: false - # The domain that will be used to access the epinio API server and the registry - domain: "" - # Connection details for the container registry. - registryURL: "" # Skip if containerregistry.enabled is true - registryUsername: "admin" - registryPassword: "changeme" - registryNamespace: "apps" # Used in registry path when pushing -> "external.tld/apps/APPNAME" - # The name of the cluster issuer to use. - # Epinio creates three options: 'epinio-ca', 'letsencrypt-production', and 'selfsigned-issuer'. - tlsIssuer: "epinio-ca" - # The URL of the container registry from where to pull container images for the various - # created Pods. Don't confuse this registry with the "Epinio registry" which is the one - # where Epinio stores the application images. - cattle: - systemDefaultRegistry: "" diff --git a/charts/epinio/102.0.3+up1.8.1/app-readme.md b/charts/epinio/102.0.3+up1.8.1/app-readme.md deleted file mode 100644 index 1c8d7bd6d3..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/app-readme.md +++ /dev/null @@ -1,37 +0,0 @@ -# Epinio PaaS - -Opinionated platform that runs on Kubernetes to take you from Code to URL in one step. - -__Attention__: - - - Requires `cert-manager` as dependency. - - Requires `helm-controller` as dependency. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) -have been removed from the Kubernetes API. - -As a result, __before upgrading to Kubernetes v1.25__ (or on a fresh install in a Kubernetes v1.25+ -cluster), users are expected to perform an in-place upgrade of this chart with -`global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -​> __Note:__ -> In this chart release, any previous field that was associated with any PSP resources have been -> removed in favor of a single global field: `global.cattle.psp.enabled`. - -> __Note:__ -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even -> if you manually clean up resources), __it will leave the Helm release in a broken state within the -> cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, -> etc.).__ -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your -> Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed -on its behalf from the cluster. This is the default setting for this chart. ​ - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) -should be used. Please consult the Rancher docs for more details on how to configure your chart -release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/.helmignore b/charts/epinio/102.0.3+up1.8.1/charts/dex/.helmignore deleted file mode 100644 index 00ca644b23..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -README.md.gotmpl diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/LICENSE b/charts/epinio/102.0.3+up1.8.1/charts/dex/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/config-secret-values.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/config-secret-values.yaml deleted file mode 100644 index 4798710d26..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/config-secret-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -config: - issuer: https://my-issuer.com - - storage: - type: memory - - enablePasswordDB: true - -configSecret: - name: my-super-special-dex-secret diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/no-config-secret.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/no-config-secret.yaml deleted file mode 100644 index 8e667025fb..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/no-config-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -config: - issuer: https://my-issuer.com - - storage: - type: memory - - enablePasswordDB: true - -configSecret: - create: false diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/test-values.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/test-values.yaml deleted file mode 100644 index a4eb657692..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/test-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -config: - issuer: https://my-issuer.com - - storage: - type: memory - - enablePasswordDB: true diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/NOTES.txt b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/NOTES.txt deleted file mode 100644 index f324e00262..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dex.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dex.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dex.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dex.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/hpa.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/hpa.yaml deleted file mode 100644 index f381c7d72a..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "dex.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/networkpolicy.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/networkpolicy.yaml deleted file mode 100644 index acd51b9d89..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/networkpolicy.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -{{- if semverCompare "<1.7-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: extensions/v1beta1 -{{- else -}} -apiVersion: networking.k8s.io/v1 -{{- end }} -kind: NetworkPolicy -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -spec: - policyTypes: - {{- if .Values.networkPolicy.egressRules }} - - Egress - {{- end }} - - Ingress - podSelector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} - ingress: - - ports: - - port: http - {{- if .Values.https.enabled }} - - port: https - {{- end }} - {{- if .Values.grpc.enabled }} - - port: grpc - {{- end }} - - port: telemetry - {{- with .Values.networkPolicy.egressRules }} - egress: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/poddisruptionbudget.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/poddisruptionbudget.yaml deleted file mode 100644 index 6ec1032ad7..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ template "dex.fullname" . }} - labels: -{{ include "dex.labels" . | indent 4 }} -spec: - {{- with .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} - {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/psp.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/psp.yaml deleted file mode 100644 index 7b30c45e0a..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" -}} -{{- if .Values.serviceAccount.create }} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/rbac.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/rbac.yaml deleted file mode 100644 index 333f2f1000..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/rbac.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -rules: - - apiGroups: ["dex.coreos.com"] - resources: ["*"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: {{ include "dex.fullname" . }} -subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: {{ include "dex.serviceAccountName" . }} -{{- if .Values.rbac.createClusterScoped }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["list", "create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "dex.fullname" . }}-cluster - labels: - {{- include "dex.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ include "dex.fullname" . }} -subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: {{ include "dex.serviceAccountName" . }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/secret.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/secret.yaml deleted file mode 100644 index 27d39546ed..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.configSecret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "dex.configSecretName" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} -type: Opaque -data: - config.yaml: {{ .Values.config | toYaml | b64enc | quote }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/service.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/service.yaml deleted file mode 100644 index 8114e8d59e..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "dex.fullname" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- with .Values.service.clusterIP }} - clusterIP: {{ . }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.ports.http.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.http.nodePort }} - nodePort: {{ .Values.service.ports.http.nodePort }} - {{- end }} - targetPort: http - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - {{- if .Values.https.enabled }} - - name: https - port: {{ .Values.service.ports.https.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.https.nodePort }} - nodePort: {{ .Values.service.ports.https.nodePort }} - {{- end }} - targetPort: https - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: https - {{- end }} - {{- end }} - {{- if .Values.grpc.enabled }} - - name: grpc - port: {{ .Values.service.ports.grpc.port }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.grpc.nodePort }} - nodePort: {{ .Values.service.ports.grpc.nodePort }} - {{- end }} - targetPort: grpc - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - {{- end }} - - name: telemetry - port: 5558 - targetPort: telemetry - protocol: TCP - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }} - appProtocol: http - {{- end }} - selector: - {{- include "dex.selectorLabels" . | nindent 4 }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/serviceaccount.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/serviceaccount.yaml deleted file mode 100644 index 30c3ddd90e..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "dex.serviceAccountName" . }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/servicemonitor.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/servicemonitor.yaml deleted file mode 100644 index 34e161e81a..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/servicemonitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "dex.fullname" . }} - {{- with .Values.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} - labels: - {{- include "dex.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: telemetry - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - jobLabel: {{ include "dex.fullname" . }} - selector: - matchLabels: - {{- include "dex.selectorLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/tests/no-config-secret.yaml b/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/tests/no-config-secret.yaml deleted file mode 100644 index 4b7804f540..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/tests/no-config-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if not .Values.configSecret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "dex.configSecretName" . }}-test-no-create - labels: - {{- include "dex.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -type: Opaque -data: - config.yaml: {{ .Values.config | toYaml | b64enc | quote }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/.helmignore b/charts/epinio/102.0.3+up1.8.1/charts/kubed/.helmignore deleted file mode 100644 index be86b789d7..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# Helm files -OWNERS diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/Chart.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/Chart.yaml deleted file mode 100644 index b01e55e5e0..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: v0.13.2 -description: Config Syncer by AppsCode - Kubernetes daemon -home: https://github.com/kubeops/config-syncer -icon: https://cdn.appscode.com/images/products/kubed/icons/android-icon-192x192.png -maintainers: -- email: support@appscode.com - name: appscode -name: kubed -sources: -- https://github.com/kubeops/config-syncer -version: v0.13.2 diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/README.md b/charts/epinio/102.0.3+up1.8.1/charts/kubed/README.md deleted file mode 100644 index d747c51769..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Config Syncer - -[Config Syncer by AppsCode](https://github.com/kubeops/config-syncer) - A Kubernetes cluster manager daemon - -## TL;DR; - -```console -$ helm repo add appscode https://charts.appscode.com/stable/ -$ helm repo update -$ helm install kubed appscode/kubed -n kube-system -``` - -## Introduction - -This chart deploys a Config Syncer operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.11+ - -## Installing the Chart - -To install the chart with the release name `kubed`: - -```console -$ helm install kubed appscode/kubed -n kube-system -``` - -The command deploys a Config Syncer operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `kubed`: - -```console -$ helm delete kubed -n kube-system -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the `kubed` chart and their default values. - -| Parameter | Description | Default | -|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------| -| nameOverride | Overrides name template | "" | -| fullnameOverride | Overrides fullname template | "" | -| replicaCount | Number of Config Syncer operator replicas to create (only 1 is supported) | 1 | -| operator.registry | Docker registry used to pull Config Syncer operator image | appscode | -| operator.repository | Config Syncer operator container image | kubed | -| operator.tag | Config Syncer operator container image tag | v0.13.2 | -| operator.resources | Compute Resources required by the operator container | {} | -| operator.securityContext | Security options the operator container should run with | {} | -| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/kubed \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | -| imagePullPolicy | Container image pull policy | IfNotPresent | -| criticalAddon | If true, installs Config Syncer operator as critical addon | false | -| logLevel | Log level for operator | 3 | -| annotations | Annotations applied to operator deployment | {} | -| podAnnotations | Annotations passed to operator pod(s). | {} | -| nodeSelector | Node labels for pod assignment | {} | -| tolerations | Tolerations for pod assignment | [] | -| affinity | Affinity rules for pod assignment | {} | -| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} | -| serviceAccount.create | Specifies whether a service account should be created | true | -| serviceAccount.annotations | Annotations to add to the service account | {} | -| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | -| apiserver.securePort | Port used by Config Syncer server | "8443" | -| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | -| apiserver.healthcheck.enabled | healthcheck configures the readiness and liveliness probes for the operator pod. | false | -| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | -| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of Config Syncer server. | "" | -| apiserver.servingCerts.serverCrt | Serving certficate used by Config Syncer server. | "" | -| apiserver.servingCerts.serverKey | Private key for the serving certificate used by Config Syncer server. | "" | -| enableAnalytics | If true, sends usage analytics | true | -| config.clusterName | Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. so that you can distinguish notifications sent by kubed | unicorn | -| config.configSourceNamespace | If set, configmaps and secrets from only this namespace will be synced | "" | -| config.kubeconfigContent | kubeconfig file content for configmap and secret syncer | "" | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --set replicaCount=1 -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while -installing the chart. For example: - -```console -$ helm install kubed appscode/kubed -n kube-system --values values.yaml -``` diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/doc.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/doc.yaml deleted file mode 100644 index e3b2d7fae6..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/doc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -project: - name: Config Syncer by AppsCode - shortName: Config Syncer - url: https://github.com/kubeops/config-syncer - description: A Kubernetes cluster manager daemon - app: a Config Syncer operator -repository: - url: https://charts.appscode.com/stable/ - name: appscode -chart: - name: kubed - values: "-- generate from values file --" - valuesExample: "-- generate from values file --" -prerequisites: -- Kubernetes 1.11+ -release: - name: kubed - namespace: kube-system diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/NOTES.txt b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/NOTES.txt deleted file mode 100644 index aa9281fa09..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that Config Syncer has started, run: - - kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubed.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/_helpers.tpl b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/_helpers.tpl deleted file mode 100644 index cbdcb8c0df..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/_helpers.tpl +++ /dev/null @@ -1,93 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kubed.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubed.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubed.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kubed.labels" -}} -helm.sh/chart: {{ include "kubed.chart" . }} -{{ include "kubed.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kubed.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kubed.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kubed.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "kubed.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- else -}} -{{ .Values.operator.registry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/apiregistration.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/apiregistration.yaml deleted file mode 100644 index fcbf02a361..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/apiregistration.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- $serverCrt := "" }} -{{- $serverKey := "" }} -{{- if .Values.apiserver.servingCerts.generate }} -{{- $ca := genCA "ca" 3650 }} -{{- $cn := include "kubed.fullname" . -}} -{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} -{{- $serverCrt = b64enc $server.Cert }} -{{- $serverKey = b64enc $server.Key }} -{{- else }} -{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} -{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} -{{- end }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -type: Opaque -data: - tls.crt: {{ $serverCrt }} - tls.key: {{ $serverKey }} ---- -# to read the config for terminating authentication -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-extension-server-authentication-reader - namespace: kube-system - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -# to delegate authentication and authorization -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }}-apiserver-auth-delegator - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role-binding.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role-binding.yaml deleted file mode 100644 index 8ea05646a5..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubed.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role.yaml deleted file mode 100644 index 95e0147902..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/cluster-role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kubed.fullname" . }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["get", "create", "patch", "delete", "list", "watch"] -- apiGroups: [""] - resources: - - namespaces - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - nodes - verbs: ["list"] -- apiGroups: [""] - resources: - - events - verbs: ["create"] diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/deployment.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/deployment.yaml deleted file mode 100644 index 77efce771c..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/deployment.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }} -{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }} -{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "kubed.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kubed.selectorLabels" . | nindent 8 }} - annotations: - checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/apiregistration.yaml") . | sha256sum }} - {{- if $criticalAddon }} - scheduler.alpha.kubernetes.io/critical-pod: '' - {{- end }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "kubed.serviceAccountName" . }} - containers: - - name: kubed - securityContext: - {{- toYaml .Values.operator.securityContext | nindent 10 }} - image: {{ template "registry-url" . }}{{ .Values.operator.repository }}:{{ .Values.operator.tag }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - run - - --v={{ .Values.logLevel }} - - --secure-port={{ default "8443" .Values.apiserver.securePort }} - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key - - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }} - - --enable-analytics={{ .Values.enableAnalytics }} - {{- with .Values.config.clusterName }} - - --cluster-name={{ . }} - {{- end }} - {{- with .Values.config.configSourceNamespace }} - - --config-source-namespace={{ . }} - {{- end }} - {{- if .Values.config.kubeconfigContent }} - - --kubeconfig-file=/srv/kubed/kubeconfig - {{- end }} - {{- range .Values.config.additionalOptions }} - - {{ . }} - {{- end }} - ports: - - containerPort: {{ default "8443" .Values.apiserver.securePort }} - {{- if .Values.apiserver.healthcheck.enabled }} - readinessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - livenessProbe: - httpGet: - path: /healthz - port: {{ default "8443" .Values.apiserver.securePort }} - scheme: HTTPS - initialDelaySeconds: 5 - {{- end }} - resources: - {{- toYaml .Values.operator.resources | nindent 10 }} - volumeMounts: - - name: config - mountPath: /srv/kubed - - name: scratch - mountPath: /tmp - - mountPath: /var/serving-cert - name: serving-cert - volumes: - - name: config - secret: - secretName: {{ template "kubed.fullname" . }} - - name: scratch - emptyDir: {} - - name: serving-cert - secret: - defaultMode: 420 - secretName: {{ template "kubed.fullname" . }}-apiserver-cert - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if $criticalAddon }} - - key: CriticalAddonsOnly - operator: Exists - {{- end -}} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} - {{- if $criticalAddon }} - priorityClassName: system-cluster-critical - {{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/psp.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/psp.yaml deleted file mode 100644 index a9d936fd50..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" -}} -{{- if .Values.serviceAccount.create }} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "kubed.serviceAccountName" . }}-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "kubed.serviceAccountName" . }}-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ include "kubed.serviceAccountName" . }} - app: {{ include "kubed.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "kubed.serviceAccountName" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/secret.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/secret.yaml deleted file mode 100644 index a980ae34b4..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -data: - {{- if .Values.config.kubeconfigContent }} - kubeconfig: {{ .Values.config.kubeconfigContent | trim | b64enc | quote }} - {{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/service.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/service.yaml deleted file mode 100644 index 95b76cf645..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubed.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} -spec: - ports: - # Port used to expose admission webhook apiserver - - name: api - port: 443 - targetPort: {{ default "8443" .Values.apiserver.securePort }} - selector: - {{- include "kubed.selectorLabels" . | nindent 4 }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/serviceaccount.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/serviceaccount.yaml deleted file mode 100644 index 96f9c84c1b..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kubed.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubed.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/kubed/values.yaml b/charts/epinio/102.0.3+up1.8.1/charts/kubed/values.yaml deleted file mode 100644 index 0be091855c..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/kubed/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# Default values for kubed. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Overrides name template -nameOverride: "" -# Overrides fullname template -fullnameOverride: "" - -# Number of Config Syncer operator replicas to create (only 1 is supported) -replicaCount: 1 - -operator: - # Config Syncer operator container image - repository: rancher/mirrored-appscode-kubed - # Config Syncer operator container image tag - tag: v0.13.2 - # Compute Resources required by the operator container - resources: {} - # Security options the operator container should run with - securityContext: {} - -# Specify an array of imagePullSecrets. -# Secrets must be manually created in the namespace. -# -# Example: -# helm template charts/kubed \ -# --set imagePullSecrets[0].name=sec0 \ -# --set imagePullSecrets[1].name=sec1 -imagePullSecrets: [] - -# Container image pull policy -imagePullPolicy: IfNotPresent - -# If true, installs Config Syncer operator as critical addon -criticalAddon: false - -# Log level for operator -logLevel: 3 - -# Annotations applied to operator deployment -annotations: {} - -# Annotations passed to operator pod(s). -podAnnotations: {} - -# Node labels for pod assignment -nodeSelector: {} - -# Tolerations for pod assignment -tolerations: [] - -# Affinity rules for pod assignment -affinity: {} - -# Security options the operator pod should run with. -podSecurityContext: # +doc-gen:break - # ensure that s/a token is readable xref: https://issues.k8s.io/70679 - fsGroup: 65535 - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -apiserver: - # Port used by Config Syncer server - securePort: "8443" - # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) - useKubeapiserverFqdnForAks: true - healthcheck: - # healthcheck configures the readiness and liveliness probes for the operator pod. - enabled: false - servingCerts: - # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) - # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. - generate: true - # CA certficate used by serving certificate of Config Syncer server. - caCrt: "" - # Serving certficate used by Config Syncer server. - serverCrt: "" - # Private key for the serving certificate used by Config Syncer server. - serverKey: "" - -# If true, sends usage analytics -enableAnalytics: true - -config: - # Set cluster-name to something meaningful to you, say, prod, prod-us-east, qa, etc. - # so that you can distinguish notifications sent by kubed - clusterName: unicorn - # If set, configmaps and secrets from only this namespace will be synced - configSourceNamespace: "" - # kubeconfig file content for configmap and secret syncer - kubeconfigContent: "" -# additionalOptions: -# - --authentication-skip-lookup diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/.helmignore b/charts/epinio/102.0.3+up1.8.1/charts/minio/.helmignore deleted file mode 100644 index a9fe727881..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# OWNERS file for Kubernetes -OWNERS \ No newline at end of file diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/Chart.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/Chart.yaml deleted file mode 100644 index a3d4e31864..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -appVersion: RELEASE.2023-02-10T18-48-39Z -description: Multi-Cloud Object Storage -home: https://min.io -icon: https://min.io/resources/img/logo/MINIO_wordmark.png -keywords: -- minio -- storage -- object-storage -- s3 -- cluster -maintainers: -- email: dev@minio.io - name: MinIO, Inc -name: minio -sources: -- https://github.com/minio/minio -version: 5.0.7 diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/README.md b/charts/epinio/102.0.3+up1.8.1/charts/minio/README.md deleted file mode 100644 index 6de4fb16b3..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/README.md +++ /dev/null @@ -1,260 +0,0 @@ -# MinIO Helm Chart - -[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE) - -MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. - -For more detailed documentation please visit [here](https://min.io/docs/minio/linux/index.html) - -## Introduction - -This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Helm cli with Kubernetes cluster configured. -- PV provisioner support in the underlying infrastructure. (We recommend using ) -- Use Kubernetes version v1.19 and later for best experience. - -## Configure MinIO Helm repo - -```bash -helm repo add minio https://charts.min.io/ -``` - -### Installing the Chart - -Install this chart using: - -```bash -helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio -``` - -The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -### Installing the Chart (toy-setup) - -Minimal toy setup for testing purposes can be deployed using: - -```bash -helm install --set resources.requests.memory=512Mi --set replicas=1 --set persistence.enabled=false --set mode=standalone --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio -``` - -### Upgrading the Chart - -You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: - -```bash -helm get values my-release > old_values.yaml -``` - -Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using - -```bash -helm upgrade -f old_values.yaml my-release minio/minio -``` - -Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. - -### Configuration - -Refer the [Values file](./values.yaml) for all the possible config fields. - -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install --name my-release --set persistence.size=1Ti minio/minio -``` - -The above command deploys MinIO server with a 1Ti backing persistent volume. - -Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, - -```bash -helm install --name my-release -f values.yaml minio/minio -``` - -### Persistence - -This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: - -```bash -helm install --set persistence.enabled=false minio/minio -``` - -> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* - -### Existing PersistentVolumeClaim - -If a Persistent Volume Claim already exists, specify it during installation. - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```bash -helm install --set persistence.existingClaim=PVC_NAME minio/minio -``` - -### NetworkPolicy - -To enable network policy for MinIO, -install [a networking plugin that implements the Kubernetes -NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), -and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: - -``` -kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 9000. - -For more precise policy, set `networkPolicy.allowExternal=true`. This will -only allow pods with the generated client label to connect to MinIO. -This label will be displayed in the output of a successful install. - -### Existing secret - -Instead of having this chart create the secret for you, you can supply a preexisting secret, much -like an existing PersistentVolumeClaim. - -First, create the secret: - -```bash -kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux -``` - -Then install the chart, specifying that you want to use an existing secret: - -```bash -helm install --set existingSecret=my-minio-secret minio/minio -``` - -The following fields are expected in the secret: - -| .data.\ in Secret | Corresponding variable | Description | Required | -|:------------------------|:-----------------------|:---------------|:---------| -| `rootUser` | `rootUser` | Root user. | yes | -| `rootPassword` | `rootPassword` | Root password. | yes | - -All corresponding variables will be ignored in values file. - -### Configure TLS - -To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using - -```bash -kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt -``` - -Then install the chart, specifying that you want to use the TLS secret: - -```bash -helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio -``` - -### Installing certificates from third party CAs - -MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. - -For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt -``` - -If TLS is not enabled, you would need only the third party CA: - -``` -kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt -``` - -The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter: - -``` -trustedCertsSecret: "minio-trusted-certs" - -or - ---set trustedCertsSecret=minio-trusted-certs -``` - -### Create buckets after install - -Install the chart, specifying the buckets you want to create after install: - -```bash -helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio -``` - -Description of the configuration parameters used above - - -- `buckets[].name` - name of the bucket to create, must be a string with length > 0 -- `buckets[].policy` - can be one of none|download|upload|public -- `buckets[].purge` - purge if bucket exists already - -### Create policies after install - -Install the chart, specifying the policies you want to create after install: - -```bash -helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio -``` - -Description of the configuration parameters used above - - -- `policies[].name` - name of the policy to create, must be a string with length > 0 -- `policies[].statements[]` - list of statements, includes actions and resources -- `policies[].statements[].resources[]` - list of resources that applies the statement -- `policies[].statements[].actions[]` - list of actions granted - -### Create user after install - -Install the chart, specifying the users you want to create after install: - -```bash -helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio -``` - -Description of the configuration parameters used above - - -- `users[].accessKey` - accessKey of user -- `users[].secretKey` - secretKey of usersecretRef -- `users[].existingSecret` - secret name that contains the secretKey of user -- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey -- `users[].policy` - name of the policy to assign to user - -### Create service account after install - -Install the chart, specifying the service accounts you want to create after install: - -```bash -helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio -``` - -Description of the configuration parameters used above - - -- `svcaccts[].accessKey` - accessKey of service account -- `svcaccts[].secretKey` - secretKey of svcacctsecretRef -- `svcaccts[].existingSecret` - secret name that contains the secretKey of service account -- `svcaccts[].existingSecretKey` - data key in existingSecret secret containing the secretKey -- `svcaccts[].user` - name of the parent user to assign to service account - -## Uninstalling the Chart - -Assuming your release is named as `my-release`, delete it using the command: - -```bash -helm delete my-release -``` - -or - -```bash -helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/NOTES.txt b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/NOTES.txt deleted file mode 100644 index 7051b1e62c..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/NOTES.txt +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.service.type "ClusterIP" "NodePort" }} -MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: -{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access MinIO from localhost, run the below commands: - - 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - - 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} - -Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ - -You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }}-local - -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} -MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: -kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} - -Note that the public IP may take a couple of minutes to be available. - -You can now access MinIO server on http://:9000. Follow the below steps to connect to MinIO server with mc client: - - 1. Download the MinIO mc client - https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart - - 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@:{{ .Values.service.port }} - - 3. mc ls {{ template "minio.fullname" . }} - -Alternately, you can use your browser or the MinIO SDK to access the server - https://min.io/docs/minio/linux/reference/minio-server/minio-server.html -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label -{{ template "minio.fullname" . }}-client=true" -will be able to connect to this minio cluster. -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_custom_command.txt b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_custom_command.txt deleted file mode 100644 index b583a7782f..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_custom_command.txt +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -set -e ; # Have script exit in the event of a failed command. - -{{- if .Values.configPathmc }} -MC_CONFIG_DIR="{{ .Values.configPathmc }}" -MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" -{{- else }} -MC="/usr/bin/mc --insecure" -{{- end }} - -# connectToMinio -# Use a check-sleep-check loop to wait for MinIO service to be available -connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 -} - -# runCommand ($@) -# Run custom mc command -runCommand() { - ${MC} "$@" - return $? -} - -# Try connecting to MinIO instance -{{- if .Values.tls.enabled }} -scheme=https -{{- else }} -scheme=http -{{- end }} -connectToMinio $scheme - -{{ if .Values.customCommands }} -# Run custom commands -{{- range .Values.customCommands }} -runCommand {{ .command }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_policy.tpl b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_policy.tpl deleted file mode 100644 index f2150530b4..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_policy.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{- $statements_length := len .statements -}} -{{- $statements_length := sub $statements_length 1 -}} -{ - "Version": "2012-10-17", - "Statement": [ -{{- range $i, $statement := .statements }} - { - "Effect": "Allow", - "Action": [ -"{{ $statement.actions | join "\",\n\"" }}" - ]{{ if $statement.resources }}, - "Resource": [ -"{{ $statement.resources | join "\",\n\"" }}" - ]{{ end }} -{{- if $statement.conditions }} -{{- $condition_len := len $statement.conditions }} -{{- $condition_len := sub $condition_len 1 }} - , - "Condition": { - {{- range $k,$v := $statement.conditions }} - {{- range $operator,$object := $v }} - "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }} - {{- end }}{{- end }} - }{{- end }} - }{{ if lt $i $statements_length }},{{end }} -{{- end }} - ] -} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helpers.tpl b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helpers.tpl deleted file mode 100644 index 2cd9772ffb..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helpers.tpl +++ /dev/null @@ -1,246 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "minio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "minio.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "minio.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "minio.statefulset.apiVersion" -}} -{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "minio.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for console ingress. -*/}} -{{- define "minio.consoleIngress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Determine secret name. -*/}} -{{- define "minio.secretName" -}} -{{- if .Values.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "minio.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Determine name for scc role and rolebinding -*/}} -{{- define "minio.sccRoleName" -}} -{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Properly format optional additional arguments to MinIO binary -*/}} -{{- define "minio.extraArgs" -}} -{{- range .Values.extraArgs -}} -{{ " " }}{{ . }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "minio.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- else if .Values.imagePullSecrets }} -imagePullSecrets: - {{ toYaml .Values.imagePullSecrets }} -{{- end -}} -{{- end -}} - -{{/* -Formats volumeMount for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolumeMount" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - mountPath: {{ .Values.certsPath }} -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} -- name: trusted-cert-secret-volume - mountPath: {{ $casPath }} -{{- end }} -{{- end -}} - -{{/* -Formats volume for MinIO TLS keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolume" -}} -{{- if .Values.tls.enabled }} -- name: cert-secret-volume - secret: - secretName: {{ tpl .Values.tls.certSecret $ }} - items: - - key: {{ .Values.tls.publicCrt }} - path: public.crt - - key: {{ .Values.tls.privateKey }} - path: private.key -{{- end }} -{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} -{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} -{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} -- name: trusted-cert-secret-volume - secret: - secretName: {{ $certSecret }} - {{- if ne $publicCrt "" }} - items: - - key: {{ $publicCrt }} - path: public.crt - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "minio.getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{- define "minio.root.username" -}} - {{- if .Values.rootUser }} - {{- .Values.rootUser | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }} - {{- end }} -{{- end -}} - -{{- define "minio.root.password" -}} - {{- if .Values.rootPassword }} - {{- .Values.rootPassword | toString }} - {{- else }} - {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }} - {{- end }} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, add below linux tolerations to -workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* -URL prefix for container images to be compatible with Rancher -*/}} -{{- define "registry-url" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{ trimSuffix "/" .Values.global.cattle.systemDefaultRegistry }}/ -{{- end -}} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/configmap.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/configmap.yaml deleted file mode 100644 index 54d56772cd..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/configmap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - initialize: |- -{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} - add-user: |- -{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} - add-policy: |- -{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} -{{- range $idx, $policy := .Values.policies }} - # Policy: {{ $policy.name }} - policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} -{{ end }} -{{- range $idx, $svc := .Values.svcaccts }} -{{- if $svc.policy }} - # SVC: {{ $svc.accessKey }} - svc_policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") .policy | indent 4 }} -{{- end }} -{{ end }} - add-svcacct: |- -{{ include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | indent 4 }} - custom-command: |- -{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-ingress.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-ingress.yaml deleted file mode 100644 index 2ce9a93bf3..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.consoleIngress.enabled -}} -{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}} -{{- $servicePort := .Values.consoleService.port -}} -{{- $ingressPath := .Values.consoleIngress.path -}} -apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.consoleIngress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.consoleIngress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.consoleIngress.ingressClassName }} - ingressClassName: {{ .Values.consoleIngress.ingressClassName }} -{{- end }} -{{- if .Values.consoleIngress.tls }} - tls: - {{- range .Values.consoleIngress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.consoleIngress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-service.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-service.yaml deleted file mode 100644 index 46da359744..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/console-service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-console - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.consoleService.annotations }} - annotations: -{{ toYaml .Values.consoleService.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} - type: ClusterIP - {{- if not (empty .Values.consoleService.clusterIP) }} - clusterIP: {{ .Values.consoleService.clusterIP }} - {{end}} -{{- else if eq .Values.consoleService.type "LoadBalancer" }} - type: {{ .Values.consoleService.type }} - loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} -{{- else }} - type: {{ .Values.consoleService.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.consoleService.port }} - protocol: TCP -{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} - nodePort: {{ .Values.consoleService.nodePort }} -{{- else }} - targetPort: {{ .Values.minioConsolePort }} -{{- end}} -{{- if .Values.consoleService.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.consoleService.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/ingress.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/ingress.yaml deleted file mode 100644 index 8d9a837dc8..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "minio.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: {{ template "minio.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.ingress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - http: - paths: - - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if . }} - host: {{ . | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/networkpolicy.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/networkpolicy.yaml deleted file mode 100644 index ac219b937b..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/networkpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - podSelector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - ingress: - - ports: - - port: {{ .Values.minioAPIPort }} - - port: {{ .Values.minioConsolePort }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "minio.name" . }}-client: "true" - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/psp.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/psp.yaml deleted file mode 100644 index 7b30c45e0a..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/psp.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" -}} -{{- if .Values.serviceAccount.create }} -{{- if .Values.global.rbac.pspEnabled }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: {{ .Values.serviceAccount.name | quote }} - app: {{ .Values.serviceAccount.name | quote }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ printf "%s-psp" .Values.serviceAccount.name | quote }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/pvc.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/pvc.yaml deleted file mode 100644 index 369aade415..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.persistence.VolumeName }} - volumeName: "{{ .Values.persistence.VolumeName }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/secrets.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/secrets.yaml deleted file mode 100644 index da2ecab4a1..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "minio.secretName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - rootUser: {{ include "minio.root.username" . | b64enc | quote }} - rootPassword: {{ include "minio.root.password" . | b64enc | quote }} - {{- if .Values.etcd.clientCert }} - etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }} - {{- end }} - {{- if .Values.etcd.clientCertKey }} - etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/securitycontextconstraints.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/securitycontextconstraints.yaml deleted file mode 100644 index 4bac7e3728..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/securitycontextconstraints.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: true -allowPrivilegedContainer: false -allowedCapabilities: [] -readOnlyRootFilesystem: false -defaultAddCapabilities: [] -requiredDropCapabilities: -- KILL -- MKNOD -- SETUID -- SETGID -fsGroup: - type: MustRunAs - ranges: - - max: {{ .Values.securityContext.fsGroup }} - min: {{ .Values.securityContext.fsGroup }} -runAsUser: - type: MustRunAs - uid: {{ .Values.securityContext.runAsUser }} -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- projected -- secret -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/service.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/service.yaml deleted file mode 100644 index 741528df45..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - monitoring: "true" -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} - type: ClusterIP - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP -{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} -{{- else }} - targetPort: {{ .Values.minioAPIPort }} -{{- end}} -{{- if .Values.service.externalIPs }} - externalIPs: -{{- range $i , $ip := .Values.service.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/serviceaccount.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index 6a4bd94b3d..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.name | quote }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/servicemonitor.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/servicemonitor.yaml deleted file mode 100644 index 955273b526..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/servicemonitor.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "minio.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -{{- if .Values.metrics.serviceMonitor.annotations }} - annotations: -{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - endpoints: - {{- if .Values.tls.enabled }} - - port: https - scheme: https - tlsConfig: - ca: - secret: - name: {{ .Values.tls.certSecret }} - key: {{ .Values.tls.publicCrt }} - serverName: {{ template "minio.fullname" . }} - {{ else }} - - port: http - scheme: http - {{- end }} - path: /minio/v2/metrics/node - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelConfigs }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} - {{- end }} - {{- if not .Values.metrics.serviceMonitor.public }} - bearerTokenSecret: - name: {{ template "minio.fullname" . }}-prometheus - key: token - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: - app: {{ include "minio.name" . }} - release: {{ .Release.Name }} - monitoring: "true" -{{- end }} -{{- if .Values.metrics.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: Probe -metadata: - name: {{ template "minio.fullname" . }}-cluster - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - jobName: {{ template "minio.fullname" . }} - {{- if .Values.tls.enabled }} - tlsConfig: - ca: - secret: - name: {{ .Values.tls.certSecret }} - key: {{ .Values.tls.publicCrt }} - serverName: {{ template "minio.fullname" . }} - {{- end }} - prober: - url: {{ template "minio.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} - path: /minio/v2/metrics/cluster - {{- if .Values.tls.enabled }} - scheme: https - {{ else }} - scheme: http - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }} - {{- end }} - targets: - staticConfig: - static: - - {{ template "minio.fullname" . }}.{{ .Release.Namespace }} - {{- if not .Values.metrics.serviceMonitor.public }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - bearerTokenSecret: - name: {{ template "minio.fullname" . }}-prometheus - key: token - {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/statefulset.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/statefulset.yaml deleted file mode 100644 index eaedfc6294..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/statefulset.yaml +++ /dev/null @@ -1,258 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -{{ $poolCount := .Values.pools | int }} -{{ $nodeCount := .Values.replicas | int }} -{{ $replicas := mul $poolCount $nodeCount }} -{{ $drivesPerNode := .Values.drivesPerNode | int }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} -{{ $mountPath := .Values.mountPath }} -{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} -{{ $subPath := .Values.persistence.subPath }} -{{ $penabled := .Values.persistence.enabled }} -{{ $accessMode := .Values.persistence.accessMode }} -{{ $storageClass := .Values.persistence.storageClass }} -{{ $psize := .Values.persistence.size }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "minio.fullname" . }}-svc - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - publishNotReadyAddresses: true - clusterIP: None - ports: - - name: {{ $scheme }} - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.minioAPIPort }} - selector: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} ---- -apiVersion: {{ template "minio.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }} - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} -spec: - updateStrategy: - type: {{ .Values.StatefulSetUpdate.updateStrategy }} - podManagementPolicy: "Parallel" - serviceName: {{ template "minio.fullname" . }}-svc - replicas: {{ $replicas }} - selector: - matchLabels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "minio.fullname" . }} - labels: - app: {{ template "minio.name" . }} - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if not .Values.ignoreChartChecksums }} - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: "{{ .Values.runtimeClassName }}" - {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} - fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} - {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", - "-ce", - "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] - volumeMounts: - {{- if $penabled }} - {{- if (gt $drivesPerNode 1) }} - {{- range $i := until $drivesPerNode }} - - name: export-{{ $i }} - mountPath: {{ $mountPath }}-{{ $i }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- else }} - - name: export - mountPath: {{ $mountPath }} - {{- if and $penabled $subPath }} - subPath: {{ $subPath }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.extraSecret }} - - name: extra-secret - mountPath: "/tmp/minio-config-env" - {{- end }} - {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - ports: - - name: {{ $scheme }} - containerPort: {{ .Values.minioAPIPort }} - - name: {{ $scheme }}-console - containerPort: {{ .Values.minioConsolePort }} - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootUser - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "minio.secretName" . }} - key: rootPassword - {{- if .Values.extraSecret }} - - name: MINIO_CONFIG_ENV_FILE - value: "/tmp/minio-config-env/config.env" - {{- end}} - {{- if .Values.metrics.serviceMonitor.public }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - {{- end}} - {{- if .Values.oidc.enabled }} - - name: MINIO_IDENTITY_OPENID_CONFIG_URL - value: {{ .Values.oidc.configUrl }} - - name: MINIO_IDENTITY_OPENID_CLIENT_ID - value: {{ .Values.oidc.clientId }} - - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - value: {{ .Values.oidc.clientSecret }} - - name: MINIO_IDENTITY_OPENID_CLAIM_NAME - value: {{ .Values.oidc.claimName }} - - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - value: {{ .Values.oidc.claimPrefix }} - - name: MINIO_IDENTITY_OPENID_SCOPES - value: {{ .Values.oidc.scopes }} - - name: MINIO_IDENTITY_OPENID_REDIRECT_URI - value: {{ .Values.oidc.redirectUri }} - - name: MINIO_IDENTITY_OPENID_COMMENT - value: {{ .Values.oidc.comment }} - {{- end}} - {{- range $key, $val := .Values.environment }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - nodeSelector: - {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: - {{- include "linux-node-tolerations" . | nindent 8 }} - {{- with .Values.tolerations }} - {{ toYaml . | indent 8 }} - {{- end }} - {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml . | indent 8 }} - {{- end }} - {{- end }} - volumes: - - name: minio-user - secret: - secretName: {{ template "minio.secretName" . }} - {{- if .Values.extraSecret }} - - name: extra-secret - secret: - secretName: {{ .Values.extraSecret }} - {{- end }} - {{- include "minio.tlsKeysVolume" . | indent 8 }} - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} - {{- range $diskId := until $drivesPerNode}} - - metadata: - name: export-{{ $diskId }} - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} - {{- else }} - - metadata: - name: export - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} - spec: - accessModes: [ {{ $accessMode | quote }} ] - {{- if $storageClass }} - storageClassName: {{ $storageClass }} - {{- end }} - resources: - requests: - storage: {{ $psize }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/values.yaml b/charts/epinio/102.0.3+up1.8.1/charts/minio/values.yaml deleted file mode 100644 index 664c4bdeeb..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/values.yaml +++ /dev/null @@ -1,535 +0,0 @@ -## Provide a name in place of minio for `app:` labels -## -nameOverride: "" - -## Provide a name to substitute for the full names of resources -## -fullnameOverride: "" - -## set kubernetes cluster domain where minio is running -## -clusterDomain: cluster.local - -## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the -## -image: - repository: rancher/mirrored-minio-minio - tag: RELEASE.2023-02-10T18-48-39Z - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio -## client used to create a default bucket). -## -mcImage: - repository: rancher/mirrored-minio-mc - tag: RELEASE.2023-01-28T20-29-38Z - pullPolicy: IfNotPresent - -## minio mode, i.e. standalone or distributed -mode: distributed ## other supported values are "standalone" - -## Additional labels to include with deployment or statefulset -additionalLabels: {} - -## Additional annotations to include with deployment or statefulset -additionalAnnotations: {} - -## Typically the deployment/statefulset includes checksums of secrets/config, -## So that when these change on a subsequent helm install, the deployment/statefulset -## is restarted. This can result in unnecessary restarts under GitOps tooling such as -## flux, so set to "true" to disable this behaviour. -ignoreChartChecksums: false - -## Additional arguments to pass to minio binary -extraArgs: [] - -## Additional volumes to minio container -extraVolumes: [] - -## Additional volumeMounts to minio container -extraVolumeMounts: [] - -## Additional sidecar containers -extraContainers: [] - -## Internal port number for MinIO S3 API container -## Change service.port to change external port number -minioAPIPort: "9000" - -## Internal port number for MinIO Browser Console container -## Change consoleService.port to change external port number -minioConsolePort: "9001" - -## Update strategy for Deployments -DeploymentUpdate: - type: RollingUpdate - maxUnavailable: 0 - maxSurge: 100% - -## Update strategy for StatefulSets -StatefulSetUpdate: - updateStrategy: RollingUpdate - -## Pod priority settings -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" - -## Pod runtime class name -## ref https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" - -## Set default rootUser, rootPassword -## AccessKey and secretKey is generated when not set -## Distributed MinIO ref: https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html -## -rootUser: "" -rootPassword: "" - -## Use existing Secret that store following variables: -## -## | Chart var | .data. in Secret | -## |:----------------------|:-------------------------| -## | rootUser | rootUser | -## | rootPassword | rootPassword | -## -## All mentioned variables will be ignored in values file. -## .data.rootUser and .data.rootPassword are mandatory, -## others depend on enabled status of corresponding sections. -existingSecret: "" - -## Directory on the MinIO pof -certsPath: "/etc/minio/certs/" -configPathmc: "/etc/minio/mc/" - -## Path where PV would be mounted on the MinIO Pod -mountPath: "/export" -## Override the root directory which the minio server should serve from. -## If left empty, it defaults to the value of {{ .Values.mountPath }} -## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} -## -bucketRoot: "" - -# Number of drives attached to a node -drivesPerNode: 1 -# Number of MinIO containers running -replicas: 16 -# Number of expanded MinIO clusters -pools: 1 - -## TLS Settings for MinIO -tls: - enabled: false - ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - certSecret: "" - publicCrt: public.crt - privateKey: private.key - -## Trusted Certificates Settings for MinIO. Ref: https://min.io/docs/minio/linux/operations/network-encryption.html#third-party-certificate-authorities -## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret -## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt. -## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret. -trustedCertsSecret: "" - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - annotations: {} - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - existingClaim: "" - - ## minio data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - ## Storage class of PV to bind. By default it looks for standard storage class. - ## If the PV uses a different storage class, specify that here. - storageClass: "" - VolumeName: "" - accessMode: ReadWriteOnce - size: 500Gi - - ## If subPath is set mount a sub folder of a volume instead of the root of the volume. - ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). - ## - subPath: "" - -## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - type: ClusterIP - clusterIP: ~ - port: "9000" - nodePort: 32000 - -## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## - -ingress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -consoleService: - type: ClusterIP - clusterIP: ~ - port: "9001" - nodePort: 32001 - -consoleIngress: - enabled: false - # ingressClassName: "" - labels: {} - # node-role.kubernetes.io/ingress: platform - - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # kubernetes.io/ingress.allow-http: "false" - # kubernetes.io/ingress.global-static-ip-name: "" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 - path: / - hosts: - - console.minio-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -tolerations: [] -affinity: {} -topologySpreadConstraints: [] - -## Add stateful containers to have security context, if enabled MinIO will run as this -## user and group NOTE: securityContext is only enabled if persistence.enabled=true -securityContext: - enabled: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - -# Additational pod annotations -podAnnotations: {} - -# Additional pod labels -podLabels: {} - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 16Gi - -## List of policies to be created after minio install -## -## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics] -## you can define additional policies with custom supported actions and resources -policies: [] -## writeexamplepolicy policy grants creation or deletion of buckets with name -## starting with example. In addition, grants objects write permissions on buckets starting with -## example. -# - name: writeexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:AbortMultipartUpload" -# - "s3:GetObject" -# - "s3:DeleteObject" -# - "s3:PutObject" -# - "s3:ListMultipartUploadParts" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:CreateBucket" -# - "s3:DeleteBucket" -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## readonlyexamplepolicy policy grants access to buckets with name starting with example. -## In addition, grants objects read permissions on buckets starting with example. -# - name: readonlyexamplepolicy -# statements: -# - resources: -# - 'arn:aws:s3:::example*/*' -# actions: -# - "s3:GetObject" -# - resources: -# - 'arn:aws:s3:::example*' -# actions: -# - "s3:GetBucketLocation" -# - "s3:ListBucket" -# - "s3:ListBucketMultipartUploads" -## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only -# - name: conditionsexample -# statements: -# - resources: -# - 'arn:aws:s3:::example/*' -# actions: -# - 's3:*' -# conditions: -# - StringEquals: '"aws:username": "johndoe"' -# - IpAddress: | -# "aws:SourceIp": [ -# "10.0.0.0/8", -# "192.168.0.0/24" -# ] -# -## Additional Annotations for the Kubernetes Job makePolicyJob -makePolicyJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of users to be created after minio install -## -users: - ## Username, password and policy to be assigned to the user - ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] - ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management - ## NOTE: this will fail if LDAP is enabled in your MinIO deployment - ## make sure to disable this if you are using LDAP. - - accessKey: console - secretKey: console123 - policy: consoleAdmin - # Or you can refer to specific secret - #- accessKey: externalSecret - # existingSecret: my-secret - # existingSecretKey: password - # policy: readonly - -## Additional Annotations for the Kubernetes Job makeUserJob -makeUserJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of service accounts to be created after minio install -## -# svcaccts: - ## accessKey, secretKey and parent user to be assigned to the service accounts - ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts - # - accessKey: console-svcacct - # secretKey: console123 - # user: console - ## Or you can refer to specific secret - # - accessKey: externalSecret - # existingSecret: my-secret - # existingSecretKey: password - # user: console - ## You also can pass custom policy - # - accessKey: console-svcacct - # secretKey: console123 - # user: console - # policy: - # statements: - # - resources: - # - 'arn:aws:s3:::example*/*' - # actions: - # - "s3:AbortMultipartUpload" - # - "s3:GetObject" - # - "s3:DeleteObject" - # - "s3:PutObject" - # - "s3:ListMultipartUploadParts" - -makeServiceAccountJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of buckets to be created after minio install -## -buckets: - # # Name of the bucket - # - name: bucket1 - # # Policy to be set on the - # # bucket [none|download|upload|public] - # policy: none - # # Purge if bucket exists already - # purge: false - # # set versioning for - # # bucket [true|false] - # versioning: false - # # set objectlocking for - # # bucket [true|false] NOTE: versioning is enabled by default if you use locking - # objectlocking: false - # - name: bucket2 - # policy: none - # purge: false - # versioning: true - # # set objectlocking for - # # bucket [true|false] NOTE: versioning is enabled by default if you use locking - # objectlocking: false - -## Additional Annotations for the Kubernetes Job makeBucketJob -makeBucketJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## List of command to run after minio install -## NOTE: the mc command TARGET is always "myminio" -customCommands: - # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'" - -## Additional Annotations for the Kubernetes Job customCommandJob -customCommandJob: - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - requests: - memory: 128Mi - # Command to run after the main command on exit - exitCommand: "" - -## Merge jobs -postJob: - podAnnotations: {} - annotations: {} - securityContext: - enabled: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - nodeSelector: {} - tolerations: [] - affinity: {} - -## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) -## when Chart is deployed -environment: - ## Please refer for comprehensive list https://min.io/docs/minio/linux/reference/minio-server/minio-server.html - ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io" - ## MINIO_BROWSER: "off" - -## The name of a secret in the same kubernetes namespace which contain secret values -## This can be useful for LDAP password, etc -## The key in the secret must be 'config.env' -## -# extraSecret: minio-extraenv - -## OpenID Identity Management -## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. -## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. -oidc: - enabled: false - configUrl: "https://identity-provider-url/.well-known/openid-configuration" - clientId: "minio" - clientSecret: "" - claimName: "policy" - scopes: "openid,profile,email" - redirectUri: "https://console-endpoint-url/oauth_callback" - # Can leave empty - claimPrefix: "" - comment: "" - -networkPolicy: - enabled: false - allowExternal: true - -## PodDisruptionBudget settings -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## -podDisruptionBudget: - enabled: false - maxUnavailable: 1 - -## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' -## and 'name' is left unspecified, the account 'default' will be used. -serviceAccount: - create: true - ## The name of the service account to use. If 'create' is 'true', a service account with that name - ## will be created. - name: "minio-sa" - -metrics: - serviceMonitor: - enabled: false - # scrape each node/pod individually for additional metrics - includeNode: false - public: true - additionalLabels: {} - # for node metrics - relabelConfigs: {} - # for cluster metrics - relabelConfigsCluster: {} - # metricRelabelings: - # - regex: (server|pod) - # action: labeldrop - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - -## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md -## Define endpoints to enable this section. -etcd: - endpoints: [] - pathPrefix: "" - corednsPathPrefix: "" - clientCert: "" - clientCertKey: "" diff --git a/charts/epinio/102.0.3+up1.8.1/templates/NOTES.txt b/charts/epinio/102.0.3+up1.8.1/templates/NOTES.txt deleted file mode 100644 index f0c1dd2bad..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -To interact with your Epinio installation download the latest epinio binary from https://github.com/epinio/epinio/releases/latest. - -Login to the cluster with any of -{{ range .Values.api.users }} - `epinio login -u {{ .username }} https://epinio.{{ $.Values.global.domain }}` -{{- end }} - -or go to the dashboard at: https://epinio.{{ .Values.global.domain }} - -If you didn't specify a password the default one is `password`. - -For more information about Epinio, feel free to checkout https://epinio.io/ and https://docs.epinio.io/. diff --git a/charts/epinio/102.0.3+up1.8.1/templates/assets.yaml b/charts/epinio/102.0.3+up1.8.1/templates/assets.yaml deleted file mode 100644 index 3614c7a967..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/assets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: {{ .Release.Namespace }} - name: epinio-assets - labels: - app.kubernetes.io/component: epinio - app.kubernetes.io/name: epinio-assets - app.kubernetes.io/part-of: epinio - app.kubernetes.io/version: {{ .Chart.AppVersion }} -type: Opaque -data: -{{ (.Files.Glob "assets/*").AsSecrets | indent 2 }} diff --git a/charts/epinio/102.0.3+up1.8.1/templates/certificate.yaml b/charts/epinio/102.0.3+up1.8.1/templates/certificate.yaml deleted file mode 100644 index 0256415331..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/certificate.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - epinio.{{ .Values.global.domain }} - issuerRef: - kind: ClusterIssuer - name: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }} - secretName: epinio-tls - -{{- if .Values.minio.enabled }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: minio-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ include "epinio.minio-hostname" . }} - issuerRef: - kind: ClusterIssuer - # We always trust the CA for minio so we can always use selfsigned certs - # Because Letsencrypt doesn't create certs for non public domains - name: epinio-ca - secretName: minio-tls - secretTemplate: - annotations: - kubed.appscode.com/sync: "kubed-s3-tls-from={{ .Release.Namespace }}" -{{- end }} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: epinio-ca - namespace: {{ .Values.certManagerNamespace }} -spec: - commonName: epinio-ca - isCA: true - issuerRef: - kind: ClusterIssuer - name: selfsigned-issuer - privateKey: - algorithm: ECDSA - size: 256 - secretName: epinio-ca-root diff --git a/charts/epinio/102.0.3+up1.8.1/templates/default-user.yaml b/charts/epinio/102.0.3+up1.8.1/templates/default-user.yaml deleted file mode 100644 index 0929de38ae..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/default-user.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- range .Values.api.users }} ---- -apiVersion: v1 -kind: Secret -type: BasicAuth -metadata: - labels: - epinio.io/api-user-credentials: "true" - epinio.io/role: {{ .role }} - name: {{ include "epinio-truncate" (print "user-" .username) }} - namespace: {{ $.Release.Namespace }} -stringData: - username: {{ .username | quote }} - password: {{ .passwordBcrypt | quote }} - namespaces: | - {{ join "\n" .workspaces -}} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/templates/psp.yaml b/charts/epinio/102.0.3+up1.8.1/templates/psp.yaml deleted file mode 100644 index f4097a1137..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/psp.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" -}} -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-server-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-server-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-server-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-server - app: epinio-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-server-psp -subjects: - - kind: ServiceAccount - name: epinio-server - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/templates/registry-secret.yaml b/charts/epinio/102.0.3+up1.8.1/templates/registry-secret.yaml deleted file mode 100644 index 6539d35032..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/registry-secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - annotations: - epinio.io/registry-namespace: {{ .Values.global.registryNamespace }} - kubed.appscode.com/sync: kubed-sync=registry-creds - name: registry-creds - namespace: {{ .Release.Namespace }} -stringData: - .dockerconfigjson: |- - { - "auths": { - "{{ template "epinio.registry-url" . }}": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } {{- if .Values.containerregistry.enabled }} , - "127.0.0.1:30500": { - "auth":"{{ printf "%s:%s" .Values.global.registryUsername .Values.global.registryPassword | b64enc }}", - "username":"{{ .Values.global.registryUsername }}", - "password":"{{ .Values.global.registryPassword }}" - } - {{- end -}} - } - } diff --git a/charts/epinio/102.0.3+up1.8.1/templates/service-catalog.yaml b/charts/epinio/102.0.3+up1.8.1/templates/service-catalog.yaml deleted file mode 100644 index 7391c9c382..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/service-catalog.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# These are three simple Services to fill the Service Catalog -{{ if .Values.serviceCatalog.enableDevServices }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: postgresql-dev - namespace: {{ .Release.Namespace }} -spec: - name: postgresql-dev - shortDescription: A PostgreSQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami PostreSQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/postgresql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: postgresql - chartVersion: 12.1.6 - serviceIcon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png - appVersion: 15.1.0 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mysql-dev - namespace: {{ .Release.Namespace }} -spec: - name: mysql-dev - shortDescription: A MySQL service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MySQL db instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mysql/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mysql - chartVersion: 9.4.5 - serviceIcon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png - appVersion: 8.0.31 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: redis-dev - namespace: {{ .Release.Namespace }} -spec: - name: redis-dev - shortDescription: A Redis service that can be used during development - description: | - This service is going to deploy a simple default Bitnami Redis instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/redis/. - This database is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: redis - chartVersion: 17.3.17 - serviceIcon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png - appVersion: 7.0.7 - helmRepo: - name: bitnami - url: "https://charts.bitnami.com/bitnami" - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: rabbitmq-dev - namespace: {{ .Release.Namespace }} -spec: - name: rabbitmq-dev - shortDescription: A RabbitMQ service that can be used during development - description: | - This service is going to deploy a simple default Bitnami RabbitMQ instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: rabbitmq - chartVersion: 11.2.2 - serviceIcon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png - appVersion: 3.11.5 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} ---- -apiVersion: application.epinio.io/v1 -kind: Service -metadata: - name: mongodb-dev - namespace: {{ .Release.Namespace }} -spec: - name: mongodb-dev - shortDescription: A MongoDB service that can be used during development - description: | - This service is going to deploy a simple default Bitnami MongoDB instance. - You can find more info at https://github.com/bitnami/charts/tree/master/bitnami/mongodb/. - This instance is running inside the cluster so it's probably not a good choice for production - environments, at least with this default configuration. - chart: mongodb - chartVersion: 13.6.2 - serviceIcon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png - appVersion: 6.0.3 - helmRepo: - name: bitnami - url: https://charts.bitnami.com/bitnami - values: |- - {{- template "epinio.catalog-service-values" . }} -{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/security.yaml b/charts/epinio/102.0.3+up1.8.1/templates/ui/security.yaml deleted file mode 100644 index 1ef8bc5c16..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/ui/security.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" -}} -{{- if .Values.global.rbac.pspEnabled }} - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: epinio-ui - namespace: {{ .Release.Namespace }} - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: epinio-ui-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -{{- if .Values.global.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.global.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -rules: -{{- if semverCompare "> 1.15.0-0" .Capabilities.KubeVersion.GitVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - epinio-ui-psp - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: epinio-ui-psp - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" - app.kubernetes.io/part-of: epinio-ui - app: epinio-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: epinio-ui-psp -subjects: - - kind: ServiceAccount - name: epinio-ui - namespace: {{ .Release.Namespace }} - -{{- end }} -{{- end -}} diff --git a/charts/epinio/102.0.3+up1.8.1/templates/validate-cert-manager-crd.yaml b/charts/epinio/102.0.3+up1.8.1/templates/validate-cert-manager-crd.yaml deleted file mode 100644 index 87e12c558c..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/validate-cert-manager-crd.yaml +++ /dev/null @@ -1,19 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "acme.cert-manager.io/v1/Challenge" false -}} -# {{- set $found "acme.cert-manager.io/v1/Order" false -}} -# {{- set $found "cert-manager.io/v1/CertificateRequest" false -}} -# {{- set $found "cert-manager.io/v1/Certificate" false -}} -# {{- set $found "cert-manager.io/v1/ClusterIssuer" false -}} -# {{- set $found "cert-manager.io/v1/Issuer" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/102.0.3+up1.8.1/templates/validate-install-crd.yaml b/charts/epinio/102.0.3+up1.8.1/templates/validate-install-crd.yaml deleted file mode 100644 index afa6e4fb4d..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/validate-install-crd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "application.epinio.io/v1/App" false -}} -# {{- set $found "application.epinio.io/v1/AppChart" false -}} -# {{- set $found "application.epinio.io/v1/Service" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/epinio/102.0.3+up1.8.1/templates/validate-psp-install.yaml b/charts/epinio/102.0.3+up1.8.1/templates/validate-psp-install.yaml deleted file mode 100644 index 28adb785e2..0000000000 --- a/charts/epinio/102.0.3+up1.8.1/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.rbac.pspEnabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/Chart.lock b/charts/epinio/102.0.4+up1.9.0/Chart.lock similarity index 63% rename from charts/epinio/102.0.3+up1.8.1/Chart.lock rename to charts/epinio/102.0.4+up1.9.0/Chart.lock index 19d686a7e5..3f884a51ac 100644 --- a/charts/epinio/102.0.3+up1.8.1/Chart.lock +++ b/charts/epinio/102.0.4+up1.9.0/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: dex repository: https://charts.dexidp.io - version: 0.14.1 + version: 0.14.3 - name: minio repository: https://charts.min.io/ - version: 5.0.7 + version: 5.0.13 - name: kubed repository: https://charts.appscode.com/stable/ version: v0.13.2 - name: s3gw repository: https://aquarist-labs.github.io/s3gw-charts version: 0.14.0 -digest: sha256:52f235f7f742300736558aa6aec231740a4e9288acb35797488064f69b5eae7a -generated: "2023-04-07T14:09:28.499174341Z" +digest: sha256:bb126710c2f9a5b3d92dcb6186b97747881fd323fbfe0a53cda5194dc9f1000d +generated: "2023-07-18T14:35:31.781489759+02:00" diff --git a/charts/epinio/102.0.3+up1.8.1/Chart.yaml b/charts/epinio/102.0.4+up1.9.0/Chart.yaml similarity index 91% rename from charts/epinio/102.0.3+up1.8.1/Chart.yaml rename to charts/epinio/102.0.4+up1.9.0/Chart.yaml index 281d21801d..957d6ea0e7 100644 --- a/charts/epinio/102.0.3+up1.8.1/Chart.yaml +++ b/charts/epinio/102.0.4+up1.9.0/Chart.yaml @@ -1,5 +1,6 @@ annotations: artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" catalog.cattle.io/auto-install: epinio-crd=match catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Epinio @@ -10,9 +11,9 @@ annotations: catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' catalog.cattle.io/release-name: epinio catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 + catalog.cattle.io/upstream-version: 1.9.0 apiVersion: v2 -appVersion: v1.8.1 +appVersion: v1.9.0 dependencies: - condition: global.dex.enabled name: dex @@ -47,4 +48,4 @@ maintainers: name: epinio sources: - https://github.com/epinio/epinio -version: 102.0.3+up1.8.1 +version: 102.0.4+up1.9.0 diff --git a/charts/epinio/102.0.3+up1.8.1/README.md b/charts/epinio/102.0.4+up1.9.0/README.md similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/README.md rename to charts/epinio/102.0.4+up1.9.0/README.md diff --git a/charts/epinio/102.0.1+up1.6.2/app-readme.md b/charts/epinio/102.0.4+up1.9.0/app-readme.md similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/app-readme.md rename to charts/epinio/102.0.4+up1.9.0/app-readme.md diff --git a/charts/epinio/102.0.3+up1.8.1/assets/epinio-application-0.1.26.tgz b/charts/epinio/102.0.4+up1.9.0/assets/epinio-application-0.1.26.tgz similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/assets/epinio-application-0.1.26.tgz rename to charts/epinio/102.0.4+up1.9.0/assets/epinio-application-0.1.26.tgz diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/.helmignore b/charts/epinio/102.0.4+up1.9.0/charts/dex/.helmignore similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/.helmignore rename to charts/epinio/102.0.4+up1.9.0/charts/dex/.helmignore diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/Chart.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/Chart.yaml similarity index 83% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/Chart.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/Chart.yaml index d003f7cc64..8015d9a1dc 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/Chart.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - kind: added - description: "Supporting template evaluation in ingress hosts" + description: "Use updated HorizontalPodAutoscaler API Version which is no longer served in K8s >=1.25" artifacthub.io/images: | - name: dex image: ghcr.io/dexidp/dex:v2.36.0 @@ -26,4 +26,4 @@ sources: - https://github.com/dexidp/dex - https://github.com/dexidp/helm-charts/tree/master/charts/dex type: application -version: 0.14.1 +version: 0.14.3 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/LICENSE b/charts/epinio/102.0.4+up1.9.0/charts/dex/LICENSE similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/LICENSE rename to charts/epinio/102.0.4+up1.9.0/charts/dex/LICENSE diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/README.md b/charts/epinio/102.0.4+up1.9.0/charts/dex/README.md similarity index 92% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/README.md rename to charts/epinio/102.0.4+up1.9.0/charts/dex/README.md index cb75515431..e3539a9d50 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/README.md +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/README.md @@ -1,6 +1,6 @@ # dex -![version: 0.14.1](https://img.shields.io/badge/version-0.14.1-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) +![version: 0.14.3](https://img.shields.io/badge/version-0.14.3-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.36.0](https://img.shields.io/badge/app%20version-2.36.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex) OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. @@ -134,7 +134,10 @@ ingress: | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | rbac.create | bool | `true` | Specifies whether RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources based on the templates. | | rbac.createClusterScoped | bool | `true` | Specifies which RBAC resources should be created. If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) | +| deploymentAnnotations | object | `{}` | Annotations to be added to deployment. | +| deploymentLabels | object | `{}` | Labels to be added to deployment. | | podAnnotations | object | `{}` | Annotations to be added to pods. | +| podLabels | object | `{}` | Labels to be added to pods. | | podDisruptionBudget.enabled | bool | `false` | Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). It is **highly recommended** for webhooks as disruptions can prevent launching new pods. | | podDisruptionBudget.minAvailable | int/percentage | `nil` | Number or percentage of pods that must remain available. | | podDisruptionBudget.maxUnavailable | int/percentage | `nil` | Number or percentage of pods that can be unavailable. | @@ -160,6 +163,12 @@ ingress: | serviceMonitor.interval | duration | `nil` | Prometheus scrape interval. | | serviceMonitor.scrapeTimeout | duration | `nil` | Prometheus scrape timeout. | | serviceMonitor.labels | object | `{}` | Labels to be added to the ServiceMonitor. | +| serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | +| serviceMonitor.scheme | string | `""` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. | +| serviceMonitor.tlsConfig | object | `{}` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS. | +| serviceMonitor.bearerTokenFile | string | `nil` | Prometheus scrape bearerTokenFile | +| serviceMonitor.metricRelabelings | list | `[]` | Prometheus scrape metric relabel configs to apply to samples before ingestion. | +| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. | | resources | object | No requests or limits. | Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. | | autoscaling | object | Disabled by default. | Autoscaling configuration (see [values.yaml](values.yaml) for details). | | nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. | diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/ci/config-secret-values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/ci/config-secret-values.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/ci/config-secret-values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/ci/config-secret-values.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/pod-annotations-values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/ci/label-annotations-values.yaml similarity index 60% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/ci/pod-annotations-values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/ci/label-annotations-values.yaml index d08cdb1714..876c699fd2 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/ci/pod-annotations-values.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/ci/label-annotations-values.yaml @@ -6,5 +6,14 @@ config: enablePasswordDB: true +deploymentAnnotations: + reloader.stakater.com/auto: "true" + podAnnotations: vault.security.banzaicloud.io/vault-addr: "https://vault.vault:8200" + +deploymentLabels: + hello: world + +podLabels: + hello: world diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/ci/no-config-secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/ci/no-config-secret.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/ci/no-config-secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/ci/no-config-secret.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/ci/test-values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/ci/test-values.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/ci/test-values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/ci/test-values.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/NOTES.txt b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/NOTES.txt similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/NOTES.txt rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/NOTES.txt diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/_helpers.tpl b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/_helpers.tpl similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/templates/_helpers.tpl rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/_helpers.tpl diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/deployment.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/deployment.yaml similarity index 93% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/templates/deployment.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/deployment.yaml index a045e38934..8a5be9b468 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/deployment.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/deployment.yaml @@ -4,6 +4,13 @@ metadata: name: {{ include "dex.fullname" . }} labels: {{- include "dex.labels" . | nindent 4 }} + {{ with .Values.deploymentLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{ with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -26,6 +33,9 @@ spec: {{- end }} labels: {{- include "dex.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/hpa.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/hpa.yaml similarity index 87% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/hpa.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/hpa.yaml index f381c7d72a..1b0a7e0623 100644 --- a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/hpa.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/hpa.yaml @@ -1,5 +1,9 @@ {{- if .Values.autoscaling.enabled }} +{{- if semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: autoscaling/v2 +{{- else -}} apiVersion: autoscaling/v2beta1 +{{- end }} kind: HorizontalPodAutoscaler metadata: name: {{ include "dex.fullname" . }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/templates/ingress.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/ingress.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/templates/ingress.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/ingress.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/networkpolicy.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/networkpolicy.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/networkpolicy.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/networkpolicy.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/poddisruptionbudget.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/poddisruptionbudget.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/poddisruptionbudget.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/poddisruptionbudget.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/psp.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/psp.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/charts/dex/templates/psp.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/psp.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/rbac.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/rbac.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/rbac.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/rbac.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/secret.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/secret.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/service.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/service.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/service.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/service.yaml diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/serviceaccount.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/serviceaccount.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/serviceaccount.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/serviceaccount.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/servicemonitor.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/servicemonitor.yaml similarity index 50% rename from charts/epinio/102.0.1+up1.6.2/charts/dex/templates/servicemonitor.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/servicemonitor.yaml index 34e161e81a..ce96e5be1d 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/dex/templates/servicemonitor.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/servicemonitor.yaml @@ -2,6 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "dex.fullname" . }} {{- with .Values.serviceMonitor.namespace }} namespace: {{ . }} @@ -17,9 +21,29 @@ spec: {{- with .Values.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 6 }} + {{- end }} {{- with .Values.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ . }} {{- end }} + path: {{ .Values.serviceMonitor.path }} + honorLabels: {{ .Values.serviceMonitor.honorLabels }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} jobLabel: {{ include "dex.fullname" . }} selector: matchLabels: diff --git a/charts/epinio/100.0.5+up1.6.2/charts/dex/templates/tests/no-config-secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/templates/tests/no-config-secret.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/dex/templates/tests/no-config-secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/templates/tests/no-config-secret.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/dex/values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/dex/values.yaml similarity index 87% rename from charts/epinio/102.0.3+up1.8.1/charts/dex/values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/dex/values.yaml index fa061e8732..a00c9bad6f 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/dex/values.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/dex/values.yaml @@ -105,9 +105,18 @@ rbac: # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) createClusterScoped: true +# -- Annotations to be added to deployment. +deploymentAnnotations: {} + +# -- Labels to be added to deployment. +deploymentLabels: {} + # -- Annotations to be added to pods. podAnnotations: {} +# -- Labels to be added to pods. +podLabels: {} + podDisruptionBudget: # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). # It is **highly recommended** for webhooks as disruptions can prevent launching new pods. @@ -212,8 +221,44 @@ serviceMonitor: scrapeTimeout: # -- Labels to be added to the ServiceMonitor. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec labels: {} + # -- Annotations to be added to the ServiceMonitor. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + # -- HTTP scheme to use for scraping. + # Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + # -- TLS configuration to use when scraping the endpoint. + # For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + # -- Prometheus scrape bearerTokenFile + bearerTokenFile: + + # -- Prometheus scrape metric relabel configs + # to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # -- Relabel configs to apply + # to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. # @default -- No requests or limits. diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/.helmignore b/charts/epinio/102.0.4+up1.9.0/charts/kubed/.helmignore similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/.helmignore rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/.helmignore diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/Chart.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/Chart.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/Chart.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/Chart.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/README.md b/charts/epinio/102.0.4+up1.9.0/charts/kubed/README.md similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/README.md rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/README.md diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/doc.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/doc.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/doc.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/doc.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/NOTES.txt b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/NOTES.txt similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/NOTES.txt rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/NOTES.txt diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/_helpers.tpl b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/_helpers.tpl similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/_helpers.tpl rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/_helpers.tpl diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/apiregistration.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/apiregistration.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/apiregistration.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/apiregistration.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/cluster-role-binding.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/cluster-role-binding.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/cluster-role-binding.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/cluster-role-binding.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/cluster-role.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/cluster-role.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/cluster-role.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/cluster-role.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/deployment.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/deployment.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/deployment.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/deployment.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/psp.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/psp.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/charts/kubed/templates/psp.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/psp.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/secret.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/secret.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/service.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/service.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/service.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/service.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/serviceaccount.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/serviceaccount.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/templates/serviceaccount.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/templates/serviceaccount.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/kubed/values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/kubed/values.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/kubed/values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/kubed/values.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/.helmignore b/charts/epinio/102.0.4+up1.9.0/charts/minio/.helmignore similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/minio/.helmignore rename to charts/epinio/102.0.4+up1.9.0/charts/minio/.helmignore diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/Chart.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/Chart.yaml similarity index 84% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/Chart.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/Chart.yaml index 55ed285672..29c7fbc4ef 100644 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/Chart.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: RELEASE.2022-12-12T19-27-27Z +appVersion: RELEASE.2023-07-07T07-13-57Z description: Multi-Cloud Object Storage home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -15,4 +15,4 @@ maintainers: name: minio sources: - https://github.com/minio/minio -version: 5.0.4 +version: 5.0.13 diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/README.md b/charts/epinio/102.0.4+up1.9.0/charts/minio/README.md similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/README.md rename to charts/epinio/102.0.4+up1.9.0/charts/minio/README.md diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/NOTES.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/NOTES.txt similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/templates/NOTES.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/NOTES.txt diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_bucket.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_bucket.txt similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_bucket.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_bucket.txt diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_policy.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_policy.txt similarity index 96% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_policy.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_policy.txt index d565b161e3..aa584952f8 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_policy.txt +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_policy.txt @@ -55,7 +55,7 @@ createPolicy () { else echo "Policy '$NAME' already exists." fi - ${MC} admin policy add myminio $NAME /config/$FILENAME.json + ${MC} admin policy create myminio $NAME /config/$FILENAME.json } @@ -72,4 +72,4 @@ connectToMinio $scheme {{- range $idx, $policy := .Values.policies }} createPolicy {{ $policy.name }} policy_{{ $idx }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_svcacct.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_svcacct.txt similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_svcacct.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_svcacct.txt diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_user.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_user.txt similarity index 95% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_user.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_user.txt index 324bc9d482..9f2c6a4d8f 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/_helper_create_user.txt +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_create_user.txt @@ -73,7 +73,9 @@ createUser() { # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" - ${MC} admin policy set myminio $POLICY user=$USER + set +e ; # policy already attach errors out, allow it. + ${MC} admin policy attach myminio $POLICY --user=$USER + set -e else echo "User '$USER' has no policy attached." fi diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_custom_command.txt b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_custom_command.txt similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/minio/templates/_helper_custom_command.txt rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_custom_command.txt diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_policy.tpl b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_policy.tpl similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/templates/_helper_policy.tpl rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helper_policy.tpl diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helpers.tpl b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helpers.tpl similarity index 70% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helpers.tpl rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helpers.tpl index 2cd9772ffb..3141a8a9b7 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/_helpers.tpl +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/_helpers.tpl @@ -3,7 +3,7 @@ Expand the name of the chart. */}} {{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -12,102 +12,102 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "minio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Return the appropriate apiVersion for networkpolicy. */}} {{- define "minio.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for deployment. */}} {{- define "minio.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} + {{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for statefulset. */}} {{- define "minio.statefulset.apiVersion" -}} -{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} + {{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for ingress. */}} {{- define "minio.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for console ingress. */}} {{- define "minio.consoleIngress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Determine secret name. */}} {{- define "minio.secretName" -}} -{{- if .Values.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "minio.fullname" . -}} -{{- end -}} + {{- if .Values.existingSecret -}} + {{- .Values.existingSecret }} + {{- else -}} + {{- include "minio.fullname" . -}} + {{- end -}} {{- end -}} {{/* Determine name for scc role and rolebinding */}} {{- define "minio.sccRoleName" -}} -{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -195,9 +195,9 @@ otherwise it generates a random value. {{- $len := (default 16 .Length) | int -}} {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} {{- if $obj }} - {{- index $obj .Key | b64dec -}} + {{- index $obj .Key | b64dec -}} {{- else -}} - {{- randAlphaNum $len -}} + {{- randAlphaNum $len -}} {{- end -}} {{- end }} diff --git a/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/configmap.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/configmap.yaml new file mode 100644 index 0000000000..47f64cc234 --- /dev/null +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + initialize: |- + {{- include (print $.Template.BasePath "/_helper_create_bucket.txt") . | nindent 4 }} + add-user: |- + {{- include (print $.Template.BasePath "/_helper_create_user.txt") . | nindent 4 }} + add-policy: |- + {{- include (print $.Template.BasePath "/_helper_create_policy.txt") . | nindent 4 }} + {{- range $idx, $policy := .Values.policies }} + # Policy: {{ $policy.name }} + policy_{{ $idx }}.json: |- + {{- include (print $.Template.BasePath "/_helper_policy.tpl") . | nindent 4 }} + {{ end }} + {{- range $idx, $svc := .Values.svcaccts }} + {{- if $svc.policy }} + # SVC: {{ $svc.accessKey }} + svc_policy_{{ $idx }}.json: |- + {{- include (print $.Template.BasePath "/_helper_policy.tpl") .policy | nindent 4 }} + {{- end }} + {{- end }} + add-svcacct: |- + {{- include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | nindent 4 }} + custom-command: |- + {{- include (print $.Template.BasePath "/_helper_custom_command.txt") . | nindent 4 }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-ingress.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-ingress.yaml similarity index 65% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-ingress.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-ingress.yaml index 2ce9a93bf3..79a2b1b58b 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/console-ingress.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-ingress.yaml @@ -6,53 +6,50 @@ apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.consoleIngress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.consoleIngress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.consoleIngress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.consoleIngress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.consoleIngress.ingressClassName }} + {{- if .Values.consoleIngress.ingressClassName }} ingressClassName: {{ .Values.consoleIngress.ingressClassName }} -{{- end }} -{{- if .Values.consoleIngress.tls }} + {{- end }} + {{- if .Values.consoleIngress.tls }} tls: - {{- range .Values.consoleIngress.tls }} + {{- range .Values.consoleIngress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.consoleIngress.hosts }} + {{- range .Values.consoleIngress.hosts }} - http: paths: - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} pathType: Prefix backend: service: name: {{ $fullName }} port: number: {{ $servicePort }} - {{- else }} + {{- else }} backend: serviceName: {{ $fullName }} servicePort: {{ $servicePort }} - {{- end }} + {{- end }} {{- if . }} - host: {{ . | quote }} + host: {{ tpl . $ | quote }} {{- end }} - {{- end }} + {{- end }} {{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-service.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-service.yaml similarity index 54% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-service.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-service.yaml index 46da359744..2bbe7e385d 100644 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/console-service.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/console-service.yaml @@ -1,48 +1,43 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} apiVersion: v1 kind: Service metadata: name: {{ template "minio.fullname" . }}-console - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.consoleService.annotations }} - annotations: -{{ toYaml .Values.consoleService.annotations | indent 4 }} -{{- end }} + {{- if .Values.consoleService.annotations }} + annotations: {{- toYaml .Values.consoleService.annotations | nindent 4 }} + {{- end }} spec: -{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} + {{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} type: ClusterIP {{- if not (empty .Values.consoleService.clusterIP) }} clusterIP: {{ .Values.consoleService.clusterIP }} - {{end}} -{{- else if eq .Values.consoleService.type "LoadBalancer" }} + {{- end }} + {{- else if eq .Values.consoleService.type "LoadBalancer" }} type: {{ .Values.consoleService.type }} loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} -{{- else }} + {{- else }} type: {{ .Values.consoleService.type }} -{{- end }} + {{- end }} ports: - name: {{ $scheme }} port: {{ .Values.consoleService.port }} protocol: TCP -{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} + {{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} nodePort: {{ .Values.consoleService.nodePort }} -{{- else }} + {{- else }} targetPort: {{ .Values.minioConsolePort }} -{{- end}} -{{- if .Values.consoleService.externalIPs }} + {{- end }} + {{- if .Values.consoleService.externalIPs }} externalIPs: -{{- range $i , $ip := .Values.consoleService.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} + {{- range $i , $ip := .Values.consoleService.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} selector: app: {{ template "minio.name" . }} release: {{ .Release.Name }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/deployment.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/deployment.yaml similarity index 80% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/deployment.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/deployment.yaml index 3dd0904c0b..bbc762b6b3 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/deployment.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/deployment.yaml @@ -1,34 +1,29 @@ {{- if eq .Values.mode "standalone" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} apiVersion: {{ template "minio.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} spec: strategy: - type: {{ .Values.DeploymentUpdate.type }} - {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} + type: {{ .Values.deploymentUpdate.type }} + {{- if eq .Values.deploymentUpdate.type "RollingUpdate" }} rollingUpdate: - maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} - maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} + maxSurge: {{ .Values.deploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.deploymentUpdate.maxUnavailable }} + {{- end }} replicas: 1 selector: matchLabels: @@ -40,17 +35,17 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} annotations: -{{- if not .Values.ignoreChartChecksums }} + {{- if not .Values.ignoreChartChecksums }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | trimSuffix "\n" | nindent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" @@ -58,7 +53,7 @@ spec: {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} @@ -66,10 +61,10 @@ spec: {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} + {{- end }} + {{ if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -114,11 +109,11 @@ spec: {{- if .Values.extraSecret }} - name: MINIO_CONFIG_ENV_FILE value: "/tmp/minio-config-env/config.env" - {{- end}} + {{- end }} {{- if .Values.metrics.serviceMonitor.public }} - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - {{- end}} + {{- end }} {{- if .Values.oidc.enabled }} - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: {{ .Values.oidc.configUrl }} @@ -136,7 +131,7 @@ spec: value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} - {{- end}} + {{- end }} {{- if .Values.etcd.endpoints }} - name: MINIO_ETCD_ENDPOINTS value: {{ join "," .Values.etcd.endpoints | quote }} @@ -159,37 +154,35 @@ spec: {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} + value: {{ tpl $val $ | quote }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} nodeSelector: {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - tolerations: + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: {{- toYaml . | nindent 8 }} {{- include "linux-node-tolerations" . | nindent 8 }} {{- with .Values.tolerations }} {{ toYaml . | indent 8 }} {{- end }} volumes: - name: export - {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} + {{- else }} emptyDir: {} - {{- end }} + {{- end }} {{- if .Values.extraSecret }} - name: extra-secret secret: diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/ingress.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/ingress.yaml similarity index 66% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/templates/ingress.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/ingress.yaml index 8d9a837dc8..1a564c6bce 100644 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/ingress.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/ingress.yaml @@ -6,53 +6,50 @@ apiVersion: {{ template "minio.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.ingress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.ingress.ingressClassName }} + {{- if .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} -{{- end }} -{{- if .Values.ingress.tls }} + {{- end }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - http: paths: - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} pathType: Prefix backend: service: name: {{ $fullName }} port: number: {{ $servicePort }} - {{- else }} + {{- else }} backend: serviceName: {{ $fullName }} servicePort: {{ $servicePort }} - {{- end }} + {{- end }} {{- if . }} - host: {{ . | quote }} + host: {{ tpl . $ | quote }} {{- end }} - {{- end }} + {{- end }} {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/networkpolicy.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/networkpolicy.yaml similarity index 94% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/networkpolicy.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/networkpolicy.yaml index ac219b937b..7ebc2aa739 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/networkpolicy.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/networkpolicy.yaml @@ -3,7 +3,6 @@ kind: NetworkPolicy apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} metadata: name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/poddisruptionbudget.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/poddisruptionbudget.yaml similarity index 90% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/poddisruptionbudget.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/poddisruptionbudget.yaml index 41c649aa29..a5f90a0808 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/poddisruptionbudget.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/poddisruptionbudget.yaml @@ -7,7 +7,6 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: minio - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} spec: diff --git a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/post-job.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/post-job.yaml similarity index 85% rename from charts/epinio/102.0.3+up1.8.1/charts/minio/templates/post-job.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/post-job.yaml index cad001b721..8bb37b7f35 100644 --- a/charts/epinio/102.0.3+up1.8.1/charts/minio/templates/post-job.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/post-job.yaml @@ -3,7 +3,6 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ template "minio.fullname" . }}-post-job - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }}-post-job chart: {{ template "minio.chart" . }} @@ -25,17 +24,15 @@ spec: {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} {{- if .Values.postJob.podAnnotations }} - annotations: - {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} + annotations: {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} {{- end }} spec: restartPolicy: OnFailure - {{- include "minio.imagePullSecrets" . | nindent 6 }} + {{- include "minio.imagePullSecrets" . | indent 6 }} nodeSelector: {{- include "linux-node-selector" . | nindent 8 }} {{- with .Values.postJob.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} tolerations: {{- include "linux-node-tolerations" . | nindent 8 }} @@ -49,6 +46,10 @@ spec: fsGroup: {{ .Values.postJob.securityContext.fsGroup }} {{- end }} volumes: + - name: etc-path + emptyDir: {} + - name: tmp + emptyDir: {} - name: minio-configuration projected: sources: @@ -81,22 +82,25 @@ spec: items: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt - {{ end }} - containers: - {{- if .Values.buckets }} - - name: minio-make-bucket + {{- end }} + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} + {{- end }} + {{- if .Values.policies }} + initContainers: + - name: minio-make-policy image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeBucketJob.securityContext.enabled }} + {{- if .Values.makePolicyJob.securityContext.enabled }} securityContext: - runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} + runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeBucketJob.exitCommand }} + {{- if .Values.makePolicyJob.exitCommand }} command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] + args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] {{- else }} - command: [ "/bin/sh", "/config/initialize" ] + command: [ "/bin/sh", "/config/add-policy" ] {{- end }} env: - name: MINIO_ENDPOINT @@ -104,29 +108,33 @@ spec: - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} - {{- end }} - {{- if .Values.users }} - - name: minio-make-user + {{- end }} + resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} + {{- end }} + containers: + {{- if .Values.buckets }} + - name: minio-make-bucket image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makeUserJob.securityContext.enabled }} + {{- if .Values.makeBucketJob.securityContext.enabled }} securityContext: - runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} + runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeUserJob.exitCommand }} + {{- if .Values.makeBucketJob.exitCommand }} command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] + args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] {{- else }} - command: [ "/bin/sh", "/config/add-user" ] + command: [ "/bin/sh", "/config/initialize" ] {{- end }} env: - name: MINIO_ENDPOINT @@ -134,29 +142,32 @@ spec: - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeUserJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} {{- end }} - {{- if .Values.policies }} - - name: minio-make-policy + {{- if .Values.users }} + - name: minio-make-user image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makePolicyJob.securityContext.enabled }} + {{- if .Values.makeUserJob.securityContext.enabled }} securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} + runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makePolicyJob.exitCommand }} + {{- if .Values.makeUserJob.exitCommand }} command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] + args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] {{- else }} - command: [ "/bin/sh", "/config/add-policy" ] + command: [ "/bin/sh", "/config/add-user" ] {{- end }} env: - name: MINIO_ENDPOINT @@ -164,14 +175,17 @@ spec: - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} {{- end }} {{- if .Values.customCommands }} - name: minio-custom-command @@ -194,14 +208,17 @@ spec: - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.customCommandJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.customCommandJob.resources | nindent 12 }} {{- end }} {{- if .Values.svcaccts }} - name: minio-make-svcacct @@ -224,13 +241,16 @@ spec: - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} {{- end }} {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/psp.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/psp.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/psp.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/psp.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/pvc.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/pvc.yaml similarity index 60% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/pvc.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/pvc.yaml index 369aade415..60f5267b0c 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/pvc.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/pvc.yaml @@ -4,32 +4,29 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 4 }} + {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} - -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" -{{- else }} + {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.persistence.VolumeName }} - volumeName: "{{ .Values.persistence.VolumeName }}" -{{- end }} + {{- end }} + {{- end }} + {{- if .Values.persistence.volumeName }} + volumeName: "{{ .Values.persistence.volumeName }}" + {{- end }} {{- end }} {{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/secrets.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/secrets.yaml similarity index 93% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/secrets.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/secrets.yaml index da2ecab4a1..476c3da512 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/secrets.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/secrets.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "minio.secretName" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} diff --git a/charts/epinio/100.0.0+up1.2.1/charts/minio/templates/securitycontextconstraints.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/securitycontextconstraints.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/charts/minio/templates/securitycontextconstraints.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/securitycontextconstraints.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/service.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/service.yaml similarity index 55% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/service.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/service.yaml index 741528df45..ba1f3feaa5 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/service.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/service.yaml @@ -1,49 +1,44 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} apiVersion: v1 kind: Service metadata: name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} monitoring: "true" -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} + {{- if .Values.service.annotations }} + annotations: {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} spec: -{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} + {{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} type: ClusterIP {{- if not (empty .Values.service.clusterIP) }} clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} + {{- end }} + {{- else if eq .Values.service.type "LoadBalancer" }} type: {{ .Values.service.type }} loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} -{{- else }} + {{- else }} type: {{ .Values.service.type }} -{{- end }} + {{- end }} ports: - name: {{ $scheme }} port: {{ .Values.service.port }} protocol: TCP -{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + {{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} nodePort: {{ .Values.service.nodePort }} -{{- else }} + {{- else }} targetPort: {{ .Values.minioAPIPort }} -{{- end}} -{{- if .Values.service.externalIPs }} + {{- end }} + {{- if .Values.service.externalIPs }} externalIPs: -{{- range $i , $ip := .Values.service.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} + {{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} selector: app: {{ template "minio.name" . }} release: {{ .Release.Name }} diff --git a/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/serviceaccount.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/serviceaccount.yaml new file mode 100644 index 0000000000..07840153d9 --- /dev/null +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name | quote }} +{{- end }} diff --git a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/servicemonitor.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/servicemonitor.yaml similarity index 84% rename from charts/epinio/100.0.5+up1.6.2/charts/minio/templates/servicemonitor.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/servicemonitor.yaml index 955273b526..f875a850ed 100644 --- a/charts/epinio/100.0.5+up1.6.2/charts/minio/templates/servicemonitor.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/servicemonitor.yaml @@ -1,12 +1,10 @@ -{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}} +{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "minio.fullname" . }} {{- if .Values.metrics.serviceMonitor.namespace }} namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} {{- end }} labels: app: {{ template "minio.name" . }} @@ -14,12 +12,11 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} -{{- if .Values.metrics.serviceMonitor.annotations }} - annotations: -{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent 4 }} + {{- end }} spec: endpoints: {{- if .Values.tls.enabled }} @@ -31,7 +28,7 @@ spec: name: {{ .Values.tls.certSecret }} key: {{ .Values.tls.publicCrt }} serverName: {{ template "minio.fullname" . }} - {{ else }} + {{- else }} - port: http scheme: http {{- end }} @@ -43,7 +40,7 @@ spec: scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} {{- end }} {{- if .Values.metrics.serviceMonitor.relabelConfigs }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: @@ -67,8 +64,6 @@ metadata: name: {{ template "minio.fullname" . }}-cluster {{- if .Values.metrics.serviceMonitor.namespace }} namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{ else }} - namespace: {{ .Release.Namespace | quote }} {{- end }} labels: app: {{ template "minio.name" . }} @@ -76,7 +71,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} spec: jobName: {{ template "minio.fullname" . }} @@ -93,11 +88,11 @@ spec: path: /minio/v2/metrics/cluster {{- if .Values.tls.enabled }} scheme: https - {{ else }} + {{- else }} scheme: http {{- end }} {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | nindent 2 }} {{- end }} targets: staticConfig: diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/statefulset.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/statefulset.yaml similarity index 76% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/templates/statefulset.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/templates/statefulset.yaml index eaedfc6294..33f40095da 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/templates/statefulset.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/templates/statefulset.yaml @@ -3,10 +3,7 @@ {{ $nodeCount := .Values.replicas | int }} {{ $replicas := mul $poolCount $nodeCount }} {{ $drivesPerNode := .Values.drivesPerNode | int }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} {{ $mountPath := .Values.mountPath }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} {{ $subPath := .Values.persistence.subPath }} @@ -18,12 +15,11 @@ apiVersion: v1 kind: Service metadata: name: {{ template "minio.fullname" . }}-svc - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: publishNotReadyAddresses: true clusterIP: None @@ -40,22 +36,20 @@ apiVersion: {{ template "minio.statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ template "minio.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} spec: updateStrategy: - type: {{ .Values.StatefulSetUpdate.updateStrategy }} + type: {{ .Values.statefulSetUpdate.updateStrategy }} podManagementPolicy: "Parallel" serviceName: {{ template "minio.fullname" . }}-svc replicas: {{ $replicas }} @@ -69,17 +63,17 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} annotations: -{{- if not .Values.ignoreChartChecksums }} + {{- if not .Values.ignoreChartChecksums }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" @@ -87,7 +81,7 @@ spec: {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} @@ -95,18 +89,19 @@ spec: {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} + {{- end }} + {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", + command: [ + "/bin/sh", "-ce", - "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] + "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{ else }}{{ $bucketRoot }}{{end }}{{- end }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" + ] volumeMounts: {{- if $penabled }} {{- if (gt $drivesPerNode 1) }} @@ -152,11 +147,11 @@ spec: {{- if .Values.extraSecret }} - name: MINIO_CONFIG_ENV_FILE value: "/tmp/minio-config-env/config.env" - {{- end}} + {{- end }} {{- if .Values.metrics.serviceMonitor.public }} - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - {{- end}} + {{- end }} {{- if .Values.oidc.enabled }} - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: {{ .Values.oidc.configUrl }} @@ -174,38 +169,35 @@ spec: value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} - {{- end}} + {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} - value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} + value: {{ tpl $val $ | quote }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} nodeSelector: {{- include "linux-node-selector" . | nindent 8 }} -{{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} tolerations: {{- include "linux-node-tolerations" . | nindent 8 }} {{- with .Values.tolerations }} {{ toYaml . | indent 8 }} {{- end }} - {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml . | indent 8 }} - {{- end }} - {{- end }} + {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} volumes: - name: minio-user secret: @@ -217,18 +209,17 @@ spec: {{- end }} {{- include "minio.tlsKeysVolume" . | indent 8 }} {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} -{{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} + {{- if gt $drivesPerNode 1 }} {{- range $diskId := until $drivesPerNode}} - metadata: name: export-{{ $diskId }} - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} spec: accessModes: [ {{ $accessMode | quote }} ] {{- if $storageClass }} @@ -238,13 +229,12 @@ spec: requests: storage: {{ $psize }} {{- end }} - {{- else }} + {{- else }} - metadata: name: export - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} spec: accessModes: [ {{ $accessMode | quote }} ] {{- if $storageClass }} @@ -253,6 +243,6 @@ spec: resources: requests: storage: {{ $psize }} + {{- end }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/epinio/102.0.1+up1.6.2/charts/minio/values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/minio/values.yaml similarity index 96% rename from charts/epinio/102.0.1+up1.6.2/charts/minio/values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/minio/values.yaml index 233c615720..fbdc9be546 100644 --- a/charts/epinio/102.0.1+up1.6.2/charts/minio/values.yaml +++ b/charts/epinio/102.0.4+up1.9.0/charts/minio/values.yaml @@ -14,7 +14,7 @@ clusterDomain: cluster.local ## image: repository: rancher/mirrored-minio-minio - tag: RELEASE.2022-12-12T19-27-27Z + tag: RELEASE.2023-07-07T07-13-57Z pullPolicy: IfNotPresent imagePullSecrets: [] @@ -25,7 +25,7 @@ imagePullSecrets: [] ## mcImage: repository: rancher/mirrored-minio-mc - tag: RELEASE.2022-12-13T00-23-28Z + tag: RELEASE.2023-06-28T21-54-17Z pullPolicy: IfNotPresent ## minio mode, i.e. standalone or distributed @@ -64,13 +64,13 @@ minioAPIPort: "9000" minioConsolePort: "9001" ## Update strategy for Deployments -DeploymentUpdate: +deploymentUpdate: type: RollingUpdate maxUnavailable: 0 maxSurge: 100% ## Update strategy for StatefulSets -StatefulSetUpdate: +statefulSetUpdate: updateStrategy: RollingUpdate ## Pod priority settings @@ -157,7 +157,7 @@ persistence: ## Storage class of PV to bind. By default it looks for standard storage class. ## If the PV uses a different storage class, specify that here. storageClass: "" - VolumeName: "" + volumeName: "" accessMode: ReadWriteOnce size: 500Gi @@ -175,16 +175,18 @@ service: clusterIP: ~ port: "9000" nodePort: 32000 + loadBalancerIP: ~ + externalIPs: [] + annotations: {} ## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: false - # ingressClassName: "" + ingressClassName: ~ labels: {} # node-role.kubernetes.io/ingress: platform - annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -206,13 +208,15 @@ consoleService: clusterIP: ~ port: "9001" nodePort: 32001 + loadBalancerIP: ~ + externalIPs: [] + annotations: {} consoleIngress: enabled: false - # ingressClassName: "" + ingressClassName: ~ labels: {} # node-role.kubernetes.io/ingress: platform - annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -320,7 +324,6 @@ makePolicyJob: enabled: false runAsUser: 1000 runAsGroup: 1000 - fsGroup: 1000 resources: requests: memory: 128Mi @@ -350,7 +353,6 @@ makeUserJob: enabled: false runAsUser: 1000 runAsGroup: 1000 - fsGroup: 1000 resources: requests: memory: 128Mi @@ -359,7 +361,7 @@ makeUserJob: ## List of service accounts to be created after minio install ## -# svcaccts: +svcaccts: [] ## accessKey, secretKey and parent user to be assigned to the service accounts ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts # - accessKey: console-svcacct @@ -390,7 +392,6 @@ makeServiceAccountJob: enabled: false runAsUser: 1000 runAsGroup: 1000 - fsGroup: 1000 resources: requests: memory: 128Mi @@ -399,7 +400,7 @@ makeServiceAccountJob: ## List of buckets to be created after minio install ## -buckets: +buckets: [] # # Name of the bucket # - name: bucket1 # # Policy to be set on the @@ -427,7 +428,6 @@ makeBucketJob: enabled: false runAsUser: 1000 runAsGroup: 1000 - fsGroup: 1000 resources: requests: memory: 128Mi @@ -437,7 +437,7 @@ makeBucketJob: ## List of command to run after minio install ## NOTE: the mc command TARGET is always "myminio" customCommands: - # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'" + # - command: "admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'" ## Additional Annotations for the Kubernetes Job customCommandJob customCommandJob: @@ -445,7 +445,6 @@ customCommandJob: enabled: false runAsUser: 1000 runAsGroup: 1000 - fsGroup: 1000 resources: requests: memory: 128Mi @@ -476,7 +475,7 @@ environment: ## This can be useful for LDAP password, etc ## The key in the secret must be 'config.env' ## -# extraSecret: minio-extraenv +extraSecret: ~ ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. @@ -519,6 +518,7 @@ metrics: includeNode: false public: true additionalLabels: {} + annotations: {} # for node metrics relabelConfigs: {} # for cluster metrics @@ -526,9 +526,11 @@ metrics: # metricRelabelings: # - regex: (server|pod) # action: labeldrop - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s + namespace: ~ + # Scrape interval, for example `interval: 30s` + interval: ~ + # Scrape timeout, for example `scrapeTimeout: 10s` + scrapeTimeout: ~ ## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md ## Define endpoints to enable this section. diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/Chart.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/Chart.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/Chart.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/Chart.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/README.md b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/README.md similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/README.md rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/README.md diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/app-readme.md b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/app-readme.md similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/app-readme.md rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/app-readme.md diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/questions.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/questions.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/questions.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/questions.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/NOTES.txt b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/NOTES.txt similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/NOTES.txt rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/NOTES.txt diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/_helpers.tpl b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/_helpers.tpl similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/_helpers.tpl rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/_helpers.tpl diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/certificate.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/certificate.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/certificate.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/certificate.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/configmap.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/configmap.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/configmap.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/configmap.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/deployment.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/deployment.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/deployment.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/deployment.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/ingress-traefik.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/ingress-traefik.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/ingress-traefik.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/ingress-traefik.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/psp.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/psp.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/psp.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/psp.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/secret.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/secret.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/service.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/service.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/service.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/service.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/serviceaccount.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/serviceaccount.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/serviceaccount.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/serviceaccount.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/storage.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/storage.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/storage.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/storage.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tests/smoke-bucket-create.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tests/smoke-bucket-create.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tests/smoke-bucket-create.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tests/smoke-bucket-create.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tls-issuer.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tls-issuer.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tls-issuer.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tls-issuer.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tls-secret.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tls-secret.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/templates/tls-secret.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/templates/tls-secret.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/charts/s3gw/values.yaml b/charts/epinio/102.0.4+up1.9.0/charts/s3gw/values.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/charts/s3gw/values.yaml rename to charts/epinio/102.0.4+up1.9.0/charts/s3gw/values.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/questions.yml b/charts/epinio/102.0.4+up1.9.0/questions.yml similarity index 93% rename from charts/epinio/102.0.3+up1.8.1/questions.yml rename to charts/epinio/102.0.4+up1.9.0/questions.yml index 907eab41d9..faf15396d9 100644 --- a/charts/epinio/102.0.3+up1.8.1/questions.yml +++ b/charts/epinio/102.0.4+up1.9.0/questions.yml @@ -118,6 +118,14 @@ questions: description: "The organization part of the registry path for an external registry where you have push access" type: string required: false + - variable: containerregistry.certificateSecret + label: External registry certificate secret + description: | + Name of Secret in Epinio's main namespace with PEM formatted certificate found at key 'tls.crt'. + Necessary for validating external registry used by Epinio's staging jobs. + Must be also trusted by kubelet in the cluster. + type: string + required: false - variable: minio.enabled label: Install Minio description: "Disable Minio to either use s3gw or to configure an external s3 storage." diff --git a/charts/epinio/100.0.0+up1.2.1/templates/NOTES.txt b/charts/epinio/102.0.4+up1.9.0/templates/NOTES.txt similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/NOTES.txt rename to charts/epinio/102.0.4+up1.9.0/templates/NOTES.txt diff --git a/charts/epinio/102.0.3+up1.8.1/templates/_helpers.tpl b/charts/epinio/102.0.4+up1.9.0/templates/_helpers.tpl similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/_helpers.tpl rename to charts/epinio/102.0.4+up1.9.0/templates/_helpers.tpl diff --git a/charts/epinio/100.0.0+up1.2.1/templates/assets.yaml b/charts/epinio/102.0.4+up1.9.0/templates/assets.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/assets.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/assets.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/templates/certificate.yaml b/charts/epinio/102.0.4+up1.9.0/templates/certificate.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/certificate.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/certificate.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/chart-validations.yaml b/charts/epinio/102.0.4+up1.9.0/templates/chart-validations.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/chart-validations.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/chart-validations.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/cluster-issuers.yaml b/charts/epinio/102.0.4+up1.9.0/templates/cluster-issuers.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/cluster-issuers.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/cluster-issuers.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/container-registry.yaml b/charts/epinio/102.0.4+up1.9.0/templates/container-registry.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/container-registry.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/container-registry.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/default-app-chart.yaml b/charts/epinio/102.0.4+up1.9.0/templates/default-app-chart.yaml similarity index 91% rename from charts/epinio/102.0.3+up1.8.1/templates/default-app-chart.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/default-app-chart.yaml index adcf2543db..79ade1aed5 100644 --- a/charts/epinio/102.0.3+up1.8.1/templates/default-app-chart.yaml +++ b/charts/epinio/102.0.4+up1.9.0/templates/default-app-chart.yaml @@ -12,7 +12,7 @@ metadata: spec: shortDescription: Epinio standard deployment description: Epinio standard support chart for application deployment - helmChart: /assets/epinio-application-0.1.26.tgz + helmChart: {{ .Values.appChart.default | quote }} settings: appListeningPort: type: 'integer' diff --git a/charts/epinio/100.0.5+up1.6.2/templates/default-user.yaml b/charts/epinio/102.0.4+up1.9.0/templates/default-user.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/templates/default-user.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/default-user.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/dex.yaml b/charts/epinio/102.0.4+up1.9.0/templates/dex.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/dex.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/dex.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ingress.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ingress.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/ingress.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ingress.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/templates/psp.yaml b/charts/epinio/102.0.4+up1.9.0/templates/psp.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/templates/psp.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/psp.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/templates/registry-secret.yaml b/charts/epinio/102.0.4+up1.9.0/templates/registry-secret.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/registry-secret.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/registry-secret.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/s3-secret.yaml b/charts/epinio/102.0.4+up1.9.0/templates/s3-secret.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/s3-secret.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/s3-secret.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/server.yaml b/charts/epinio/102.0.4+up1.9.0/templates/server.yaml similarity index 92% rename from charts/epinio/102.0.3+up1.8.1/templates/server.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/server.yaml index f311787096..ee6ff89866 100644 --- a/charts/epinio/102.0.3+up1.8.1/templates/server.yaml +++ b/charts/epinio/102.0.4+up1.9.0/templates/server.yaml @@ -246,6 +246,10 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: epinio-server app.kubernetes.io/part-of: epinio + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} template: metadata: labels: @@ -316,6 +320,9 @@ spec: {{- if .Values.containerregistry.enabled }} - name: REGISTRY_CERTIFICATE_SECRET value: "epinio-registry-tls" + {{- else if .Values.containerregistry.certificateSecret }} + - name: REGISTRY_CERTIFICATE_SECRET + value: {{ .Values.containerregistry.certificateSecret }} {{- end }} {{- if .Values.server.ingressClassName }} - name: INGRESS_CLASS_NAME @@ -328,6 +335,16 @@ spec: - name: STAGING_SERVICE_ACCOUNT_NAME value: "{{ .Values.server.stagingServiceAccountName }}" {{- end }} + {{- with .Values.server.stagingResourceRequests }} + {{- with .cpu }} + - name: STAGING_RESOURCE_CPU + value: "{{ . }}" + {{- end }} + {{- with .memory }} + - name: STAGING_RESOURCE_MEMORY + value: "{{ . }}" + {{- end }} + {{- end }} {{- if .Values.extraEnv }} {{- toYaml .Values.extraEnv | nindent 12 -}} {{- end }} @@ -385,6 +402,10 @@ metadata: app.kubernetes.io/name: epinio-server app.kubernetes.io/part-of: epinio app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: epinio-server namespace: {{ .Release.Namespace }} spec: diff --git a/charts/epinio/100.0.5+up1.6.2/templates/service-catalog.yaml b/charts/epinio/102.0.4+up1.9.0/templates/service-catalog.yaml similarity index 100% rename from charts/epinio/100.0.5+up1.6.2/templates/service-catalog.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/service-catalog.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/stage-scripts.yaml b/charts/epinio/102.0.4+up1.9.0/templates/stage-scripts.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/stage-scripts.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/stage-scripts.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/certificate.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/certificate.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/ui/certificate.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/certificate.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/deployment.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/deployment.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/ui/deployment.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/deployment.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/ingress.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/ingress.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/ui/ingress.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/ingress.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/secret.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/secret.yaml similarity index 100% rename from charts/epinio/102.0.3+up1.8.1/templates/ui/secret.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/secret.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/security.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/security.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/charts/epinio-ui/templates/security.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/security.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/templates/ui/service.yaml b/charts/epinio/102.0.4+up1.9.0/templates/ui/service.yaml similarity index 79% rename from charts/epinio/102.0.3+up1.8.1/templates/ui/service.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/ui/service.yaml index 050e55fa8b..27b10fd932 100644 --- a/charts/epinio/102.0.3+up1.8.1/templates/ui/service.yaml +++ b/charts/epinio/102.0.4+up1.9.0/templates/ui/service.yaml @@ -8,6 +8,10 @@ metadata: labels: app.kubernetes.io/name: epinio-ui app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.epinioUI.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: ClusterIP selector: diff --git a/charts/epinio/100.0.0+up1.2.1/templates/validate-cert-manager-crd.yaml b/charts/epinio/102.0.4+up1.9.0/templates/validate-cert-manager-crd.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/validate-cert-manager-crd.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/validate-cert-manager-crd.yaml diff --git a/charts/epinio/100.0.0+up1.2.1/templates/validate-install-crd.yaml b/charts/epinio/102.0.4+up1.9.0/templates/validate-install-crd.yaml similarity index 100% rename from charts/epinio/100.0.0+up1.2.1/templates/validate-install-crd.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/validate-install-crd.yaml diff --git a/charts/epinio/102.0.1+up1.6.2/templates/validate-psp-install.yaml b/charts/epinio/102.0.4+up1.9.0/templates/validate-psp-install.yaml similarity index 100% rename from charts/epinio/102.0.1+up1.6.2/templates/validate-psp-install.yaml rename to charts/epinio/102.0.4+up1.9.0/templates/validate-psp-install.yaml diff --git a/charts/epinio/102.0.3+up1.8.1/values.schema.json b/charts/epinio/102.0.4+up1.9.0/values.schema.json similarity index 96% rename from charts/epinio/102.0.3+up1.8.1/values.schema.json rename to charts/epinio/102.0.4+up1.9.0/values.schema.json index 96e33db708..477cef9ef5 100644 --- a/charts/epinio/102.0.3+up1.8.1/values.schema.json +++ b/charts/epinio/102.0.4+up1.9.0/values.schema.json @@ -68,11 +68,28 @@ "traceLevel": { "type": "integer" }, + "disableTracking": { + "type": "boolean" + }, "registryCertificateSecret": { "type": "string" }, "ingressClassName": { "type": "string" + }, + "stagingServiceAccountName": { + "type": "string" + }, + "stagingResourceRequests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } } } }, diff --git a/charts/epinio/102.0.3+up1.8.1/values.yaml b/charts/epinio/102.0.4+up1.9.0/values.yaml similarity index 82% rename from charts/epinio/102.0.3+up1.8.1/values.yaml rename to charts/epinio/102.0.4+up1.9.0/values.yaml index f26c158f8e..0c31b0bbd1 100644 --- a/charts/epinio/102.0.3+up1.8.1/values.yaml +++ b/charts/epinio/102.0.4+up1.9.0/values.yaml @@ -1,24 +1,22 @@ ## Default values for Epinio Helm Chart. ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. - # Fall back email address to receive notifications from the `letsencrypt-production` issuer. # # __SUPERCEDED__ by `global.tlsIssuerMail`. # # Kept for backward compatibility, here and in the templates. - email: "epinio@suse.com" image: epinio: repository: rancher/mirrored-epinio-epinio-server - tag: v1.8.1 + tag: v1.9.0 epinio-ui: repository: rancher/mirrored-epinio-epinio-ui - tag: v1.8.1-0.0.1 + tag: v1.9.0-0.0.3 bash: repository: rancher/mirrored-epinio-epinio-unpacker - tag: v1.8.1 + tag: v1.9.0 awscli: repository: rancher/mirrored-amazon-aws-cli tag: 2.9.14 @@ -30,7 +28,9 @@ image: tag: v1.22.6 builder: repository: rancher/mirrored-paketobuildpacks-builder - tag: 0.2.407-full + tag: 0.2.441-full +appChart: + default: /assets/epinio-application-0.1.26.tgz server: # Domain which serves the Rancher UI (to access the API) accessControlAllowOrigin: "" @@ -38,12 +38,17 @@ server: timeoutMultiplier: 1 # Increase this value to instruct the API server to produce more debug output traceLevel: 0 - # The ingressClassName is used to select the ingress controller for apps. If empty ingress.ingressClassName (see below) is used + # The ingressClassName is used to select the ingress controller for apps. + # If empty ingress.ingressClassName (see below) is used ingressClassName: "" # Disable tracking of the Epinio and Kubernetes cluster version disableTracking: false # Name of the Service Account used by the staging job stagingServiceAccountName: "" + # Resources to allocate to the staging job. Default: unbounded + stagingResourceRequests: + cpu: "" + memory: "" ingress: # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. ingressClassName: "" @@ -52,6 +57,17 @@ ingress: annotations: {} # nginxSSLRedirect to controll https->http redirects nginxSSLRedirect: "true" +service: + # -- Annotations to be added to the Epinio service. + annotations: {} +# The strategy used to deploy the Epinio server. +# If you are using a RWO storage the following will avoid a Multi-Attach error during an `helm upgrade`. +# See https://github.com/epinio/epinio/issues/2253. +strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 certManagerNamespace: cert-manager # Connection details for the S3 storage s3: @@ -86,6 +102,9 @@ dex: secret: "" # Defaults to https://epinio.{{ .Values.global.domain }}/auth/verify/ redirectURI: "" + service: + # -- Annotations to be added to the Epinio service. + annotations: {} # Extra environment variables passed to the epinio-server pod. # extraEnv: # - name: MY_ENV_VAR @@ -130,6 +149,9 @@ epinioUI: enabled: false # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. ingressClassName: "" + service: + # -- Annotations to be added to the service. + annotations: {} kubed: enabled: true fullnameOverride: kubed @@ -143,6 +165,7 @@ s3gw: enabled: false serviceName: s3gw useExistingSecret: true + defaultUserCredentialsSecret: s3gw-creds storageSize: 2Gi storageClass: create: false @@ -160,6 +183,10 @@ containerregistry: # The ingressClassName is used to select the ingress controller. If # empty no class will be added to the ingresses. ingressClassName: "" + # The certificateSecret is used to load the certificate of the registry in the staging job. + # The certificate has to be in PEM format within in a 'tls.crt' key (it can be an Opaque secret). + # It also has to be trusted by the kubelet, and it needs to be added in the cluster as well. + certificateSecret: "" serviceCatalog: # Enable service catalog service for development enableDevServices: true diff --git a/index.yaml b/index.yaml index c5f7382bc4..88bf0019ec 100755 --- a/index.yaml +++ b/index.yaml @@ -3,6 +3,7 @@ entries: epinio: - annotations: artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" catalog.cattle.io/auto-install: epinio-crd=match catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Epinio @@ -13,10 +14,10 @@ entries: catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' catalog.cattle.io/release-name: epinio catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 + catalog.cattle.io/upstream-version: 1.9.0 apiVersion: v2 - appVersion: v1.8.1 - created: "2023-06-21T11:13:03.876515375+02:00" + appVersion: v1.9.0 + created: "2023-07-25T13:57:01.838813997+02:00" dependencies: - condition: global.dex.enabled name: dex @@ -40,7 +41,7 @@ entries: - s3gw description: Epinio deploys Kubernetes applications directly from source code in one step. - digest: 0d71ba6a8d2287ab1816824e136c97b9d94b0e6a9c5b9c1a383a399516c9bbf1 + digest: 553ab5adf47549107e205a2dddf5d362189f525757ef8a69a0bb4d365fe5afa5 home: https://github.com/epinio/epinio icon: https://charts.rancher.io/assets/logos/epinio.svg keywords: @@ -53,164 +54,8 @@ entries: sources: - https://github.com/epinio/epinio urls: - - assets/epinio/epinio-102.0.3+up1.8.1.tgz - version: 102.0.3+up1.8.1 - - annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 - apiVersion: v2 - appVersion: v1.6.2 - created: "2023-02-09T14:11:55.011721154+01:00" - dependencies: - - condition: dex.enabled, global.dex.enabled - name: dex - repository: file://./charts/dex - tags: - - dex - - condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui - - condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed - - condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio - description: Epinio deploys Kubernetes applications directly from source code - in one step. - digest: f7c06d7e023e34cec63627d99b55e9243d9f26cfc9248ebb188eba206f3891f6 - home: https://github.com/epinio/epinio - icon: https://charts.rancher.io/assets/logos/epinio.svg - keywords: - - epinio - - paas - maintainers: - - email: team@epinio.io - name: SUSE - name: epinio - sources: - - https://github.com/epinio/epinio - urls: - - assets/epinio/epinio-102.0.1+up1.6.2.tgz - version: 102.0.1+up1.6.2 - - annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: app - catalog.cattle.io/upstream-version: 1.6.2 - apiVersion: v2 - appVersion: v1.6.2 - created: "2023-03-22T16:39:03.161205-04:00" - dependencies: - - condition: dex.enabled, global.dex.enabled - name: dex - repository: file://./charts/dex - tags: - - dex - - condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui - - condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed - - condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio - description: Epinio deploys Kubernetes applications directly from source code - in one step. - digest: 5fce01661584f31d2a20eee85075a43553b77907c430016e685652ff661078eb - home: https://github.com/epinio/epinio - icon: https://charts.rancher.io/assets/logos/epinio.svg - keywords: - - epinio - - paas - maintainers: - - email: team@epinio.io - name: SUSE - name: epinio - sources: - - https://github.com/epinio/epinio - urls: - - assets/epinio/epinio-100.0.5+up1.6.2.tgz - version: 100.0.5+up1.6.2 - - annotations: - artifacthub.io/license: Apache-2.0 - catalog.cattle.io/auto-install: epinio-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Epinio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0' - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' - catalog.cattle.io/release-name: epinio - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/upstream-version: 1.2.1 - apiVersion: v2 - appVersion: v1.2.0 - created: "2022-10-05T14:52:25.825154-07:00" - dependencies: - - condition: epinio-ui.enabled - name: epinio-ui - repository: file://./charts/epinio-ui - tags: - - epinio-ui - - condition: kubed.enabled, global.kubed.enabled - name: kubed - repository: file://./charts/kubed - tags: - - kubed - - condition: minio.enabled, global.minio.enabled - name: minio - repository: file://./charts/minio - tags: - - minio - description: The official way to install Epinio - digest: a440ec3cd2ecd98617513db094567f432dc8fe8abf104b874a0d3e599327aeb0 - home: https://github.com/epinio/epinio - icon: https://charts.rancher.io/assets/logos/epinio.svg - keywords: - - epinio - - paas - maintainers: - - email: team@epinio.io - name: SUSE - name: epinio - sources: - - https://github.com/epinio/epinio - urls: - - assets/epinio/epinio-100.0.0+up1.2.1.tgz - version: 100.0.0+up1.2.1 + - assets/epinio/epinio-102.0.4+up1.9.0.tgz + version: 102.0.4+up1.9.0 epinio-crd: - annotations: catalog.cattle.io/certified: rancher @@ -218,56 +63,14 @@ entries: catalog.cattle.io/namespace: cattle-epinio-system catalog.cattle.io/release-name: epinio-crd apiVersion: v2 - created: "2023-06-13T10:31:31.097767607+02:00" - description: Installs the CRDs for Epinio. - digest: b2f82656422b7911824e1daeb3bdafbeed302778eefd4ade3b02e6fc6005f008 - name: epinio-crd - type: application - urls: - - assets/epinio-crd/epinio-crd-102.0.3+up1.8.1.tgz - version: 102.0.3+up1.8.1 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd - apiVersion: v2 - created: "2023-02-09T14:11:55.012665051+01:00" - description: Installs the CRDs for Epinio. - digest: 49fc556867c51bbea3bf8501115a64b7a9375d903af4ab80b48bb7cb1aaaed4b - name: epinio-crd - type: application - urls: - - assets/epinio-crd/epinio-crd-102.0.1+up1.6.2.tgz - version: 102.0.1+up1.6.2 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd - apiVersion: v2 - created: "2023-03-22T16:40:26.880921-04:00" - description: Installs the CRDs for Epinio. - digest: e7fa77ab615c60f8d6749053bd8854d5eff576c1985d0c273311da4621413b7b - name: epinio-crd - type: application - urls: - - assets/epinio-crd/epinio-crd-100.0.5+up1.6.2.tgz - version: 100.0.5+up1.6.2 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-epinio-system - catalog.cattle.io/release-name: epinio-crd - apiVersion: v2 - created: "2022-10-25T13:20:16.615531-07:00" + created: "2023-07-25T13:57:01.839703523+02:00" description: Installs the CRDs for Epinio. - digest: e81f940b9f6d31d843d715e1dc055534e354477b50e612ffe1f8f66b766f7bad + digest: 6704572ee09b773d99c97c441d25350c1193ef9ded8ecc9f652f430ddbab7321 name: epinio-crd type: application urls: - - assets/epinio-crd/epinio-crd-100.0.0+up1.2.1.tgz - version: 100.0.0+up1.2.1 + - assets/epinio-crd/epinio-crd-102.0.4+up1.9.0.tgz + version: 102.0.4+up1.9.0 fleet: - annotations: catalog.cattle.io/auto-install: fleet-crd=match diff --git a/packages/epinio/dex/generated-changes/patch/templates/deployment.yaml.patch b/packages/epinio/dex/generated-changes/patch/templates/deployment.yaml.patch index de3061c267..d76b59ed9c 100644 --- a/packages/epinio/dex/generated-changes/patch/templates/deployment.yaml.patch +++ b/packages/epinio/dex/generated-changes/patch/templates/deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/deployment.yaml +++ charts/templates/deployment.yaml -@@ -45,7 +45,7 @@ +@@ -55,7 +55,7 @@ - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} @@ -9,7 +9,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} args: - dex -@@ -116,10 +116,8 @@ +@@ -126,10 +126,8 @@ {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} @@ -21,7 +21,7 @@ {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} -@@ -128,7 +126,8 @@ +@@ -138,7 +136,8 @@ topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/packages/epinio/dex/package.yaml b/packages/epinio/dex/package.yaml index 55c7b44a60..23b2322e2c 100644 --- a/packages/epinio/dex/package.yaml +++ b/packages/epinio/dex/package.yaml @@ -1,3 +1,3 @@ -url: https://github.com/dexidp/helm-charts/releases/download/dex-0.14.1/dex-0.14.1.tgz -version: 101.0.1 +url: https://github.com/dexidp/helm-charts/releases/download/dex-0.14.3/dex-0.14.3.tgz +version: 101.0.2 doNotRelease: true diff --git a/packages/epinio/epinio/generated-changes/patch/Chart.yaml.patch b/packages/epinio/epinio/generated-changes/patch/Chart.yaml.patch index fe64620e9d..1553be9595 100644 --- a/packages/epinio/epinio/generated-changes/patch/Chart.yaml.patch +++ b/packages/epinio/epinio/generated-changes/patch/Chart.yaml.patch @@ -1,8 +1,9 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml -@@ -1,5 +1,16 @@ +@@ -1,6 +1,17 @@ annotations: artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" + catalog.cattle.io/auto-install: epinio-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Epinio @@ -13,11 +14,11 @@ + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: epinio + catalog.cattle.io/type: app -+ catalog.cattle.io/upstream-version: 1.6.2 ++ catalog.cattle.io/upstream-version: 1.9.0 apiVersion: v2 - appVersion: v1.8.1 + appVersion: v1.9.0 dependencies: -@@ -26,7 +37,7 @@ +@@ -27,7 +38,7 @@ description: Epinio deploys Kubernetes applications directly from source code in one step. home: https://github.com/epinio/epinio diff --git a/packages/epinio/epinio/generated-changes/patch/templates/default-app-chart.yaml.patch b/packages/epinio/epinio/generated-changes/patch/templates/default-app-chart.yaml.patch deleted file mode 100644 index 0ebee78139..0000000000 --- a/packages/epinio/epinio/generated-changes/patch/templates/default-app-chart.yaml.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- charts-original/templates/default-app-chart.yaml -+++ charts/templates/default-app-chart.yaml -@@ -12,7 +12,7 @@ - spec: - shortDescription: Epinio standard deployment - description: Epinio standard support chart for application deployment -- helmChart: https://github.com/epinio/helm-charts/releases/download/epinio-application-0.1.26/epinio-application-0.1.26.tgz -+ helmChart: /assets/epinio-application-0.1.26.tgz - settings: - appListeningPort: - type: 'integer' diff --git a/packages/epinio/epinio/generated-changes/patch/templates/server.yaml.patch b/packages/epinio/epinio/generated-changes/patch/templates/server.yaml.patch index 05211f4c40..544bbec0f7 100644 --- a/packages/epinio/epinio/generated-changes/patch/templates/server.yaml.patch +++ b/packages/epinio/epinio/generated-changes/patch/templates/server.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/server.yaml +++ charts/templates/server.yaml -@@ -256,8 +256,15 @@ +@@ -260,8 +260,15 @@ app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.image.epinio.tag }} name: epinio-server spec: @@ -16,7 +16,7 @@ - name: tmp-volume emptyDir: {} - name: image-export-volume -@@ -333,6 +340,8 @@ +@@ -350,6 +357,8 @@ ports: - containerPort: 8030 volumeMounts: diff --git a/packages/epinio/epinio/generated-changes/patch/values.yaml.patch b/packages/epinio/epinio/generated-changes/patch/values.yaml.patch index 080bd6be1e..5bd070d3eb 100644 --- a/packages/epinio/epinio/generated-changes/patch/values.yaml.patch +++ b/packages/epinio/epinio/generated-changes/patch/values.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -11,30 +11,26 @@ +@@ -9,32 +9,28 @@ email: "epinio@suse.com" image: epinio: @@ -8,18 +8,18 @@ - repository: epinio/epinio-server - tag: "" + repository: rancher/mirrored-epinio-epinio-server -+ tag: v1.8.1 ++ tag: v1.9.0 epinio-ui: - registry: ghcr.io/ - repository: epinio/epinio-ui + repository: rancher/mirrored-epinio-epinio-ui - tag: v1.8.1-0.0.1 + tag: v1.9.0-0.0.3 bash: - registry: ghcr.io/ - repository: epinio/epinio-unpacker - tag: "" + repository: rancher/mirrored-epinio-epinio-unpacker -+ tag: v1.8.1 ++ tag: v1.9.0 awscli: - repository: amazon/aws-cli + repository: rancher/mirrored-amazon-aws-cli @@ -37,11 +37,14 @@ - repository: paketobuildpacks/builder - tag: full + repository: rancher/mirrored-paketobuildpacks-builder -+ tag: 0.2.407-full ++ tag: 0.2.441-full + appChart: +- default: https://github.com/epinio/helm-charts/releases/download/epinio-application-0.1.26/epinio-application-0.1.26.tgz ++ default: /assets/epinio-application-0.1.26.tgz server: # Domain which serves the Rancher UI (to access the API) accessControlAllowOrigin: "" -@@ -155,10 +151,10 @@ +@@ -178,10 +174,10 @@ enabled: true image: registry: @@ -54,7 +57,7 @@ tag: 1.23.2-alpine imagePullPolicy: IfNotPresent # The ingressClassName is used to select the ingress controller. If -@@ -168,6 +164,8 @@ +@@ -195,6 +191,8 @@ # Enable service catalog service for development enableDevServices: true global: diff --git a/packages/epinio/epinio/package.yaml b/packages/epinio/epinio/package.yaml index 6d359b956f..f99a549edd 100644 --- a/packages/epinio/epinio/package.yaml +++ b/packages/epinio/epinio/package.yaml @@ -1,5 +1,5 @@ -url: https://github.com/epinio/helm-charts/releases/download/epinio-1.8.1/epinio-1.8.1.tgz -version: 102.0.3 +url: https://github.com/epinio/helm-charts/releases/download/epinio-1.9.0/epinio-1.9.0.tgz +version: 102.0.4 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/packages/epinio/minio/generated-changes/patch/templates/deployment.yaml.patch b/packages/epinio/minio/generated-changes/patch/templates/deployment.yaml.patch index a7eedf17fa..a2ad6187b6 100644 --- a/packages/epinio/minio/generated-changes/patch/templates/deployment.yaml.patch +++ b/packages/epinio/minio/generated-changes/patch/templates/deployment.yaml.patch @@ -1,7 +1,7 @@ --- charts-original/templates/deployment.yaml +++ charts/templates/deployment.yaml -@@ -72,7 +72,7 @@ - {{- end }} +@@ -67,7 +67,7 @@ + {{- end }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -9,28 +9,26 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - "/bin/sh" -@@ -170,19 +170,18 @@ - {{- toYaml . | nindent 8 }} +@@ -164,16 +164,17 @@ + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} --{{- with .Values.nodeSelector }} - nodeSelector: --{{ toYaml . | indent 8 }} --{{- end }} +- {{- with .Values.nodeSelector }} +- nodeSelector: {{- toYaml . | nindent 8 }} +- {{- end }} ++ nodeSelector: + {{- include "linux-node-selector" . | nindent 8 }} - {{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: - {{ toYaml . | indent 8 }} - {{- end }} --{{- with .Values.tolerations }} - tolerations: --{{ toYaml . | indent 8 }} --{{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} +- {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} +- {{- end }} + {{- include "linux-node-tolerations" . | nindent 8 }} + {{- with .Values.tolerations }} + {{ toYaml . | indent 8 }} + {{- end }} volumes: - name: export - {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} diff --git a/packages/epinio/minio/generated-changes/patch/templates/post-job.yaml.patch b/packages/epinio/minio/generated-changes/patch/templates/post-job.yaml.patch index acbb7e8f36..a1b22f5cbc 100644 --- a/packages/epinio/minio/generated-changes/patch/templates/post-job.yaml.patch +++ b/packages/epinio/minio/generated-changes/patch/templates/post-job.yaml.patch @@ -1,29 +1,38 @@ --- charts-original/templates/post-job.yaml +++ charts/templates/post-job.yaml -@@ -31,18 +31,17 @@ +@@ -29,15 +29,16 @@ spec: restartPolicy: OnFailure - {{- include "minio.imagePullSecrets" . | nindent 6 }} + {{- include "minio.imagePullSecrets" . | indent 6 }} - {{- if .Values.nodeSelector }} - nodeSelector: -- {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} +- nodeSelector: {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} - {{- end }} ++ nodeSelector: + {{- include "linux-node-selector" . | nindent 8 }} {{- with .Values.postJob.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.postJob.tolerations }} - tolerations: +- tolerations: {{- toYaml . | nindent 8 }} +- {{- end }} ++ tolerations: + {{- include "linux-node-tolerations" . | nindent 8 }} + {{- with .Values.postJob.tolerations }} - {{- toYaml . | nindent 8 }} -- {{- end }} ++ {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.postJob.securityContext.enabled }} securityContext: runAsUser: {{ .Values.postJob.securityContext.runAsUser }} -@@ -86,7 +85,7 @@ +@@ -88,7 +89,7 @@ + {{- if .Values.policies }} + initContainers: + - name: minio-make-policy +- image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" ++ image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + {{- if .Values.makePolicyJob.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} +@@ -122,7 +123,7 @@ containers: {{- if .Values.buckets }} - name: minio-make-bucket @@ -32,7 +41,7 @@ {{- if .Values.makeBucketJob.securityContext.enabled }} securityContext: runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} -@@ -116,7 +115,7 @@ +@@ -155,7 +156,7 @@ {{- end }} {{- if .Values.users }} - name: minio-make-user @@ -41,16 +50,7 @@ {{- if .Values.makeUserJob.securityContext.enabled }} securityContext: runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} -@@ -146,7 +145,7 @@ - {{- end }} - {{- if .Values.policies }} - - name: minio-make-policy -- image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" -+ image: "{{ default .Values.mcImage.registry (include "registry-url" .) }}{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} -@@ -176,7 +175,7 @@ +@@ -188,7 +189,7 @@ {{- end }} {{- if .Values.customCommands }} - name: minio-custom-command @@ -59,7 +59,7 @@ {{- if .Values.customCommandJob.securityContext.enabled }} securityContext: runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} -@@ -206,7 +205,7 @@ +@@ -221,7 +222,7 @@ {{- end }} {{- if .Values.svcaccts }} - name: minio-make-svcacct diff --git a/packages/epinio/minio/generated-changes/patch/templates/statefulset.yaml.patch b/packages/epinio/minio/generated-changes/patch/templates/statefulset.yaml.patch index ca73b5cea9..3cf9c406ac 100644 --- a/packages/epinio/minio/generated-changes/patch/templates/statefulset.yaml.patch +++ b/packages/epinio/minio/generated-changes/patch/templates/statefulset.yaml.patch @@ -1,36 +1,35 @@ --- charts-original/templates/statefulset.yaml +++ charts/templates/statefulset.yaml -@@ -101,7 +101,7 @@ - {{- end }} +@@ -95,7 +95,7 @@ + {{- end }} containers: - name: {{ .Chart.Name }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + image: "{{ default .Values.image.registry (include "registry-url" .) }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", -@@ -188,19 +188,18 @@ - {{- toYaml . | nindent 8 }} + command: [ + "/bin/sh", +@@ -182,16 +182,17 @@ + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} -- {{- with .Values.nodeSelector }} - nodeSelector: --{{ toYaml . | indent 8 }} -- {{- end }} +- {{- with .Values.nodeSelector }} +- nodeSelector: {{- toYaml . | nindent 8 }} +- {{- end }} ++ nodeSelector: + {{- include "linux-node-selector" . | nindent 8 }} - {{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: - {{ toYaml . | indent 8 }} - {{- end }} -- {{- with .Values.tolerations }} - tolerations: --{{ toYaml . | indent 8 }} -- {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} +- {{- with .Values.tolerations }} +- tolerations: {{- toYaml . | nindent 8 }} +- {{- end }} ++ tolerations: + {{- include "linux-node-tolerations" . | nindent 8 }} + {{- with .Values.tolerations }} + {{ toYaml . | indent 8 }} + {{- end }} - {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: + {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} diff --git a/packages/epinio/minio/generated-changes/patch/values.yaml.patch b/packages/epinio/minio/generated-changes/patch/values.yaml.patch index 8ceddd5955..d78fa7ab58 100644 --- a/packages/epinio/minio/generated-changes/patch/values.yaml.patch +++ b/packages/epinio/minio/generated-changes/patch/values.yaml.patch @@ -6,7 +6,7 @@ image: - repository: quay.io/minio/minio + repository: rancher/mirrored-minio-minio - tag: RELEASE.2023-02-10T18-48-39Z + tag: RELEASE.2023-07-07T07-13-57Z pullPolicy: IfNotPresent @@ -24,7 +24,7 @@ @@ -15,6 +15,6 @@ mcImage: - repository: quay.io/minio/mc + repository: rancher/mirrored-minio-mc - tag: RELEASE.2023-01-28T20-29-38Z + tag: RELEASE.2023-06-28T21-54-17Z pullPolicy: IfNotPresent diff --git a/packages/epinio/minio/package.yaml b/packages/epinio/minio/package.yaml index 2e7bc13a01..65013ab576 100644 --- a/packages/epinio/minio/package.yaml +++ b/packages/epinio/minio/package.yaml @@ -1,3 +1,3 @@ -url: https://charts.min.io/helm-releases/minio-5.0.7.tgz -version: 101.0.3 +url: https://charts.min.io/helm-releases/minio-5.0.13.tgz +version: 101.0.4 doNotRelease: true diff --git a/release.yaml b/release.yaml index b1964716fb..aae68b261c 100644 --- a/release.yaml +++ b/release.yaml @@ -1,3 +1,15 @@ +epinio: +- 100.0.0+up1.2.1 +- 100.0.5+up1.6.2 +- 102.0.1+up1.6.2 +- 102.0.3+up1.8.1 +- 102.0.4+up1.9.0 +epinio-crd: +- 100.0.0+up1.2.1 +- 100.0.5+up1.6.2 +- 102.0.1+up1.6.2 +- 102.0.3+up1.8.1 +- 102.0.4+up1.9.0 fleet: - 102.1.0+up0.7.0 - 102.2.0+up0.8.0-rc.5