From f5d21944575924faf1aea903f572824c3b22de31 Mon Sep 17 00:00:00 2001 From: Nicholas openSUSE Software Engineer Date: Mon, 1 Apr 2024 12:42:28 -0300 Subject: [PATCH 1/5] [dev-v2.8] Forward ports rancher-aks-operator 102.4.0+up1.1.4 from dev-v2.7 (#3712) --- ...ncher-aks-operator-crd-102.4.0+up1.1.4.tgz | Bin 0 -> 1250 bytes .../rancher-aks-operator-102.4.0+up1.1.4.tgz | Bin 0 -> 2039 bytes .../102.4.0+up1.1.4/Chart.yaml | 12 + .../102.4.0+up1.1.4/templates/crds.yaml | 211 ++++++++++++++++++ .../102.4.0+up1.1.4/Chart.yaml | 20 ++ .../102.4.0+up1.1.4/templates/NOTES.txt | 4 + .../102.4.0+up1.1.4/templates/_helpers.tpl | 25 +++ .../templates/clusterrole.yaml | 15 ++ .../templates/clusterrolebinding.yaml | 13 ++ .../102.4.0+up1.1.4/templates/deployment.yaml | 61 +++++ .../templates/serviceaccount.yaml | 5 + .../102.4.0+up1.1.4/values.yaml | 23 ++ index.yaml | 40 ++++ release.yaml | 8 +- 14 files changed, 433 insertions(+), 4 deletions(-) create mode 100644 assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.4.0+up1.1.4.tgz create mode 100644 assets/rancher-aks-operator/rancher-aks-operator-102.4.0+up1.1.4.tgz create mode 100644 charts/rancher-aks-operator-crd/102.4.0+up1.1.4/Chart.yaml create mode 100644 charts/rancher-aks-operator-crd/102.4.0+up1.1.4/templates/crds.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/Chart.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/NOTES.txt create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/_helpers.tpl create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrole.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/deployment.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/templates/serviceaccount.yaml create mode 100644 charts/rancher-aks-operator/102.4.0+up1.1.4/values.yaml diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.4.0+up1.1.4.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.4.0+up1.1.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8535d58845178b4dd2a4a081380d438d945a6991 GIT binary patch literal 1250 zcmV<81ReVyiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;$ZyUE0^;w^S$o2P=ys~Ad&`p-xz(|@3QIZ0^jmYte6_+G9 zL)l8v?_TV#}g(3U|R52p~gvw*@J zJ=d}<%g%ef>Ti~1>wmNJ)9k3*J9~S6c6!n~J2}d_=UH}gB(i5S?_rS`!cq2Yu65`B zBL>zw2G-6}za@kO2IKOM1ZIOB?T#e|*4G+UUo3N_aoAKVg|;u=aESP(afpQi$%Dkc zs2kg~AjYC`u%o^(+Q!?)UXP*BOzpc-|G&{zxf^O69nc^Uw#y0Jd9ji4E%5p)2GY*< z#r&iN-rxP~cDkKjOCiaiJy%VG_ha$f@^dka#IE>+@7mrOEf;+;L-Z{n>iU2gNfU`N zNN2BgP92!h_X=*2M_JrVEcxoW4&IN4HQunotGc|20Zao~)k{+s_~Un= zb~R4cecI;HK-m1YC4>)180PrJ&aAt!zi2dy`r;Z4VM_>-&SPJET#27*39+pDimAN} z!Ms~j$tf04PeBOh(GEseUr)#XYA#93Vr9LWZEdSCeYfUur9tHB1rUA-X1z-Y8;ya9 z!M-Tve50EerAx#?+q?nR1^o@xmHz}b-y{}7GZqca57O==-gD9r0xZ_&{4E9?22^NS zgBha?$SH#|NgwBB7M5w15>{Cn1-#a`i9yF0=33&FPm1g048ujxD#xK#Atm;d*$=!o zT2^ZI$wk&Se{tV zn2k)#b<%uX0oP}Sl)z5m$T{7s4e4Ij;*En{BY9ybkb2{MT6#u7|pdOn)3IaO;b;CA=|ZWVAla%$^Rr(+q%kT;0X zqiJ?zQ=#pPgv_Y}JJP(XC1r35KfnZ=)TK61s=7OY89g8>d(SGhAh^k&D0!=YpFvyx zK@`pfIYr{??PKeq>d|~V=I!WG(`>B2;k%0i*HcaPxg2+3mk!S{FUpV|n8PBEV+ox>DNV`xM)@LLO&hXJC*wO=7XLCWh8q1tgk|;>2kA9+RH?sVeQ1hzxndPPgv{{{k;wjT#dP!+=QV z_SrYh#<|UP;0WepeSbR~@`1!|OXP@wBklXbdJWpdfWIOUG@Z_$A#YQlw9+#H`Ezv# zYj}-%vRF1oaig(%JXiO?iCriIcCRH)RvLB}<>gw4zy5x)|CPPktG(K*{Ydst00030 M|FYz~_W&dS01@Dc zVQyr3R8em|NM&qo0PGrnZ{xQ0{??~>a4=-+PO|Jc$wAl+$a2Lxv`vEK*6mOn4m9;_ zai&R?k8&<^{oMyrvMk$5oTj&AL;e1-Og+9|;`=EXrg(-XWD^Q?j)qxny5|`)Ho9X| z`RYqR9LMp=VBmk_INtp24UXbhy}|M6$?;Kta2&sid&m8w-YbZ|2=^UOkY(mo{Hu9w zD))Z^Oet-d6UVYb8cPcUfU|C=^*HWdd!-CFCZ3J7tzYCejpD0v&4#?6jgxiXnzGG$gc2;PB6Hp%?YzC=O%zle>K5E)QF`DmF#R8OH?5 z#gOjE;u2I7MXxmWv;j{Ac}u z<$3+L7xkh+kRov-a_g7Q;2V@v;4YHDNE`5maOgsf;q2QRs0=|trk!M&wK*l-?pWBY z7)D%Amuh#{gnd8{(uLtjNf17oT5Zu@+>ZuP{Kq0Mm3e8ud@g8>|1%~Fq%W2LcEtbq zw0E=_{|Bf2ef)n87)w25vI_lHqPqepgX23Ku|nEw91F7ME`d%b2-t)!t8?OT#gvV! zO$KvK!fJ=v>TC|lvT*{l(#HblrB_COE=hZzUHw&hbue892^90>Bg^UlfZo8D1Il%f*ygp2bKwC39JUIrBfH-_Xd9|gh7IDYj)ss*2y1& z3d^Tm`0=Ax;>rkZguOeLjOc<*u~Gq3M>oY>>N}@S6y%$j-bhb+{;mFRahgkJk-8U` z@4vo@>}UIH&e$&h?;rIy{QuM5U$Hp;q!FuzID2v&mk&X zgtNK`fW;zs*DL_uXM*aztL#tfxqoEz)UBMC3+KKng7a&Nelr>PWnqW^f67qiXehGz z(@TL}{a^3sc*FlsPx>c&|9=jc&%0m2OiU9Xv@jA9?Ol#-OiH;pd_sS zbXM}9O1G{9r+Dy>vU6L;Be)e(0!veVPFDZPh=aW6XcJ&AhQR>@jxslFYuD;b~ zA~j11xGtna1>zZ|g)DQq%`{>hJ1De@~__^VFmKhjQd@v%y>n&M1Li0I=*R%JH#(gZQ1F;g$;k z6KuYftGgC9p#WfcNUPlq5go`iLOVzSECqD1G3=d#P+S)2ecez5KZ6n~MP=a)Y`4Ho za^-EX`U9KFc8s54la_0z7K=)_wZZW{vaL0YyTog@uC3BF5q1biYf<*1EyOz5kYH^4*AgO3SnQ!0;r3#bQ3Mjna6{5_vk&>h%gN7RiICmW@}MS8`kxQeJ5(_+0{j z8(nC7WsuP4!V*x;R#sW+_09YDSD&t~FaPW8U@#smbPG?GeJ%9boda@YPOmdxQdet09++Vwz!-mZ# zqHEom={gH*L;oA*Ey>Zg%RYj0*;B6{(<&l;uTxAQ9>npwq<+UmJA+^?-oA82vxi>- zJL>-`qq8!jKd}ec)&KX7Hv9ixKR({q|IYzyUv(`@|BY^Wv;4p3L%Nnq=%uyW!yfjq VhdtZ}{|Nv9|No@d#Ek$j0022b^f>?k literal 0 HcmV?d00001 diff --git a/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/Chart.yaml b/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/Chart.yaml new file mode 100644 index 0000000000..5961634031 --- /dev/null +++ b/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-aks-operator-crd +apiVersion: v2 +appVersion: 1.1.4 +description: AKS Operator CustomResourceDefinitions +name: rancher-aks-operator-crd +version: 102.4.0+up1.1.4 diff --git a/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/templates/crds.yaml b/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/templates/crds.yaml new file mode 100644 index 0000000000..c4fcdfac05 --- /dev/null +++ b/charts/rancher-aks-operator-crd/102.4.0+up1.1.4/templates/crds.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: aksclusterconfigs.aks.cattle.io +spec: + group: aks.cattle.io + names: + kind: AKSClusterConfig + plural: aksclusterconfigs + shortNames: + - akscc + singular: aksclusterconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + authBaseUrl: + nullable: true + type: string + authorizedIpRanges: + items: + nullable: true + type: string + nullable: true + type: array + azureCredentialSecret: + nullable: true + type: string + baseUrl: + nullable: true + type: string + clusterName: + nullable: true + type: string + dnsPrefix: + nullable: true + type: string + dnsServiceIp: + nullable: true + type: string + dockerBridgeCidr: + nullable: true + type: string + httpApplicationRouting: + nullable: true + type: boolean + imported: + type: boolean + kubernetesVersion: + nullable: true + type: string + linuxAdminUsername: + nullable: true + type: string + loadBalancerSku: + nullable: true + type: string + logAnalyticsWorkspaceGroup: + nullable: true + type: string + logAnalyticsWorkspaceName: + nullable: true + type: string + managedIdentity: + nullable: true + type: boolean + monitoring: + nullable: true + type: boolean + networkPlugin: + nullable: true + type: string + networkPolicy: + nullable: true + type: string + nodePools: + items: + properties: + availabilityZones: + items: + nullable: true + type: string + nullable: true + type: array + count: + nullable: true + type: integer + enableAutoScaling: + nullable: true + type: boolean + maxCount: + nullable: true + type: integer + maxPods: + nullable: true + type: integer + maxSurge: + nullable: true + type: string + minCount: + nullable: true + type: integer + mode: + nullable: true + type: string + name: + nullable: true + type: string + nodeLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nodeTaints: + items: + nullable: true + type: string + nullable: true + type: array + orchestratorVersion: + nullable: true + type: string + osDiskSizeGB: + nullable: true + type: integer + osDiskType: + nullable: true + type: string + osType: + nullable: true + type: string + vmSize: + nullable: true + type: string + vnetSubnetID: + nullable: true + type: string + type: object + nullable: true + type: array + nodeResourceGroup: + nullable: true + type: string + outboundType: + nullable: true + type: string + podCidr: + nullable: true + type: string + privateCluster: + nullable: true + type: boolean + privateDnsZone: + nullable: true + type: string + resourceGroup: + nullable: true + type: string + resourceLocation: + nullable: true + type: string + serviceCidr: + nullable: true + type: string + sshPublicKey: + nullable: true + type: string + subnet: + nullable: true + type: string + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + userAssignedIdentity: + nullable: true + type: string + virtualNetwork: + nullable: true + type: string + virtualNetworkResourceGroup: + nullable: true + type: string + type: object + status: + properties: + failureMessage: + nullable: true + type: string + phase: + nullable: true + type: string + rbacEnabled: + nullable: true + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/Chart.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/Chart.yaml new file mode 100644 index 0000000000..fdc7292160 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.1.4 +description: A Helm chart for provisioning AKS clusters +home: https://github.com/rancher/aks-operator +name: rancher-aks-operator +sources: +- https://github.com/rancher/aks-operator +version: 102.4.0+up1.1.4 diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/NOTES.txt b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/NOTES.txt new file mode 100644 index 0000000000..5ba05b482c --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher AKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions AKS clusters +from AKSClusterConfig CRs. diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/_helpers.tpl b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/_helpers.tpl new file mode 100644 index 0000000000..de3b332f6a --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrole.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrole.yaml new file mode 100644 index 0000000000..5e2ce97567 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: aks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch', 'update'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..7aa7e785a4 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aks-operator +subjects: +- kind: ServiceAccount + name: aks-operator + namespace: cattle-system diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/deployment.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/deployment.yaml new file mode 100644 index 0000000000..1d85eb18c8 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: aks + template: + metadata: + labels: + ke.cattle.io/operator: aks + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + serviceAccountName: aks-operator + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: aks-operator + image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # aks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the aks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/serviceaccount.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/serviceaccount.yaml new file mode 100644 index 0000000000..9c40a152f5 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: aks-operator diff --git a/charts/rancher-aks-operator/102.4.0+up1.1.4/values.yaml b/charts/rancher-aks-operator/102.4.0+up1.1.4/values.yaml new file mode 100644 index 0000000000..4a1fb5c398 --- /dev/null +++ b/charts/rancher-aks-operator/102.4.0+up1.1.4/values.yaml @@ -0,0 +1,23 @@ +global: + cattle: + systemDefaultRegistry: "" + +aksOperator: + image: + repository: rancher/aks-operator + tag: v1.1.4 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" diff --git a/index.yaml b/index.yaml index 33cf3007ec..b0174bea83 100755 --- a/index.yaml +++ b/index.yaml @@ -6765,6 +6765,30 @@ entries: urls: - assets/rancher-aks-operator/rancher-aks-operator-103.0.0+up1.2.0.tgz version: 103.0.0+up1.2.0 + - annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.1.4 + created: "2024-03-28T15:23:27.62646549-03:00" + description: A Helm chart for provisioning AKS clusters + digest: cd092eff1162c432cb5a36f844ebf5a79951e3f08fa958475b4448e53461ee76 + home: https://github.com/rancher/aks-operator + name: rancher-aks-operator + sources: + - https://github.com/rancher/aks-operator + urls: + - assets/rancher-aks-operator/rancher-aks-operator-102.4.0+up1.1.4.tgz + version: 102.4.0+up1.1.4 - annotations: catalog.cattle.io/auto-install: rancher-aks-operator-crd=match catalog.cattle.io/certified: rancher @@ -7107,6 +7131,22 @@ entries: urls: - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-103.0.0+up1.2.0.tgz version: 103.0.0+up1.2.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-aks-operator-crd + apiVersion: v2 + appVersion: 1.1.4 + created: "2024-03-28T16:29:21.448271514-03:00" + description: AKS Operator CustomResourceDefinitions + digest: 28031ce5284393930f8225eb836233312588d2bf2917cd0ccf92832417efeaec + name: rancher-aks-operator-crd + urls: + - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-102.4.0+up1.1.4.tgz + version: 102.4.0+up1.1.4 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 0abce9d92f..bf84a543a9 100644 --- a/release.yaml +++ b/release.yaml @@ -1,4 +1,4 @@ -sriov: - - 103.1.0+up0.1.0 -sriov-crd: - - 103.1.0+up0.1.0 +rancher-aks-operator: + - 102.4.0+up1.1.4 +rancher-aks-operator-crd: + - 102.4.0+up1.1.4 From 05b93de3484ac4d7d25d126424449dfc6611eca8 Mon Sep 17 00:00:00 2001 From: Nicholas openSUSE Software Engineer Date: Mon, 1 Apr 2024 12:44:36 -0300 Subject: [PATCH 2/5] [dev-v2.8] Forward ports rancher-cis-benchmark 4.4.0 from dev-v2.7 (#3715) --- .../rancher-cis-benchmark-crd-4.4.0.tgz | Bin 0 -> 1463 bytes .../rancher-cis-benchmark-4.4.0.tgz | Bin 0 -> 8608 bytes .../4.4.0/Chart.yaml | 10 + .../rancher-cis-benchmark-crd/4.4.0/README.md | 2 + .../4.4.0/templates/clusterscan.yaml | 148 ++++++++++++ .../4.4.0/templates/clusterscanbenchmark.yaml | 54 +++++ .../4.4.0/templates/clusterscanprofile.yaml | 36 +++ .../4.4.0/templates/clusterscanreport.yaml | 39 ++++ charts/rancher-cis-benchmark/4.4.0/Chart.yaml | 22 ++ charts/rancher-cis-benchmark/4.4.0/README.md | 9 + .../rancher-cis-benchmark/4.4.0/app-readme.md | 33 +++ .../4.4.0/templates/_helpers.tpl | 27 +++ .../4.4.0/templates/alertingrule.yaml | 14 ++ .../4.4.0/templates/benchmark-aks-1.0.yaml | 8 + .../4.4.0/templates/benchmark-cis-1.20.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.23.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.24.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.5.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.6.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.7.yaml | 9 + .../4.4.0/templates/benchmark-cis-1.8.yaml | 8 + .../4.4.0/templates/benchmark-eks-1.2.0.yaml | 8 + .../4.4.0/templates/benchmark-gke-1.2.0.yaml | 8 + .../benchmark-k3s-cis-1.20-hardened.yaml | 9 + .../benchmark-k3s-cis-1.20-permissive.yaml | 9 + .../benchmark-k3s-cis-1.23-hardened.yaml | 9 + .../benchmark-k3s-cis-1.23-permissive.yaml | 9 + .../benchmark-k3s-cis-1.24-hardened.yaml | 9 + .../benchmark-k3s-cis-1.24-permissive.yaml | 9 + .../benchmark-k3s-cis-1.6-hardened.yaml | 9 + .../benchmark-k3s-cis-1.6-permissive.yaml | 9 + .../benchmark-k3s-cis-1.7-hardened.yaml | 9 + .../benchmark-k3s-cis-1.7-permissive.yaml | 9 + .../benchmark-k3s-cis-1.8-hardened.yaml | 8 + .../benchmark-k3s-cis-1.8-permissive.yaml | 8 + .../benchmark-rke-cis-1.20-hardened.yaml | 9 + .../benchmark-rke-cis-1.20-permissive.yaml | 9 + .../benchmark-rke-cis-1.23-hardened.yaml | 9 + .../benchmark-rke-cis-1.23-permissive.yaml | 9 + .../benchmark-rke-cis-1.24-hardened.yaml | 9 + .../benchmark-rke-cis-1.24-permissive.yaml | 9 + .../benchmark-rke-cis-1.5-hardened.yaml | 9 + .../benchmark-rke-cis-1.5-permissive.yaml | 9 + .../benchmark-rke-cis-1.6-hardened.yaml | 9 + .../benchmark-rke-cis-1.6-permissive.yaml | 9 + .../benchmark-rke-cis-1.7-hardened.yaml | 9 + .../benchmark-rke-cis-1.7-permissive.yaml | 9 + .../benchmark-rke-cis-1.8-hardened.yaml | 8 + .../benchmark-rke-cis-1.8-permissive.yaml | 8 + .../benchmark-rke2-cis-1.20-hardened.yaml | 9 + .../benchmark-rke2-cis-1.20-permissive.yaml | 9 + .../benchmark-rke2-cis-1.23-hardened.yaml | 9 + .../benchmark-rke2-cis-1.23-permissive.yaml | 9 + .../benchmark-rke2-cis-1.24-hardened.yaml | 9 + .../benchmark-rke2-cis-1.24-permissive.yaml | 9 + .../benchmark-rke2-cis-1.5-hardened.yaml | 9 + .../benchmark-rke2-cis-1.5-permissive.yaml | 9 + .../benchmark-rke2-cis-1.6-hardened.yaml | 9 + .../benchmark-rke2-cis-1.6-permissive.yaml | 9 + .../benchmark-rke2-cis-1.7-hardened.yaml | 9 + .../benchmark-rke2-cis-1.7-permissive.yaml | 9 + .../benchmark-rke2-cis-1.8-hardened.yaml | 8 + .../benchmark-rke2-cis-1.8-permissive.yaml | 8 + .../4.4.0/templates/cis-roles.yaml | 49 ++++ .../4.4.0/templates/configmap.yaml | 18 ++ .../4.4.0/templates/deployment.yaml | 61 +++++ .../templates/network_policy_allow_all.yaml | 15 ++ .../patch_default_serviceaccount.yaml | 29 +++ .../4.4.0/templates/psp.yaml | 59 +++++ .../4.4.0/templates/rbac.yaml | 219 ++++++++++++++++++ .../4.4.0/templates/scanprofile-cis-1.20.yaml | 9 + .../4.4.0/templates/scanprofile-cis-1.23.yaml | 9 + .../4.4.0/templates/scanprofile-cis-1.24.yaml | 9 + .../4.4.0/templates/scanprofile-cis-1.6.yaml | 9 + .../4.4.0/templates/scanprofile-cis-1.7.yaml | 9 + .../4.4.0/templates/scanprofile-cis-1.8.yaml | 9 + .../scanprofile-k3s-cis-1.20-hardened.yml | 9 + .../scanprofile-k3s-cis-1.20-permissive.yml | 9 + .../scanprofile-k3s-cis-1.23-hardened.yml | 9 + .../scanprofile-k3s-cis-1.23-permissive.yml | 9 + .../scanprofile-k3s-cis-1.24-hardened.yml | 9 + .../scanprofile-k3s-cis-1.24-permissive.yml | 9 + .../scanprofile-k3s-cis-1.6-hardened.yml | 9 + .../scanprofile-k3s-cis-1.6-permissive.yml | 9 + .../scanprofile-k3s-cis-1.7-hardened.yml | 9 + .../scanprofile-k3s-cis-1.7-permissive.yml | 9 + .../scanprofile-k3s-cis-1.8-hardened.yml | 9 + .../scanprofile-k3s-cis-1.8-permissive.yml | 9 + .../scanprofile-rke-1.20-hardened.yaml | 9 + .../scanprofile-rke-1.20-permissive.yaml | 9 + .../scanprofile-rke-1.23-hardened.yaml | 9 + .../scanprofile-rke-1.23-permissive.yaml | 9 + .../scanprofile-rke-1.24-hardened.yaml | 9 + .../scanprofile-rke-1.24-permissive.yaml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke-1.7-hardened.yaml | 9 + .../scanprofile-rke-1.7-permissive.yaml | 9 + .../scanprofile-rke-1.8-hardened.yaml | 9 + .../scanprofile-rke-1.8-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.20-hardened.yml | 9 + .../scanprofile-rke2-cis-1.20-permissive.yml | 9 + .../scanprofile-rke2-cis-1.23-hardened.yml | 9 + .../scanprofile-rke2-cis-1.23-permissive.yml | 9 + .../scanprofile-rke2-cis-1.24-hardened.yml | 9 + .../scanprofile-rke2-cis-1.24-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../scanprofile-rke2-cis-1.7-hardened.yml | 9 + .../scanprofile-rke2-cis-1.7-permissive.yml | 9 + .../scanprofile-rke2-cis-1.8-hardened.yml | 9 + .../scanprofile-rke2-cis-1.8-permissive.yml | 9 + .../4.4.0/templates/scanprofileaks.yml | 9 + .../4.4.0/templates/scanprofileeks.yml | 9 + .../4.4.0/templates/scanprofilegke.yml | 9 + .../4.4.0/templates/serviceaccount.yaml | 14 ++ .../4.4.0/templates/validate-install-crd.yaml | 17 ++ .../4.4.0/templates/validate-psp-install.yaml | 7 + .../rancher-cis-benchmark/4.4.0/values.yaml | 55 +++++ index.yaml | 40 ++++ release.yaml | 4 + 121 files changed, 1826 insertions(+) create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.4.0.tgz create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-4.4.0.tgz create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/Chart.yaml create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/README.md create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/templates/clusterscan.yaml create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/templates/clusterscanbenchmark.yaml create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/templates/clusterscanprofile.yaml create mode 100644 charts/rancher-cis-benchmark-crd/4.4.0/templates/clusterscanreport.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/Chart.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/README.md create mode 100644 charts/rancher-cis-benchmark/4.4.0/app-readme.md create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/_helpers.tpl create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/alertingrule.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-aks-1.0.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.20.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.23.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.24.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.5.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.6.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.7.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.8.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-eks-1.2.0.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-gke-1.2.0.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/cis-roles.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/configmap.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/deployment.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/network_policy_allow_all.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/patch_default_serviceaccount.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/psp.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/rbac.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.20.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.23.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.24.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.6.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.7.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.8.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-hardened.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-permissive.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofileaks.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofileeks.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/scanprofilegke.yml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/templates/validate-psp-install.yaml create mode 100644 charts/rancher-cis-benchmark/4.4.0/values.yaml diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.4.0.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.4.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7f6c8ed2e4a7ce4e600de145e687e9d0400dd5b8 GIT binary patch literal 1463 zcmV;o1xWfIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V6CfSla@@6ZZ7-K0>GgS$H=v6xd8BoE zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&& z1I=|^cRU;>zpm?+f8Ei*z3_&ktMTw^;0;C>t~YkCt}d8+sN-EMHU#>@J=j-yasLwo zDHQ<;CC#MA7zcttEgTL+0Xjmx<)}$K2=pf`<4WbQrSN@}6ZVF5jBhH3NC?qHz;VJX z+f;-aNa?;=8N#sg5{&_Z!M?rp#s4N(dk~2)sEtr^!k)aIkA`azQS$$zGz39l7%h=a zXYUPrP`Vn+=`}f`RfH1;Q4|QC+_m1*v)`dJbll!+KhL&SAOD156ab-l%Y)buYQsV9 zr3c&N-*X3^SB(FGcR6;?@qY@-M-D^+zY$9N&p3}i8ykX8Uhh#zf5N7*Ar;Qhs91A+ zj}JnMBmzPt@PWYUM;bpl!Wf4OvySMViICfY3$5ZP5rSN2dVL~9jAdR^s5=faX^nzd zLr`?lW6W@612Y@lV=N2H1goD->&Z(X4C*H#wPu2#(trn6{PgM|y zGMibSeKktn0xc)ZF$5GFCjdjUSlW5sYV{xjyn!$Ud%i2VrDQ|0?o?C^X(1Q24on<| zpjQqlf}ntVpKECa6@f7Yq}z2vE1(Au#VP%=ZfFH$9z|3Dx?4B20{R=YECBtrZfFH0 z6d3g)1U!_C${%c*a^Ij5y-+n3xmlg@&8$I!dMZ)8K`x`I{vN8Q~s z*MwYHx^*4ZT*)+tSFlhJhLz-OqOMi$dkxYg$X284__jlwG=_BQ@6X5w!sGi2(HOf6 zI;sZ`+Dwd+&~EY7^^z+oHl5 zU_S_(?DyQ0J&KBlv&)sqNpZhR?eS@!D{CoT*->bG?Lx>8YAx%3>r!cpLSRGve{eM% zm+F6)gOPWx|DD2)UH^L_OoxTQch8tfcSS{T?euj^gAsBko7SyXPr`qZ%tA%5)VD*a zClvDcc#c{kp~;?K0r^w?fL-9>TLXOkfF0m@!laj{n3h~VL9|gZ-C^K??vnRWJNwL! z{;sQKCDL_zuHJHgPURMazXBD~s*yMuStorTrCc1X9fmin(TQmwxVYtsMmXjIn!@#XpZkCWK3^*<#{hw?v5 z0PEC0bNBkkz9YTkKUkdD50uD`S>sNL_S@a(n-lKij}ZU$`ak<{{r=MjC-e{Y(e(YV zHyo6{{~Zl4&-K5P*iTzNcD-h^w2$#6XkxSkVq)WS+Ss7a=Bv6-YF~SWXFJ>3&UUsc R`!4_h|Nps!V3q(h0010B%d-Fg literal 0 HcmV?d00001 diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.4.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.4.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..153a577d54c15889ce7f28f55a24e7127ca4044f GIT binary patch literal 8608 zcmYLPcRW@9|G#8QN(mv^nT3q(k&?ZV88R|5N@h4_$jZpbxFoZr>`^Y+WMpP_ZCPD1 zF4w*1{k{4;9>3rD>)!YKeO~kVdY{+xeGW$~)dj@K1q2X6wi<@l?KE_xwEb^NK9n%I zZf_*%Y;JT@O3%bZO6UG#7h89Ge`5m=1r3MCZivmGji=M~wT^&Yp+j(4ds+Nqd6r1x z`li*guK01iZ?ezin&Q~&DxuJBUh3%!EfmTPLBql6{%QV|0wGKW(nfF9WxldndwUBr zkUcpbue(U~D(pJ+^6j$GwcE=H)XSWD#N?qu*xt*q&k#Fr@sstZ(+LOFC(D-8>_uZ4K z;@Zdg<4p?I5p+BE<9-8;-pRAMVE@|CP9uB8tVC>G>Yhq1@3G8a5FYRkX4Z;S z#YOZi`afFSH{%z+*StYD-01t2vP|^)EiN&)<@ni#9a(RtwQ)_&3B&9t)|8IwLbPVdT$e;>L4J(PJ^^iuU9Y=Bfs8&c^oNDTohn-imGV+sG&oB^7 z^}Q*Js6!>Lt++` zLLY5Ybn%>F>>a*j0IB<%*U6F{Ye zPPpG7)4WW}v3$1qmoy@`72;|a=d<;rBn?u`;-n3EQfQ%l`}fEWJDD?j>HaC(P~Ed! zncP=r*>Cwq4QB2MBo_8eA)l@ntZ7P))v3($2HjEZ2^F_?I`?W$k9s!+iWI+ik5${= zOHd|@(}=;n^o^=UO{ld0s`^b*mSdx!V{EE{8=FEs^Tw~pkTwxpElB~(i&gJxdoQ?u zZ+nF{loD%*N?qgOIeaACf0WrwqQ+6kv+$>T)Os#1Yl{2uGZn^$C)zpdvnt6TlMZ1< zOJZz6{swgF&_F&yw@E<@8uWB*tQk>wt~VkGUn-c{f7w~}XgidWij&1QB`d!<1)skE#&!?^n`A!PK48>Ze#JmHZ$)=(&KNu-Z`EdQMwe*u(ergm_EpXUMZNe|C#L}6 zWP_&y?;1ITU*=`~xIgdnqKG=}!!7Lh4arM9x00T1n}1|jy{fI?9%IwflAX^mnx1Z1 z!kJw&*vz;eEHAYIx#uJ*>50YZYv`%JwhFC0teDuU_zi4^*ky=-tgueBZnfaE3w;%( zZoa_FcVL#x5?0hcyLEy5+xx}i&KutNWb4U@@vmvpIW0|^59u&!xfo2t zTS;lM2R$7)Ly<@vrjV64MzQ#2;KkA-Q%m)(IYPGI$C#rY(v)~dev~jnYN^-_P%Q6m z(u+`wIZ9j!5HWFihA-Pe-hGx~CSPA@OT|O=cSUSvMk9urKR!PF4qc9Y1Sd*|o+<8= z6rs*?CL)`RA@FjPtbhjeQibj9&ZW^*E#Z})rW-n5l@2^5ulx;*FV5uEj(3!pS~xG> zJTv0DPr{b?K7 z9H$+keerdn=7;Et?;w~3947$Ej%K`4DL1TS6$_qkeOyG*jkbc6-ap_jH9?L)0ggJE zujznRfrSb?Ua9;$7!ik&H(`#8$A2N4STF$U!ekGXN;cv2HE3cDgnqsT23`E&35!)! z*1tK(Boh?>*+DvN4nQ{seVQ0e5UIQ1*=s<^wE)iKQOl6x?OF@OGa*DX@8$sLp)+5C zCOUwLrzyN@XDB>hd_5=wXt^z7orJahg%+77 z-D%we=#NR=CH1#Tx}n`~rv%ml({)Ie@zy~w8gnoMdkB>zfmpEx;TGvwO+03-0$5@3 zXd0JA2(yF3n4B6|z!ac~Kc?4iv<8VzDV5G@X~0zTwP!C3k{;4bM&ln-$G z=q*qacIgPBBKTg+b2Od@Yr%g}r-*6CLBqZ~D8|taFmg&8G>x_F7hD3^WWauiYJ}_1 zPmaM>o+8Zg5cf}hBsj&2!z@5TC9xpV~HS&3gnQNu--d_d~67q zgZpSODYu4{C8pR4uOt@&H_a-a$fth~X5sZ+RB+c<&~;{g5pe!9|FazEpqsJ)N}k8i z*4!sNTIP1`h;`~F`P281>m7A?f`CU&Jb{VUb^|Lm#3Pbi=GTYT00%;!gLL-MPGB_- z(m$cg;c^bfBkLyEcNYI|?Wy0WDuj0d1K6-8%Eo}I@To&o9}b8gG>xHZ3b??=1XKr4 zoW${;A#V&K0snpl@Hz$}`JynA%?5`KqRR_5UWB$bzzhs&ow%9-6GQ24JdcVbK<)s= zOAMja0eJlxy#<$Yj2(KYfPd<{fZBiRX@JNkklSh`mKZU5O`AX{3-8qgt>2M^EruXz z@Q8eW2b>)N1Eizzg7~^m08_p33wV%w??CAU$YIm>zqJ$1pkmq=Lj)}D@V|7rZ*~Cp z8oH2W7_8%vzgmc?4iDdj+L--c0joN&Dq!#$9Qz@b@f;u4A=K7Mrc!`h0Ahetp0jKR zLeYi1-a`{%tj_^_XAp;1j%Q(HBk`V^4OA>B&(noDR8O+XGF6z86rh(*BHh8}Q1)S=F$9YgE4iD0P!?(pDAPF0Hjng99_wMx+<4p(5n z8lCJPf|7|o>pzFD|K~8#hB4p{5eO)Sf1VKkpLnva&I0zIw5p{xx$UE)8DL*I*Bz+I zYaLJADVI^q=g{1r-#k?TSyy{AeZBakC&Pp;FHoG%qdZORm@0XT?d>SPxiS|{x^=M| zKk6jHddbT;Z|U>)=ZvcjulK0?D2r#FNihU!tIhbiFRFx|V-mb6c}FZ+?QnFDoFTHG z+o{vw70hT8-D7>u0Iv2Q&CVNE@<>4roh~)*haQ*n8}KZplzT_&=`g4d+kcXQL%%0` zu^wge4fK7rj(O8x-rql&q3g&aSgRF$aP)pP-uy*h_QDp2XEna3v-JRvoO*H7_)aPO zNG)HHfT^DN1t$J9u0lSqrkqClFn6o%XI69QDCAniV${Z_9_xBvVmZeVwY@K7-$wOj zDtLAE&0H%Xh`SHV^5yPd;oB_f&bepvyM@JWInN;0MZZz}{%uQzs*6j)`BpL3=X?q0 z5i#H-6O&8U`G$fEZ!DW7`}*3gbkGgBGF71S&(gbT#!Ek?()p4!>Fk!u-}s=v=dB;^ zikLvp)84FH#rnO;{hFrV&zvjhbo4HaG|a6J#)}_w*j)JA#3Fvr3Zc0Pq0q!<1CDVB2;w5+L4X(`*SSsxZY-7P%})%bNAJ2q=foaH3QF1 zX(>NaS?=>}-*yY7(tQo*H@#eTlxVZ{OWUo6an`6XtOT`PYHq{N-O}%s`_EFjOBWW- z{J})g^WC#2#bO83wVtv>&GXWiLedejJCq+q$u++VQQCx+sJC5Qmr~;`xwdN*SyaEI znrZv`^^1tBse8j(du#TlyvkD6sJ8v-2_-A5K>YIV{>Cmn^4c#X*m9dU@yfyUcF$HY z^5Q<{t?ND)?dz}CGEju%!F1<>yl2Y0Q{!G>r!5f;_7<;sk0wbdzC5xrBcy45aviJu zQfIue-?6{C>+4aW_y7t92a97J8ykb^N)Li82ao(GW&C0NUlSfs@cZMHR)*q9&Fq3d z@yQF#1W%aIROjK-bB={2lDP$wSx3caeO7OR1N|Tf_Jo7ge3`QB z82+B4me5LT9G$xE=JuN78u~#Fgx^`;&8kC#>U>tDk`osxTSwpRg^h`eLr;S5K9L74 zcP=9f&faKAlpi(IAF#g}8hp5OJjekB7SjgoEJkfa(KZC!xmQ1e$vdP^mM|3(ugo(| zs5wd&&RIacGRr^<>rtXk6$mRA<&9V^wflukWah2SD`#?alBi0&6NbwR2kXQ;MzSsK zy^6fdocka8^sJ4MiWDBQo9vpGIp#amrj@@c`r_x(U^JmsH^W4KQJ15>(53Opke~J> z15*`uTW0|HkoK&+7&*mX6(bIi`Hjm9D_-``2olt4!S4Y|?}q*XzRtI@7Os-^9E8ek zyj7L9JbL+D&mVCl8^uInTfVimQd=!IFI&k26Equ|S6WSdT@;#Rxo@V8yJh_YZd9+2KXD4pArprJBiw)aV+WtXN zl%?_``5lQe^P-^lg}7v?V&(z)n+my4gGbm@+Y4O`_!z0%3YPA(>5x%-D)8`wOP{@H zJ6%k+_T_e!VfCBNo6R(Pa$UpL>3lT_PU-;{tn+fN1ifMI;Ui&2s z1{}*Qu5+X4=J%G~`6kPYokgN~P0A0jspP3Tnl4J3Mq86q^6f%wS)n;nZKsx95ElaM>^Qpp_Vo5% zJOAX_s+9QjZ0rqdlim;CZm0?MWiTFoC*g+X>)k`g&EAnk@ZywYw(9QhqlkUSLrO~X z?-qfMx^KI0-Rp5b6Xf4`(|$yM`e|h5b(^Vds?$jtkJsd-SPS+H(!|oIZ z%JkpwcL@DKIbJpStZ=-{@$VxSrYdBtcl8PTo`Ea6ug zmR#>iwAXPr&s)Om4|{CQ>5K_R+dM$3Yk4RcnWyYOjj#Mxkv5MEtWKM)U5Ta<`BdtB zrv4d$`gYSEwX0Yr-FDE-!Tv#TjT>`Cy=81s6eWejR5Q65I$pZL`cn-1#ydd*dA)}VpZIos%m(uT7iN64FPn;-LQCy7xj$XM779R%*PRFT_?SO@W4ky+G!I84%$ z9~k*_!E}mVYwaBuP1lnQcHvDS|N85n7i2HLdtBL|U1VLKkj{14zVv?6*Cjqz`Y%#w zL7m!xIAN73SFP}kq?OfBW)UXT4gD&Yq|2=5+^Z?n6`3aWFVvDcGx1E8`8+SxTyq-^ zvXL8i)HzDu%)Dlj`KcfMv%5=DD$PM+F-}l)j~UybEUJJUlp>oA8`RekODkGUlhCa` zND^!m*n@9db_xHgU~XlyiZs0DU6BW0SHaF7yUj{}9#5zIQ}6+Qan<~cwAX&>o*xad z>exDN7^l+Zm)?r&$KNzil!;Z>@!41KW`&asLV*G+9@Bt@%vI>{n8{^ma0i?#X#vfQ zaMM1AiT){Y>~lmUauC_UDp>oK7~Xe;!oi6H&S(W99ckMIqk;rI_G6An!jaOaZ{R$U zy0y*|fA)gVMNsfb2@Gy-qmPIL%MV7HErZOHL3+Sc!Lm_HYmM;3W5IJ*G;qRZ6Wipd zB`|#0O`!ubh6I$ic79%atR^71i#j9^=?VrYR2d*N?-IF;4}9(G*6cR8&R-QB#h00F)v;4O0#!h-yyJ%0Z3vuWui|H^pLu+UJecuUWP}j zoy;9fVIj(s26cS}obLvuMqt(;9)uH_+76m#eICrM?Ll*U5Qp(HwDljObBC2eVft(s zlR#AP-WsqId-KaMQXz*(atUb4dnb&i>4aQl0lhr%NEi5aDdL%=>l+WC;vD5=914f8 z@LgyIHk46I(9Uz*H_^?;LliUDxJZZ* zP|zo4S_p?B_Pn3+fx`1mUsr&=#S2dlL0!b50$?H%GV*U#5OLKn;7TsFhw?}yxNm{n zl6Htl84o?kefH30~ zAw()Z0!9*uv!jEMs~n<^PVdpF%gXm)%q~d?4G!(rgn>*|tnhU(Nl1VA$P*OV*pYPw z?0b@yU|1;zZn8qiy%hx5BZM+9!S|R*nM7d=@J~s-b=W$-!t7rP|9>qPz~T_f0zi5T z+$6?7^v$6M;S_?ktH>_+1j)ZJAiEv|O{;9-A(|uKCWH?WyqJBG5Y2z#mE1w&C=pT# zI$Z=qB7FOCXy08Tr;`InRWK_Wl4Fnro(CcFUcy*5qJ@0_Od(cDz4gmpe1*k-%xVA> z4?%UbHjg%2p{LxwM^l5cy@zP_><`=^oyZuIqoIi>L~ z&?@_n$I0-3AD6(7ZPbQvOTlMK;(>@<;D+n@vTf9AGZ7TT61D#f>KtLcWa%HWu+pVM z{2j4kMF#Y$m{C*njvb2wUdhY?OssiZ;yuXK|ExYn>Bi!XGDL0?l|e}f0$p^kH2^9btoQTA7Sefrg6ca*np6$MH)_LKU;Ztp0?If zCDS-!EsOTQr&gL^lVMl!pT#KsPH>ajS@}Y(c1_!-<=7nbaY}v!$oX~GBNEL1X(8@B z+nXmHsF?PJFH}jbv9ETsWWtL6kMm7;*Apq<`Qkk4{!z~Q1x~5_QtCMR8g|BX6EP;Sz4Un+q%`1biuo>bHMUQE>!ONH3cp3>Y_#@m)9`y1r8 z=gBaVG2PKGj15wM9WAT70DDee_O{e+)S{ISis_}bkjf<4mvrYw@Y(QPA&tG$W)9xX_Qe47Y6(ZBC-*>4Opv-iG#5-NW%-(_U9mDN6Q zpp2h_>pgMOx&02wrQGvh#<`n*44oEy;qglU zepob%#KWK`Uo(&-nGDqL^fJf>LRz>2dhcqOBF@{(YKg#ASKrCLCAH1wqju4}a2U}_ z#W`0eyu{Pe;(8;uRh>(v^NQpp>*hdbZL#d-U+taqr+Q<$+xdr3iPSP={<<3} zk+N!peW~zxMJeWOnli)p?XyyO5g>fPh8Nz*KCL@*j4ZdI1%*YyqMj^k>A&564|c_z zLNdsWiz)^Vn|<|**XFq7MZ$!;_JT${Kd9jo%U_ObMVjhQ{Q?7@Ki@dI(G=6wvE(Pl z!{oShSUBN?=Mc3?Bcrqvb?m(C^ju=OE>EUi{2W${fst08G}P__?sOt~AWgk>y+<#} z;A)j!5TBfg59%ux!iN&vxAo=GVJ4@f6+K* zxUg#b&`bS0&)HXE_ezdUeBY_EZ$5D>>+%aRL^h0U9bzR%{Wx}qO4+Kej)Z+Xl2T0neuS97R`hy8bh zBI6xQw8rVm@SZUe`$WMxd7<1teg(WFXN}BqB`>KuL-LfF5D;(iPTN`n5Gbu zKs+3Im=yP+)Ou#_0S0O?Beau;oWTU!Iq$>->?Y4eshZGSW&; zX+7<<*mC#ejmAO}i>e`|=q7ozEFFZFrG|N?seRsdOHn_CBBtm1! zYkmsxsbvo?7TPnIxbsHszPw3&;o?RJTs^!No__bYlB)d`&(2lm7Srv_Qn!4z)pVu@1y4Q-28P$*tzewzkcezOyGXm z&i#7RH$Vd!&d%cB^EX7Sx`}M}n_uW5{ zeDQJ#k;8CP5BJWeIN>)I*FVms#j^S(UCb!7+v)qE$(Vq6jrqFwOl#SVH~Dhfbro{M z4p>KV-$B!d%)rnQDWP-Ds9iX3C|kIG$=@y`Fx^G?2UAJE@nUhbgu+3bm7miUp= 1.21.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v4.4.0 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 4.4.0 diff --git a/charts/rancher-cis-benchmark/4.4.0/README.md b/charts/rancher-cis-benchmark/4.4.0/README.md new file mode 100644 index 0000000000..50beab58ba --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/charts/rancher-cis-benchmark/4.4.0/app-readme.md b/charts/rancher-cis-benchmark/4.4.0/app-readme.md new file mode 100644 index 0000000000..147e91ea2e --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/app-readme.md @@ -0,0 +1,33 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. + +> **Note:** +> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.4.0/templates/_helpers.tpl new file mode 100644 index 0000000000..b7bb000422 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/_helpers.tpl @@ -0,0 +1,27 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/alertingrule.yaml new file mode 100644 index 0000000000..1787c88a07 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-aks-1.0.yaml new file mode 100644 index 0000000000..1ac866253f --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-aks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: aks-1.0 +spec: + clusterProvider: aks + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.20.yaml new file mode 100644 index 0000000000..1203e5bcc5 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.20.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.20 +spec: + clusterProvider: "" + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.23.yaml new file mode 100644 index 0000000000..83002966d8 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.23.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.23 +spec: + clusterProvider: "" + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.24.yaml new file mode 100644 index 0000000000..ad73b2c34c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.24.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.24 +spec: + clusterProvider: "" + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.5.yaml new file mode 100644 index 0000000000..c9e6075fb4 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.6.yaml new file mode 100644 index 0000000000..4f5d66e92f --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.7.yaml new file mode 100644 index 0000000000..fa8dfd8eb9 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.7.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.7 +spec: + clusterProvider: "" + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.8.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.8.yaml new file mode 100644 index 0000000000..ae19007b2e --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-cis-1.8.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.8 +spec: + clusterProvider: "" + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-eks-1.2.0.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-eks-1.2.0.yaml new file mode 100644 index 0000000000..c1bdd9ed5e --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-eks-1.2.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.2.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-gke-1.2.0.yaml new file mode 100644 index 0000000000..c609e736fd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-gke-1.2.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.2.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-hardened.yaml new file mode 100644 index 0000000000..147cac3906 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.20-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-permissive.yaml new file mode 100644 index 0000000000..d9584f7229 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.20-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.20-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-hardened.yaml new file mode 100644 index 0000000000..1a928db35c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.23-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-permissive.yaml new file mode 100644 index 0000000000..5a46787d51 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.23-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.23-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-hardened.yaml new file mode 100644 index 0000000000..47b6be197a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.24-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-permissive.yaml new file mode 100644 index 0000000000..6ded2f02bd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.24-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.24-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-hardened.yaml new file mode 100644 index 0000000000..5160cf7950 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.6-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-permissive.yaml new file mode 100644 index 0000000000..10c0759853 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.6-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-hardened.yaml new file mode 100644 index 0000000000..6fb369360c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.7-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-permissive.yaml new file mode 100644 index 0000000000..b556d70fe5 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.7-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.7-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-hardened.yaml new file mode 100644 index 0000000000..07b4300d20 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.8-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-permissive.yaml new file mode 100644 index 0000000000..c30fa7f725 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-k3s-cis-1.8-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.8-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-hardened.yaml new file mode 100644 index 0000000000..4924679cb3 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.20-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-permissive.yaml new file mode 100644 index 0000000000..2db66d7c62 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.20-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.20-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-hardened.yaml new file mode 100644 index 0000000000..12de23173d --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.23-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-permissive.yaml new file mode 100644 index 0000000000..f9d5052541 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.23-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.23-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-hardened.yaml new file mode 100644 index 0000000000..7030c793fc --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.24-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-permissive.yaml new file mode 100644 index 0000000000..b2633eade1 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.24-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.24-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 0000000000..b9154f1ada --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 0000000000..9da65d55dd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100644 index 0000000000..77f8a31df6 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100644 index 0000000000..600b8df35a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-hardened.yaml new file mode 100644 index 0000000000..39bac7833c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.7-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-permissive.yaml new file mode 100644 index 0000000000..2e2f09ac74 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.7-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.7-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-hardened.yaml new file mode 100644 index 0000000000..d3d357c023 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.8-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-permissive.yaml new file mode 100644 index 0000000000..208eb777cd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke-cis-1.8-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.8-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-hardened.yaml new file mode 100644 index 0000000000..b6cc88359c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.20-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-permissive.yaml new file mode 100644 index 0000000000..fd898bfe86 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.20-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.20-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-hardened.yaml new file mode 100644 index 0000000000..55d96da59d --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.23-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-permissive.yaml new file mode 100644 index 0000000000..55fffe3209 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.23-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.23-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.22.0" + maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-hardened.yaml new file mode 100644 index 0000000000..f702a13726 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.24-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-permissive.yaml new file mode 100644 index 0000000000..5bc70099f7 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.24-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.24-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.24.0" + maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100644 index 0000000000..20091ec2b3 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100644 index 0000000000..9a86906b02 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100644 index 0000000000..ea2549ef39 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100644 index 0000000000..0afdaaa19b --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-hardened.yaml new file mode 100644 index 0000000000..6306e9601a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.7-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-permissive.yaml new file mode 100644 index 0000000000..76236e11af --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.7-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.7-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.25.0" + maxKubernetesVersion: "1.25.x" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-hardened.yaml new file mode 100644 index 0000000000..0237206a73 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.8-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-permissive.yaml new file mode 100644 index 0000000000..b5f9e4b50f --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/benchmark-rke2-cis-1.8-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.8-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.26.0" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/cis-roles.yaml new file mode 100644 index 0000000000..23c93dc659 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/configmap.yaml new file mode 100644 index 0000000000..094c9dfe0a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/configmap.yaml @@ -0,0 +1,18 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.21.0: rke-profile-permissive-1.20 + >=1.21.0: rke-profile-permissive-1.8 + rke2: |- + <1.21.0: rke2-cis-1.20-profile-permissive + >=1.21.0: rke2-cis-1.8-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + aks: "aks-profile" + k3s: "k3s-cis-1.8-profile-permissive" + default: "cis-1.8-profile" diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/deployment.yaml new file mode 100644 index 0000000000..8c9f72f5de --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: IfNotPresent + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: '{{ .Values.global.cattle.clusterName }}' + - name: CIS_OPERATOR_DEBUG + value: '{{ .Values.image.cisoperator.debug }}' + {{- if .Values.securityScanJob.overrideTolerations }} + - name: SECURITY_SCAN_JOB_TOLERATIONS + value: '{{ .Values.securityScanJob.tolerations | toJson }}' + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/network_policy_allow_all.yaml new file mode 100644 index 0000000000..6ed5d645ea --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/patch_default_serviceaccount.yaml new file mode 100644 index 0000000000..e78a6bd08a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + + backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/psp.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/psp.yaml new file mode 100644 index 0000000000..9b8a5995ee --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/psp.yaml @@ -0,0 +1,59 @@ +{{- if .Values.global.cattle.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: cis-psp +spec: + allowPrivilegeEscalation: true + allowedCapabilities: + - '*' + fsGroup: + rule: RunAsAny + hostIPC: true + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cis-psp-role + namespace: {{ template "cis.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - cis-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cis-psp-rolebinding + namespace: {{ template "cis.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cis-psp-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +{{- end }} diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/rbac.yaml new file mode 100644 index 0000000000..33fb93f04c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/rbac.yaml @@ -0,0 +1,219 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-clusterrole +rules: +- apiGroups: + - "cis.cattle.io" + resources: + - "*" + verbs: + - "*" +- apiGroups: + - "" + resources: + - "pods" + - "services" + - "configmaps" + - "nodes" + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "watch" + - "patch" +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "rolebindings" + - "clusterrolebindings" + - "clusterroles" + verbs: + - "get" + - "list" +- apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "list" + - "create" + - "patch" + - "update" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-scan-ns +rules: +{{- if .Values.global.cattle.psp.enabled }} +- apiGroups: + - "*" + resources: + - "podsecuritypolicies" + verbs: + - "get" + - "list" + - "watch" +{{- end }} +- apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + - "pods" + - "serviceaccounts" + - "services" + - "replicationcontrollers" + verbs: + - "get" + - "list" + - "watch" +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "rolebindings" + - "clusterrolebindings" + - "clusterroles" + verbs: + - "get" + - "list" +- apiGroups: + - "batch" + resources: + - "jobs" + - "cronjobs" + verbs: + - "list" +- apiGroups: + - "apps" + resources: + - "daemonsets" + - "deployments" + - "replicasets" + - "statefulsets" + verbs: + - "list" +- apiGroups: + - "autoscaling" + resources: + - "horizontalpodautoscalers" + verbs: + - "list" +- apiGroups: + - "networking.k8s.io" + resources: + - "networkpolicies" + verbs: + - "get" + - "list" + - "watch" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cis-operator-role + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + namespace: {{ template "cis.namespace" . }} +rules: +- apiGroups: + - "" + resources: + - "services" + verbs: + - "watch" + - "list" + - "get" + - "patch" +- apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "watch" + - "list" + - "get" + - "delete" +- apiGroups: + - "" + resources: + - "configmaps" + - "pods" + - "secrets" + verbs: + - "*" +- apiGroups: + - "apps" + resources: + - "daemonsets" + verbs: + - "*" +- apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-clusterrole +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cis-scan-ns + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-scan-ns +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding + namespace: {{ template "cis.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.20.yaml new file mode 100644 index 0000000000..05263ce7da --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.20.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.20-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.23.yaml new file mode 100644 index 0000000000..c59d8f51ff --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.23.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.23-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.24.yaml new file mode 100644 index 0000000000..aa3e51c3e2 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.24.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.24-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.6.yaml new file mode 100644 index 0000000000..8a8d8bf881 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.7.yaml new file mode 100644 index 0000000000..1a37aad835 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.7.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.7-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.8.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.8.yaml new file mode 100644 index 0000000000..40be06c946 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-cis-1.8.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.8-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.8 diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-hardened.yml new file mode 100644 index 0000000000..a0b6cb6f6a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.20-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-permissive.yml new file mode 100644 index 0000000000..89885548df --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.20-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.20-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-hardened.yml new file mode 100644 index 0000000000..724412d3aa --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.23-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-permissive.yml new file mode 100644 index 0000000000..9f9213de1c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.23-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.23-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-hardened.yml new file mode 100644 index 0000000000..252251efcf --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.24-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-permissive.yml new file mode 100644 index 0000000000..05555c64dc --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.24-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.24-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-hardened.yml new file mode 100644 index 0000000000..095e977ab2 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-permissive.yml new file mode 100644 index 0000000000..3b22a80c83 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-hardened.yml new file mode 100644 index 0000000000..22ae9e0d23 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.7-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-permissive.yml new file mode 100644 index 0000000000..f79e9ed966 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.7-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.7-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-hardened.yml new file mode 100644 index 0000000000..03f6695689 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.8-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.8-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-permissive.yml new file mode 100644 index 0000000000..39932a4e5b --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-k3s-cis-1.8-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.8-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.8-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-hardened.yaml new file mode 100644 index 0000000000..c36cf38c90 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.20 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-permissive.yaml new file mode 100644 index 0000000000..cfeb4b34c6 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.20-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.20 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-hardened.yaml new file mode 100644 index 0000000000..0073311496 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.23 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-permissive.yaml new file mode 100644 index 0000000000..085b60dfa4 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.23-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.23 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-hardened.yaml new file mode 100644 index 0000000000..faae63e87f --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.24 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-permissive.yaml new file mode 100644 index 0000000000..7335a1d2d8 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.24-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.24 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100644 index 0000000000..d38febd80f --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100644 index 0000000000..d31b5b0d25 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-hardened.yaml new file mode 100644 index 0000000000..7b83f95bcd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.7 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-permissive.yaml new file mode 100644 index 0000000000..52327c4af1 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.7-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.7 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-hardened.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-hardened.yaml new file mode 100644 index 0000000000..54aa08691e --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.8 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.8-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-permissive.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-permissive.yaml new file mode 100644 index 0000000000..f7d4fdd229 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke-1.8-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.8 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.8-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-hardened.yml new file mode 100644 index 0000000000..decc9b6516 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.20-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-permissive.yml new file mode 100644 index 0000000000..74c96ffc49 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.20-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.20-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-hardened.yml new file mode 100644 index 0000000000..abc1c2a21b --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.23-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-permissive.yml new file mode 100644 index 0000000000..51cc519acd --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.23-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.23-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-hardened.yml new file mode 100644 index 0000000000..f8ddb9851c --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.24-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-permissive.yml new file mode 100644 index 0000000000..c820f03928 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.24-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.24-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100644 index 0000000000..c7ac7f949a --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100644 index 0000000000..96ca1345aa --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-hardened.yml new file mode 100644 index 0000000000..193753a0bc --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.7-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-permissive.yml new file mode 100644 index 0000000000..409645dc76 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.7-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.7-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-hardened.yml new file mode 100644 index 0000000000..d0a1180f56 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.8-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.8-hardened diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-permissive.yml new file mode 100644 index 0000000000..0aa72407c0 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofile-rke2-cis-1.8-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.8-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.8-permissive diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileaks.yml new file mode 100644 index 0000000000..ea7b25b404 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileaks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: aks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileeks.yml new file mode 100644 index 0000000000..de4500acd9 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofilegke.yml new file mode 100644 index 0000000000..3e5e2439ac --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/serviceaccount.yaml new file mode 100644 index 0000000000..ec48ec6224 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/validate-install-crd.yaml new file mode 100644 index 0000000000..562295791b --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.4.0/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.4.0/templates/validate-psp-install.yaml new file mode 100644 index 0000000000..a30c59d3b7 --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.global.cattle.psp.enabled }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.4.0/values.yaml b/charts/rancher-cis-benchmark/4.4.0/values.yaml new file mode 100644 index 0000000000..8233a7a6ef --- /dev/null +++ b/charts/rancher-cis-benchmark/4.4.0/values.yaml @@ -0,0 +1,55 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.13 + securityScan: + repository: rancher/security-scan + tag: v0.2.14 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.57.0 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +securityScanJob: + overrideTolerations: false + tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + psp: + enabled: false + kubectl: + repository: rancher/kubectl + tag: v1.28.3 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/index.yaml b/index.yaml index b0174bea83..0f0f32ebcb 100755 --- a/index.yaml +++ b/index.yaml @@ -8789,6 +8789,32 @@ entries: urls: - assets/rancher-cis-benchmark/rancher-cis-benchmark-5.0.0.tgz version: 5.0.0 + - annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark + apiVersion: v1 + appVersion: v4.4.0 + created: "2024-03-28T15:48:09.748024546-03:00" + description: The cis-operator enables running CIS benchmark security scans on + a kubernetes cluster + digest: b070d3725cd7f828e5b9eb83d6bf8528dbb01458e76c7f034e2a279870b40cba + icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg + keywords: + - security + name: rancher-cis-benchmark + urls: + - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.4.0.tgz + version: 4.4.0 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -9313,6 +9339,20 @@ entries: urls: - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-5.0.0.tgz version: 5.0.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd + apiVersion: v1 + created: "2024-03-28T15:52:19.665764728-03:00" + description: Installs the CRDs for rancher-cis-benchmark. + digest: 943ec603646b4469ee4c8c50c8b81a7976446a9542b527924a2d5f4d04346f9e + name: rancher-cis-benchmark-crd + type: application + urls: + - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.4.0.tgz + version: 4.4.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index bf84a543a9..db84299cf0 100644 --- a/release.yaml +++ b/release.yaml @@ -2,3 +2,7 @@ rancher-aks-operator: - 102.4.0+up1.1.4 rancher-aks-operator-crd: - 102.4.0+up1.1.4 +rancher-cis-benchmark: + - 4.4.0 +rancher-cis-benchmark-crd: + - 4.4.0 From 8be82fd238419aeb85d3b427e587f12516d714e8 Mon Sep 17 00:00:00 2001 From: Nicholas openSUSE Software Engineer Date: Mon, 1 Apr 2024 12:45:08 -0300 Subject: [PATCH 3/5] [dev-v2.8] Forward ports rancher-gke-operator 102.1.0+up1.1.7 from dev-v2.7 (#3714) --- ...ncher-gke-operator-crd-102.1.0+up1.1.7.tgz | Bin 0 -> 1412 bytes .../rancher-gke-operator-102.1.0+up1.1.7.tgz | Bin 0 -> 2036 bytes .../102.1.0+up1.1.7/Chart.yaml | 12 + .../102.1.0+up1.1.7/templates/crds.yaml | 250 ++++++++++++++++++ .../102.1.0+up1.1.7/Chart.yaml | 20 ++ .../102.1.0+up1.1.7/templates/NOTES.txt | 4 + .../102.1.0+up1.1.7/templates/_helpers.tpl | 25 ++ .../templates/clusterrole.yaml | 15 ++ .../templates/clusterrolebinding.yaml | 13 + .../102.1.0+up1.1.7/templates/deployment.yaml | 61 +++++ .../templates/serviceaccount.yaml | 5 + .../102.1.0+up1.1.7/values.yaml | 22 ++ index.yaml | 40 +++ release.yaml | 4 + 14 files changed, 471 insertions(+) create mode 100644 assets/rancher-gke-operator-crd/rancher-gke-operator-crd-102.1.0+up1.1.7.tgz create mode 100644 assets/rancher-gke-operator/rancher-gke-operator-102.1.0+up1.1.7.tgz create mode 100644 charts/rancher-gke-operator-crd/102.1.0+up1.1.7/Chart.yaml create mode 100644 charts/rancher-gke-operator-crd/102.1.0+up1.1.7/templates/crds.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/Chart.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/NOTES.txt create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/_helpers.tpl create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrole.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/deployment.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/templates/serviceaccount.yaml create mode 100644 charts/rancher-gke-operator/102.1.0+up1.1.7/values.yaml diff --git a/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-102.1.0+up1.1.7.tgz b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-102.1.0+up1.1.7.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fe7ce58bbe1e7b4b5999987c82cdba66310fd0ce GIT binary patch literal 1412 zcmV-~1$+7*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>#bK5o(_F2CIlk59RrV>Z$=;kPH#*^07L``~L0V@g>2w(tE zw$kZ;?|_hGS>~5TN}XoB7mo;VpT&MWTrO=u(gm7syu_~3Xuv7crG{OO7hqg(4T-pD zDp3?ggR86TZxls`f1|;>=%Ro1emHplZaC}@E~5S*ir!w3s4;R4Nv#8O5jDm-Jluao zKuYDnaV71jLkI;2Ld87_&I#;sbxF}UKIh0rWRoko+ZLQLlq2%SnH1mTZjq3n)j)AX z!o{v#TZc*RW@Sf2aG5^ju4*(1cecCR_5XV=nYy>RyA28ii(PNP?i9~5z5|+nLu0v; zBeHti0j+mG`@Mc|*kNd?;o4=FK7GC+zin-(jK!IJB44Fx!X-%Im*B91ITYe>jZZzt;abWIyRab9`_p{V&^F z{$zdetoofLmuys+GS)fRIc5!Jo_jR=roUTV?iKsh-g!+h=NJVNL z8mi=+$F>(Q@v(wCRwMQLVxv->ZQolAN;Y`G)=!^r#zEgW)0Zu2ks1&=VA-l&DC6!P z6?L;sy;*N zZd|bH2PnG01cC{KD2?)Za{KMw^vPup>WkI!t+he6ZhDmbeO@-lxMpk@t9_BF5HJ%s zBA(EnEf?#}g02kzuA~DoQS3T(%2E(q#(8@Qacl3OnNk8l=4o?I|Du3>00EL7twy4| zS7tfM@-L*tF^a;fn*E8?<-7D&udc?NnHM`XsJ6~<8Rx6^S=6T5{U=(BYEk<8KBqG@ z5*^xWp%-u@KzL#qsyBrbv}!VAfwi#+aXiEdd$?htqVnsnsJ3T`@e1e?0ATiuSBv=Zl8j z#o?4Fsl{7;EjZZxgm1vd%N+r2Tbvg8LBI?}j>W)O))s-7looQO=Suxn%kEsKY}qNt zDDE)%w`>JtVExS0IOZ~*hRkm>cnNUnP=ciRNA}{_uJWw0N?q0lA-fAj)OM3aw~SLz zHiglwR($|ayrmWa1gW5bAdFirU|q~N?Sqz-N^P*>6ehcFD5sGiO~@@#k~?KiQy+!T z-^MCKQ*=}0k_IiIf9y|`%H!n1Qm85esCsv)nTvJGtu#%7RCPW<5_q^%496;!IUVt# zHcy0cHq~MS#$q*UBCOCXCq0TK#b>wENXThrEc4E zgoQP2eDRq}@{nvAB{8+EtvUj_;PT9IQ;@pFlqy{wjM7%&g?61PT18LSAle`%+HtS1 zF@ZXWe{gp>-~To}V;!aqg7Z1j(i#f#0d}J_ZTJctKKX>z^7J6QZA=2tjbvICM!YJ! zo~ZH#ebgLpJ2yGQFtsFT+9-eZ_G6o`z6Rr#hmW>oM1H*1?@G2fMJVvHb>LE4_bcTb zxJV8Diq=Bh>WD)xz@GZF&n{*kirJoS>y+^a+q;s^w%^Kk-q`qz{Pp+Q{x9TJUgcGO SeEBB;0RR6J^|$i?DgXdgg19*V literal 0 HcmV?d00001 diff --git a/assets/rancher-gke-operator/rancher-gke-operator-102.1.0+up1.1.7.tgz b/assets/rancher-gke-operator/rancher-gke-operator-102.1.0+up1.1.7.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0900aef732e764bb343aecc28b5b2d2716fe1823 GIT binary patch literal 2036 zcmVDc zVQyr3R8em|NM&qo0PH$#Z{xVp`&qwY;NU@?URSd0IPpU07T9JNcg5W$L6Tm(I4lC1 z8e6PsQOBX2b$$Nt1u5B<6eUh`Y0{#eFHxxByovKlYnJi^wLh7nuQJrkDBV3xm^Q(J z&E%WsfG`Zhlfl6K4a2bcw>LNn-}DB@!;|Bq;jlM&6ZVe#N4+-?J`499kdtBhP57I6 zHI@4>0hXr9Fe6k-kq5w;VNy*3&Ww>52-Rh|QNBpYFexKwJ1#!g@%tGwJZUAsQ5!K9 z7;kpBq9r1ZF^!;ObdH@?lxaRfe~y}jN+US@<9p}@{V)jq5dL5v-`U5*)~zXj)-OQ2|;-@wL zdEaAMw)wXg^n#%mBXKP<Qpr6I^ml$9(oCZnj^ zod}cUqkyZ~TJ3I4*a!3=m1~X^dH$oRZ7kXg`#~=Vf1hWCGOz8IF9ogff6io%^lS-W zNBj?my?!(P4~F~r{~|DvYQ$t2`i(^U1W*LWk2q$zG?zFLWb`6}PRH{mQ#>!viNzH& zHYqo0%oGWuEM}{-StP?I5zGr8^Q@O%X!W%q?R<9oZ>qM>ERKbZD@1f04{O74KX&4=oAf-jdZc%)XmBIKrUkJrYc6C zP$IV+yWYWpXP2(riqa7*SC--rf()oJ*mq! z&(5zuT?OW=`7LK`m;d*Vn*M(>JnHZL|0UqF${}HMEDxAHYze|;aVlJ%-nj23-7l9A z6fMGsO%VXAmG`k)09+@6HhZ_(pX#}Ptkuk}oE8hGt}24lOA7vHGVtrd4*$PNP-dtp zFxk^ffnEJy@94PU|HG61$=?580+!3}H!v5o2nY>~g+#N+@cqo1g(n!nH{I3B^Oj2= zVjPPUp;HtGH*rxN+~~4A=zzakIYcpr;HRR5EXs>@U(s4tY_?@uq-G4A|D$f_Nd!<5 zZvN?P<-s(*^Xys0y}uTn+d3Y>t&kE}97CyGk=R{L;aWYH?dh$pM_`0f-ImLhd~TEV zt&#l zb^*s@eDrtZ#!Z5YEmx@Lg5w9yRi2uEIbgl^SNiwC4*#!=ot{1o-r@g)UUUA_508$+ zz5l-iRQ;c28EswtqA=Zu83$s)(Gt&1+W&-LSx#y1d(!?$Mj3RjyP-y>VCVcaENwRLTku8OcjII2b2v$haxp&`MYarTyA z+oXHBym#Yj)v2&(h{kh=t5Sns&Gul7smwdQFdS}Hb)J5pzYyx$I#;P-B1OG9SUx;> zuUbHHM`FL$`piBsLiwOQa zK2zpGBcaQQ1z`!ZHp>0TFP!D9t-Up zeF1_%-KH4BXyF*t80UltjX{O1Ur2btOcFsC4c}aI6Ui=T{#NQB zb3b?3LSauM$*7j8NJB8mi zD2;OC48~C#OUL5a@4*=%6rGY)sr=yyw}p&F<4j77-G@sM#<|Hgg3@dApI<#}*la4g z#-5q3wXo9kpJCpD9Nl%-sS*Bhrs5#t6be7}h0qJI>k}c(u6u+Lg^79s@h- z|1zVqBBMXC2iVpB_l}zVf3F|z=YKB(wO@6uOaDf<+${g^`5|3POa0o~?O_jl*ux&~ SgMS790RR6^0WMSkFaQ9E^88K! literal 0 HcmV?d00001 diff --git a/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/Chart.yaml b/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/Chart.yaml new file mode 100644 index 0000000000..33b3fa200c --- /dev/null +++ b/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-gke-operator-crd +apiVersion: v2 +appVersion: 1.1.7 +description: GKE Operator CustomResourceDefinitions +name: rancher-gke-operator-crd +version: 102.1.0+up1.1.7 diff --git a/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/templates/crds.yaml b/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/templates/crds.yaml new file mode 100644 index 0000000000..aaa323f363 --- /dev/null +++ b/charts/rancher-gke-operator-crd/102.1.0+up1.1.7/templates/crds.yaml @@ -0,0 +1,250 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: gkeclusterconfigs.gke.cattle.io +spec: + group: gke.cattle.io + names: + kind: GKEClusterConfig + plural: gkeclusterconfigs + shortNames: + - gkecc + singular: gkeclusterconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + clusterAddons: + nullable: true + properties: + horizontalPodAutoscaling: + type: boolean + httpLoadBalancing: + type: boolean + networkPolicyConfig: + type: boolean + type: object + clusterIpv4Cidr: + nullable: true + type: string + clusterName: + nullable: true + type: string + description: + nullable: true + type: string + enableKubernetesAlpha: + nullable: true + type: boolean + googleCredentialSecret: + nullable: true + type: string + imported: + type: boolean + ipAllocationPolicy: + nullable: true + properties: + clusterIpv4CidrBlock: + nullable: true + type: string + clusterSecondaryRangeName: + nullable: true + type: string + createSubnetwork: + type: boolean + nodeIpv4CidrBlock: + nullable: true + type: string + servicesIpv4CidrBlock: + nullable: true + type: string + servicesSecondaryRangeName: + nullable: true + type: string + subnetworkName: + nullable: true + type: string + useIpAliases: + type: boolean + type: object + kubernetesVersion: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + locations: + items: + nullable: true + type: string + nullable: true + type: array + loggingService: + nullable: true + type: string + maintenanceWindow: + nullable: true + type: string + masterAuthorizedNetworks: + nullable: true + properties: + cidrBlocks: + items: + properties: + cidrBlock: + nullable: true + type: string + displayName: + nullable: true + type: string + type: object + nullable: true + type: array + enabled: + type: boolean + type: object + monitoringService: + nullable: true + type: string + network: + nullable: true + type: string + networkPolicyEnabled: + nullable: true + type: boolean + nodePools: + items: + properties: + autoscaling: + nullable: true + properties: + enabled: + type: boolean + maxNodeCount: + type: integer + minNodeCount: + type: integer + type: object + config: + nullable: true + properties: + diskSizeGb: + type: integer + diskType: + nullable: true + type: string + imageType: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + localSsdCount: + type: integer + machineType: + nullable: true + type: string + oauthScopes: + items: + nullable: true + type: string + nullable: true + type: array + preemptible: + type: boolean + tags: + items: + nullable: true + type: string + nullable: true + type: array + taints: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + initialNodeCount: + nullable: true + type: integer + management: + nullable: true + properties: + autoRepair: + type: boolean + autoUpgrade: + type: boolean + type: object + maxPodsConstraint: + nullable: true + type: integer + name: + nullable: true + type: string + version: + nullable: true + type: string + type: object + nullable: true + type: array + privateClusterConfig: + nullable: true + properties: + enablePrivateEndpoint: + type: boolean + enablePrivateNodes: + type: boolean + masterIpv4CidrBlock: + nullable: true + type: string + type: object + projectID: + nullable: true + type: string + region: + nullable: true + type: string + subnetwork: + nullable: true + type: string + zone: + nullable: true + type: string + type: object + status: + properties: + failureMessage: + nullable: true + type: string + phase: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/Chart.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/Chart.yaml new file mode 100644 index 0000000000..03666d55c7 --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gke-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-gke-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.1.7 +description: A Helm chart for provisioning GKE clusters +home: https://github.com/rancher/gke-operator +name: rancher-gke-operator +sources: +- https://github.com/rancher/gke-operator +version: 102.1.0+up1.1.7 diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/NOTES.txt b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/NOTES.txt new file mode 100644 index 0000000000..238173d1bd --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher GKE operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions GKE clusters +from GKEClusterConfig CRs. diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/_helpers.tpl b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/_helpers.tpl new file mode 100644 index 0000000000..de3b332f6a --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrole.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrole.yaml new file mode 100644 index 0000000000..7c352696ee --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gke-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch'] + - apiGroups: ['gke.cattle.io'] + resources: ['gkeclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['gke.cattle.io'] + resources: ['gkeclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrolebinding.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..e2af390c71 --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gke-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gke-operator +subjects: +- kind: ServiceAccount + name: gke-operator + namespace: cattle-system diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/deployment.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/deployment.yaml new file mode 100644 index 0000000000..dbf549903a --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gke-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: gke + template: + metadata: + labels: + ke.cattle.io/operator: gke + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + serviceAccountName: gke-operator + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: rancher-gke-operator + image: {{ template "system_default_registry" . }}{{ .Values.gkeOperator.image.repository }}:{{ .Values.gkeOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # gke-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the gke-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/serviceaccount.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/serviceaccount.yaml new file mode 100644 index 0000000000..ba52af6280 --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: gke-operator diff --git a/charts/rancher-gke-operator/102.1.0+up1.1.7/values.yaml b/charts/rancher-gke-operator/102.1.0+up1.1.7/values.yaml new file mode 100644 index 0000000000..eed6f00928 --- /dev/null +++ b/charts/rancher-gke-operator/102.1.0+up1.1.7/values.yaml @@ -0,0 +1,22 @@ +global: + cattle: + systemDefaultRegistry: "" + +gkeOperator: + image: + repository: rancher/gke-operator + tag: v1.1.7 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" diff --git a/index.yaml b/index.yaml index 0f0f32ebcb..f90f09d9e0 100755 --- a/index.yaml +++ b/index.yaml @@ -11233,6 +11233,30 @@ entries: urls: - assets/rancher-gke-operator/rancher-gke-operator-103.0.1+up1.2.0.tgz version: 103.0.1+up1.2.0 + - annotations: + catalog.cattle.io/auto-install: rancher-gke-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-gke-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.1.7 + created: "2024-03-28T15:43:07.472420337-03:00" + description: A Helm chart for provisioning GKE clusters + digest: 149fd387311fdf9f06229e5780fb01dbb95b69e9927f50834cf2c894857329af + home: https://github.com/rancher/gke-operator + name: rancher-gke-operator + sources: + - https://github.com/rancher/gke-operator + urls: + - assets/rancher-gke-operator/rancher-gke-operator-102.1.0+up1.1.7.tgz + version: 102.1.0+up1.1.7 - annotations: catalog.cattle.io/auto-install: rancher-gke-operator-crd=match catalog.cattle.io/certified: rancher @@ -11432,6 +11456,22 @@ entries: urls: - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-103.0.1+up1.2.0.tgz version: 103.0.1+up1.2.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-gke-operator-crd + apiVersion: v2 + appVersion: 1.1.7 + created: "2024-03-28T16:30:54.281332103-03:00" + description: GKE Operator CustomResourceDefinitions + digest: bfbf721d13fede8924fc62a01a8c5610f2192fce984b90d566b8c747923ae8fb + name: rancher-gke-operator-crd + urls: + - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-102.1.0+up1.1.7.tgz + version: 102.1.0+up1.1.7 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index db84299cf0..fca3393f55 100644 --- a/release.yaml +++ b/release.yaml @@ -6,3 +6,7 @@ rancher-cis-benchmark: - 4.4.0 rancher-cis-benchmark-crd: - 4.4.0 +rancher-gke-operator: + - 102.1.0+up1.1.7 +rancher-gke-operator-crd: + - 102.1.0+up1.1.7 From 4820fae6e24cdfc1a59c844a4b2da8f79cb5a856 Mon Sep 17 00:00:00 2001 From: Nicholas openSUSE Software Engineer Date: Mon, 1 Apr 2024 12:45:39 -0300 Subject: [PATCH 4/5] [dev-v2.8] Forward ports rancher-eks-operator 102.2.0+up1.2.3 from dev-v2.7 (#3713) --- ...ncher-eks-operator-crd-102.2.0+up1.2.3.tgz | Bin 0 -> 1210 bytes .../rancher-eks-operator-102.2.0+up1.2.3.tgz | Bin 0 -> 2036 bytes .../102.2.0+up1.2.3/Chart.yaml | 12 + .../102.2.0+up1.2.3/templates/crds.yaml | 226 ++++++++++++++++++ .../102.2.0+up1.2.3/Chart.yaml | 20 ++ .../102.2.0+up1.2.3/templates/NOTES.txt | 4 + .../102.2.0+up1.2.3/templates/_helpers.tpl | 25 ++ .../templates/clusterrole.yaml | 15 ++ .../templates/clusterrolebinding.yaml | 13 + .../102.2.0+up1.2.3/templates/deployment.yaml | 61 +++++ .../templates/serviceaccount.yaml | 5 + .../102.2.0+up1.2.3/values.yaml | 22 ++ index.yaml | 40 ++++ release.yaml | 4 + 14 files changed, 447 insertions(+) create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.2.0+up1.2.3.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.2.0+up1.2.3.tgz create mode 100644 charts/rancher-eks-operator-crd/102.2.0+up1.2.3/Chart.yaml create mode 100644 charts/rancher-eks-operator-crd/102.2.0+up1.2.3/templates/crds.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/Chart.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/NOTES.txt create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/_helpers.tpl create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrole.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/deployment.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/templates/serviceaccount.yaml create mode 100644 charts/rancher-eks-operator/102.2.0+up1.2.3/values.yaml diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.2.0+up1.2.3.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.2.0+up1.2.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7b867c706a3055245a30e37726d46f6b4716184d GIT binary patch literal 1210 zcmV;r1V#HFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;`QzJJF=XpPc=U&@{O(0w+Z#UuEVXmb&7kclCS8UvPZCA3x zou`2BYPT53kR3=IigK~T z3-*}RZniuWTAA>zR_l;5<+*dc>*p(F5_`q9y9qS{V<&guI*N^okHD#~NUW?Gig`Z* z=dSej1BEtH;GCu(#P4WE)80DPAh0ikwFGV9u`*;(oW^jeiQR z#M;;UZ|r}MnbY8r4<#kM6A|3q|GmL+?|7~M-@lKK-uizZvRd@u6n^t)^8dIy`-Su7 znfIcZGRd&9#-j{9B;XMGnSDd;7kPB-Nttv_nJ9J|7J1}tn#Bo^#%HIb=17mUJF!+Hm^H1+oF$LRrqR2e znq~Y67i|VO3lk)R9(mcBEgIK0O_fP67H+d7gis!{n&o=|?}XgaT_A$Rn$Fk+f6IIR zA-*=(d?^XCB232Wdre(#8SahS%6LqRp{NE)@oWz;DEnic)>h$zaT?xWE~yJG0MvI; zDJp{$&uSX5%`lW<4@P3%0#A#iVS>7$2!((oDZZbeKi^ZZTYI#HPY;UCPX0#e8)6Ga zPA{qhCM9v95}0uE|~Y0C#yF76}vqmi^IuUy+qGNTNn{Nllf%O8|qMw%r#Iw^Uhxod3vwB;ecdZCv&|g`amDk55@3)yPHwA8&I$j!sz8I=oE9DD& ziW=+gSe~2bb45OYJ})b|y<)5FnvKQcN0?;AHhW7sXRfS-$?`ONowtgP#lQdU?Kjsq Yd6PGJljk7+2LJ&7|FQYCjsPYA01M+*TmS$7 literal 0 HcmV?d00001 diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.2.0+up1.2.3.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.2.0+up1.2.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..862ff8bad18095d5c86c702c5e892b8d7d794794 GIT binary patch literal 2036 zcmVDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUf*ba!MKT%7ym9B1)GXx*Y9Ht1s|+i!r#oR zt=xYJuryVM8KF{&JOIuNlWG=lW{ku@s6NY$@P z%b~}ztol0$hQY{-k+>F_aZB&uTa*jnHj=f+H=pvoLhwrYSGz58xvXUjnWEA!L zGhvc^5^%NHsNHV}dygKZa?Oz<&wntr%A$jC7z~5(_jy(*^U{9#T+kW+mrUkJPnH07 z#Q*SQFl@*F@yR~^KMTyHnlM?0ek0Ld0TjXUJx*CJ%_YtR8GRE$ujhFKj%Ut!FLrqa4GBf zcV3C*vM&7e*|P*Mv`|`@n^Vb%&e#G=6)?7RW6Y$wvFZd~*2Z);dffBx^nZhkOfrMi zKRf^U;VLj+&2KqlyZnDRYWx53$>?bB|IY!RR1OJSVtK&qVM`D$i&Nq9bmhKPx?imz zC|ZPfRS^K|wfDYW0DMdYReQJDpPIRUs@1}-oE8hGt}24lOA7vHGVsg74*&m>pv+KH zV6w-T0=xRZ!RV;v|0lKg+z0c;oF5Z3r{eDZ~E)C=dD&g z#5ffxLa!(ezQjd!@I{y9K@a@(+98T51V0ufWKmvh`ijo7qS}^ek(w#={*U^-M-f0t zSpDg3<-s(*b?sTjy}uQm+a?~twU82697CyGk=R{L;aWYH?di3xM___dU6;$Xd~TEV zwbFB`SWLiGE-fk$PcY79k<3k^2)ppFTY>&#l zb^)hT4_IyzrNuv82nyzJsGL+S z(6E>pX1l*)D%0xr?i{-5T%sE{`oJ>rXRY$g_Cbe-pUXyaGs%IU4hgwNL*=a{>WN#P zp*egFhfDEr z)fsvypZo*4ag*R;%N6RS;P{Snm8a%c2dtNVO8-9C;s3R<)8nVXJN$n<7!KR{e{?k5 z`~P!5-TzsZ(bm=9SC9UVOkZTI2l)?W$n9p0nG~E+1OpFX(@_-TWA_H}dpE=_769g0 ze=ApYEjT9+U~@>z-8B&{$OfSuqyRPoT4+ssS0GX@^Z2fAD1cue6={sAfj4lw1+J4T zZi7*u*g|$=`~q!Sww+q9OW_)m<2z()G>p5%tGBM5($x`m2uF=5d)5_VEwm)KHO}4= z?3#41R(Eb(uX{BXEzx-Ha8+vXtJxlmDV2F=5QZn!s?O7Q^jAXNSm!D=Or)r*gXMQ8 zk^+i%Blan6&gwnGlK|H1)v7W|?KMl_=mgu>E3jTi_o5m$+iG6Qagj@Tp`_q95&UI( zrp$##LYE5*z;wB_%0{nmKYqOUa&dY7_fOTWYR*s-p?Z;1XIrOn^*|zYCzZ4F2aqV= z8Fd`onPePm@nxxGzQ7;cwx}kfrR+xGvCz)J zZ$J>J>l9;{+&Bge#yOz|Qoz4xOc*6@mPC-C#-K*lFC@HRCW)YrhF7n*iDaKMe=Bv6 zxz8N7P}tK*@*8-5p+WM|jp!CN4=U4X|Hk*sS zv1g`lEvz*CXPCDjN4H(}0i27Tx_L~?i1dSsF@kU$hD}M`jE=YP)vjjy^krGKkiZkPXed`Q<(3B9y-d)UJs_OOS$ S;9mg%0RR8tO3xkuFaQ9J#{NeD literal 0 HcmV?d00001 diff --git a/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/Chart.yaml b/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/Chart.yaml new file mode 100644 index 0000000000..1ff18e0eb2 --- /dev/null +++ b/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-eks-operator-crd +apiVersion: v2 +appVersion: 1.2.3 +description: EKS Operator CustomResourceDefinitions +name: rancher-eks-operator-crd +version: 102.2.0+up1.2.3 diff --git a/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/templates/crds.yaml b/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/templates/crds.yaml new file mode 100644 index 0000000000..f1c4534210 --- /dev/null +++ b/charts/rancher-eks-operator-crd/102.2.0+up1.2.3/templates/crds.yaml @@ -0,0 +1,226 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: eksclusterconfigs.eks.cattle.io +spec: + group: eks.cattle.io + names: + kind: EKSClusterConfig + plural: eksclusterconfigs + shortNames: + - ekscc + singular: eksclusterconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + amazonCredentialSecret: + nullable: true + type: string + displayName: + nullable: true + type: string + ebsCSIDriver: + nullable: true + type: boolean + imported: + type: boolean + kmsKey: + nullable: true + type: string + kubernetesVersion: + nullable: true + type: string + loggingTypes: + items: + nullable: true + type: string + nullable: true + type: array + nodeGroups: + items: + properties: + desiredSize: + nullable: true + type: integer + diskSize: + nullable: true + type: integer + ec2SshKey: + nullable: true + type: string + gpu: + nullable: true + type: boolean + imageId: + nullable: true + type: string + instanceType: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + launchTemplate: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + version: + nullable: true + type: integer + type: object + maxSize: + nullable: true + type: integer + minSize: + nullable: true + type: integer + nodeRole: + nullable: true + type: string + nodegroupName: + nullable: true + type: string + requestSpotInstances: + nullable: true + type: boolean + resourceTags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + spotInstanceTypes: + items: + nullable: true + type: string + nullable: true + type: array + subnets: + items: + nullable: true + type: string + nullable: true + type: array + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + userData: + nullable: true + type: string + version: + nullable: true + type: string + required: + - nodegroupName + type: object + nullable: true + type: array + privateAccess: + nullable: true + type: boolean + publicAccess: + nullable: true + type: boolean + publicAccessSources: + items: + nullable: true + type: string + nullable: true + type: array + region: + nullable: true + type: string + secretsEncryption: + nullable: true + type: boolean + securityGroups: + items: + nullable: true + type: string + nullable: true + type: array + serviceRole: + nullable: true + type: string + subnets: + items: + nullable: true + type: string + nullable: true + type: array + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + status: + properties: + failureMessage: + nullable: true + type: string + generatedNodeRole: + nullable: true + type: string + managedLaunchTemplateID: + nullable: true + type: string + managedLaunchTemplateVersions: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + networkFieldsSource: + nullable: true + type: string + phase: + nullable: true + type: string + securityGroups: + items: + nullable: true + type: string + nullable: true + type: array + subnets: + items: + nullable: true + type: string + nullable: true + type: array + templateVersionsToDelete: + items: + nullable: true + type: string + nullable: true + type: array + virtualNetwork: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/Chart.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/Chart.yaml new file mode 100644 index 0000000000..aa13479af7 --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-eks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.2-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.2.3 +description: A Helm chart for provisioning EKS clusters +home: https://github.com/rancher/eks-operator +name: rancher-eks-operator +sources: +- https://github.com/rancher/eks-operator +version: 102.2.0+up1.2.3 diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/NOTES.txt b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/NOTES.txt new file mode 100644 index 0000000000..23a1b4a8bf --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher EKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions EKS clusters +from EKSClusterConfig CRs. diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/_helpers.tpl b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/_helpers.tpl new file mode 100644 index 0000000000..de3b332f6a --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrole.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrole.yaml new file mode 100644 index 0000000000..d0d561b6ea --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..2b1846353e --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: eks-operator +subjects: +- kind: ServiceAccount + name: eks-operator + namespace: cattle-system diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/deployment.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/deployment.yaml new file mode 100644 index 0000000000..f63054b2e6 --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: eks + template: + metadata: + labels: + ke.cattle.io/operator: eks + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + serviceAccountName: eks-operator + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: eks-operator + image: {{ template "system_default_registry" . }}{{ .Values.eksOperator.image.repository }}:{{ .Values.eksOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # eks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the eks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/serviceaccount.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/serviceaccount.yaml new file mode 100644 index 0000000000..934de07e0d --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: eks-operator diff --git a/charts/rancher-eks-operator/102.2.0+up1.2.3/values.yaml b/charts/rancher-eks-operator/102.2.0+up1.2.3/values.yaml new file mode 100644 index 0000000000..335b1cfabd --- /dev/null +++ b/charts/rancher-eks-operator/102.2.0+up1.2.3/values.yaml @@ -0,0 +1,22 @@ +global: + cattle: + systemDefaultRegistry: "" + +eksOperator: + image: + repository: rancher/eks-operator + tag: v1.2.3 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" diff --git a/index.yaml b/index.yaml index f90f09d9e0..80b421dee8 100755 --- a/index.yaml +++ b/index.yaml @@ -9851,6 +9851,30 @@ entries: urls: - assets/rancher-eks-operator/rancher-eks-operator-103.0.0+up1.3.0.tgz version: 103.0.0+up1.3.0 + - annotations: + catalog.cattle.io/auto-install: rancher-eks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.2-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.2.3 + created: "2024-03-28T15:38:24.507973097-03:00" + description: A Helm chart for provisioning EKS clusters + digest: 9591d7806d6d26bdb857689b33439dd8f7436c38c8e6de5b91418fb2e26fe16f + home: https://github.com/rancher/eks-operator + name: rancher-eks-operator + sources: + - https://github.com/rancher/eks-operator + urls: + - assets/rancher-eks-operator/rancher-eks-operator-102.2.0+up1.2.3.tgz + version: 102.2.0+up1.2.3 - annotations: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher @@ -10170,6 +10194,22 @@ entries: urls: - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-103.0.0+up1.3.0.tgz version: 103.0.0+up1.3.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-eks-operator-crd + apiVersion: v2 + appVersion: 1.2.3 + created: "2024-03-28T16:26:11.924035156-03:00" + description: EKS Operator CustomResourceDefinitions + digest: 5f1cd509c1a68df0f7648cc7d5fe2e643ddd2f4d3093c2c32924d9e0c57ee444 + name: rancher-eks-operator-crd + urls: + - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.2.0+up1.2.3.tgz + version: 102.2.0+up1.2.3 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index fca3393f55..1026ba2e3e 100644 --- a/release.yaml +++ b/release.yaml @@ -10,3 +10,7 @@ rancher-gke-operator: - 102.1.0+up1.1.7 rancher-gke-operator-crd: - 102.1.0+up1.1.7 +rancher-eks-operator: + - 102.2.0+up1.2.3 +rancher-eks-operator-crd: + - 102.2.0+up1.2.3 From 0d2ee21c94bb3de95927810ee3cdaa9f115df54a Mon Sep 17 00:00:00 2001 From: Nicholas openSUSE Software Engineer Date: Mon, 1 Apr 2024 17:03:05 -0300 Subject: [PATCH 5/5] [dev-v2.8] Forward ports fleet 102.2.3+up0.8.3 from dev-v2.7 (#3711) --- .../fleet-agent-102.2.3+up0.8.3.tgz | Bin 0 -> 3063 bytes .../fleet-crd/fleet-crd-102.2.3+up0.8.3.tgz | Bin 0 -> 23718 bytes assets/fleet/fleet-102.2.3+up0.8.3.tgz | Bin 0 -> 5224 bytes charts/fleet-agent/102.2.3+up0.8.3/Chart.yaml | 15 + charts/fleet-agent/102.2.3+up0.8.3/README.md | 8 + .../102.2.3+up0.8.3/templates/_helpers.tpl | 22 + .../102.2.3+up0.8.3/templates/configmap.yaml | 12 + .../102.2.3+up0.8.3/templates/deployment.yaml | 51 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../102.2.3+up0.8.3/templates/rbac.yaml | 25 + .../102.2.3+up0.8.3/templates/secret.yaml | 10 + .../templates/serviceaccount.yaml | 4 + .../102.2.3+up0.8.3/templates/validate.yaml | 11 + .../fleet-agent/102.2.3+up0.8.3/values.yaml | 63 + charts/fleet-crd/102.2.3+up0.8.3/Chart.yaml | 13 + charts/fleet-crd/102.2.3+up0.8.3/README.md | 5 + .../102.2.3+up0.8.3/templates/crds.yaml | 3453 ++++++++ .../templates/gitjobs-crds.yaml | 7714 +++++++++++++++++ charts/fleet-crd/102.2.3+up0.8.3/values.yaml | 1 + charts/fleet/102.2.3+up0.8.3/Chart.yaml | 22 + charts/fleet/102.2.3+up0.8.3/README.md | 30 + .../102.2.3+up0.8.3/charts/gitjob/.helmignore | 23 + .../102.2.3+up0.8.3/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 51 + .../charts/gitjob/templates/leases.yaml | 23 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../102.2.3+up0.8.3/charts/gitjob/values.yaml | 31 + .../102.2.3+up0.8.3/templates/_helpers.tpl | 22 + .../102.2.3+up0.8.3/templates/configmap.yaml | 25 + .../102.2.3+up0.8.3/templates/deployment.yaml | 102 + .../job_cleanup_clusterregistrations.yaml | 29 + .../fleet/102.2.3+up0.8.3/templates/rbac.yaml | 114 + .../templates/serviceaccount.yaml | 12 + charts/fleet/102.2.3+up0.8.3/values.yaml | 83 + index.yaml | 62 + release.yaml | 6 + 41 files changed, 12163 insertions(+) create mode 100644 assets/fleet-agent/fleet-agent-102.2.3+up0.8.3.tgz create mode 100644 assets/fleet-crd/fleet-crd-102.2.3+up0.8.3.tgz create mode 100644 assets/fleet/fleet-102.2.3+up0.8.3.tgz create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/Chart.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/README.md create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/_helpers.tpl create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/configmap.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/deployment.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/network_policy_allow_all.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/patch_default_serviceaccount.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/rbac.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/secret.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/serviceaccount.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/templates/validate.yaml create mode 100644 charts/fleet-agent/102.2.3+up0.8.3/values.yaml create mode 100644 charts/fleet-crd/102.2.3+up0.8.3/Chart.yaml create mode 100644 charts/fleet-crd/102.2.3+up0.8.3/README.md create mode 100644 charts/fleet-crd/102.2.3+up0.8.3/templates/crds.yaml create mode 100644 charts/fleet-crd/102.2.3+up0.8.3/templates/gitjobs-crds.yaml create mode 100644 charts/fleet-crd/102.2.3+up0.8.3/values.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/Chart.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/README.md create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/.helmignore create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/Chart.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/_helpers.tpl create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrole.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/deployment.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/leases.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/service.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/serviceaccount.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/charts/gitjob/values.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/_helpers.tpl create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/configmap.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/deployment.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/job_cleanup_clusterregistrations.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/rbac.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/templates/serviceaccount.yaml create mode 100644 charts/fleet/102.2.3+up0.8.3/values.yaml diff --git a/assets/fleet-agent/fleet-agent-102.2.3+up0.8.3.tgz b/assets/fleet-agent/fleet-agent-102.2.3+up0.8.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..11c47f5b108caf35aedea56bea76e6ea4b927272 GIT binary patch literal 3063 zcmVDc zVQyr3R8em|NM&qo0PI|CbKADE&S(CL9eO%xdQIxhFB#6gcgELodeh^$9y{%sGifFR zkt+!`2(SPsS5@`j&j27PlA^67b?wuR_Jb?|yTAg(?mk!oo-jlmkSTKAJDm}!!v#s% zvj?Sqzu!MPIIw^F{eJuJpno)YHaIvuJ{lem4-N*;`h(Hv_~;q*A6AWS%9SSaS^p3B z)gIhmgb3$C6HNtIkp~bHO_-R5G0~b~NJTG3sp*7b5`iQ6o#2A4q4BWa^3#Bpb6cH){ zMtS~gXKjWurCJ3Q*ZwW#iMUmr+{M6~$`8ZiLib^KkLnT`5`}>oLIgE)^GHU2EE}8; zJ(6YB&wlta9C-<Zup(jvkci{(nwbj_Tn9 zz!v{M8V!eS|9>>v`Ts{Dnvy9R&u=`TUpT>i>k^F@mzW7fwUCR-{rBo_0zi{#1as#b zyghg~L&)+mqcQw&bq-(1z{}G=;+{JWc=y1ZTN?)^9X#uRL3-*VG77&kzfLLnU|WKo_wK> zp|=NbCcto_0n>H6ColP6S>xnnppJaRXLGme?|+XL`;cBxTSjLIo3C? z>O-qSdt3Y#tx`^5^V_vxD=*e~psS@=a7}3S+zKJp9K6C65LdOTi#yOp*-i;N zygj(I!5tD|Coi56K6MLjj7;2`^{b5*IcKO8EJO|x31bWU$l-QIv@J9PO$6mrk8+KY z6J|`(b#s?C74}K(f=sR)(74zL<>mB<1h0`{tc3)^&GKOA2CQHr+~c+qkYL8dA~nLc zA&WMQMtgg3Arb_)9IR9(67!hpl&8)i?Crr7PS$pMQ`vw4Ac=@oFIOmoX-*UD8La|k z)uMv;th@&eWg}RwT)XE~X|qgBEtn^)?OHDeg7CG(Uvet3VR#m29=$NGYCYfx-hc3n zX0c{}uYq|00o>psvWIR-R#`69|8Fn*?X=w`Sm`0g#2y>GmKIv~3S6O=KFiHgBFCu{w@#k$s6s(sI} zxX|s2>oHObxE1n-36dy?Ma~inQ40rHz%8M$-lF$Suh6fYWLp{7=um6ijj3?lem#p} z9A)W%D_CCoUw`d@P4TAtZp}=m8mb6KPKRcQSZ7gcEj{&`-OEuzANyfbC#&2Jj&qz!v)-9v=7G_J24W?Ck$BsBZ5h%T#YZ@SIP0wN3)u?*&wbu}xQ$+gfXW zDbexlyhs~4yCqrHlmsZ3Tp?5I#}I3XcQyb}c5kRi{GhCa3}~6JTL=pMFHYW`U0esk%6ctD8r2E`CKOp>HvWy$qWqHRSybsARw<~8*X38?`Epr}^&X%d!fLhlXjV2{ zZ;V%~s9mYabhUb3^|twN%9>cDDd9ACtxRE@OR5*Af@}O$*JqwECT=e!ol}NWJX0}Y#JwPMxqvmNM3Q{Z z+2TqF{hBg#lOBPVd7UjQ+e$W@h)G7qlu=DlH6MQ>Mb<0{;N<+gIjVZhQYhy%#*;V} zIoF#>y5jjYvqMXuJZ5=v7hVtHci@yK$Thr#%}v@mc^5Xaf0h%p_!mjpR_5QK-9uww zjilNg8aFmNpP_Vp_q9#uI`5q-7hQ3o?^@$`EgwVU*!K6GR^gK(b`cl5KHmpy!~gxm zw*3!>JNtheYTN(VJo&ZFe<#KrmTs3v`5KaV0IgGG0R9YF8md`uCd7>&K_-+AC|8;= zw(oxB*;JAQH`#*(8EOoiG5ZnNLY2ocVuHy&jBz3)2DUhsX#1`FMsr6|-yD1z1e0hM zgmzxeIK8<&@dkJ7F5HCJNpMsEe*bd-e>*8&y!Wa>f3Vp9EEc|*eIN%9M=lGHfH%ez5kE$g!1W^sUM6B zY4f8<3YG)8M-dNTbN)VO)>J47|PXB<1mv)RVxor$L!&88+@1FF5Stb>`l(te|YDk$y@*n_F=F4exh_mK*vfzcae z3m{C1IvDcneLwZu+|i#;b^m{LcJk`&S(qjd+{ZTmKNyZ${(pEpJl^^L$DqBv;##A- zQU3qPQn3FA!t>7NC>O3aD7+LT;+88dk)+L|^)lx`cyWD9&xp2f5pqsrgC}e*xx9|( zx{C$ZQZR-x1nXs;C{^&YakPXBJws_PfQm`|*3(*0RhKghPrRvI=y}(g@PshI%bs&( zM017iil+1K6Cs@jfx8l=F=^Zu4B@qqkP3;ApeB?lP>AsUKA8_+mp8@SMf=({{6f8; z&c4@b>qY1}g(-(CCklx`WrIOe{e2kc8tkhuRGs(u6l79NB}r4FX-pVfgr4`VdK!s{ zbHnCtMw(`kYw0eAm9zUk5i#82SW%7l4DChu)Ju9tJKE8XcJvAK?*IS*|No%jrK;N>TKM4*C_nyreNq0P)|UV<7)r>p$+&T{8ZfIc7%8!uX((~B$*ZWa z$*NkK>suSSDJ$CWN*G&O{kZ6~aoA^zW5`nvSsyIW(9U!B0` zC!XF2_j)YTt0Og(1%ml8=G^qy{uNeWG@2yg><9m@VM}>m?oSbxs$ZIcJ2;Vo64mlf2WI@7Abd*& zkQq?TaprR#j0YJgKhey$e|A15_L~$mr3q41eAw3)^?a4XPPz6JJyTU26ZLMttHvzh zWPknpS^9My6fUxLk||Fu;cLc0GvkW7IsXAP{;aByCVfMt;px*;ck$^H9sTKe-!J%+ zONEE|P~Il&DGy$z2D9XZWm#;B-#@7}Y!{|T>#sd6ysH+Em$6KduGf>cRtBwCgI3Q^ z>>^f-4{a(_fR8GXLjiid|L_Q{N=XOD=jX{=KK>{1G*!Xt+SkL2ZVe0gr5{j3=GT5Q zKM&s*KThx+Kg4_X$zIs`?=hv2mZ%m60w^dGGk5e}9%h%$SdAa>`d*)~6ZHw0Guwky zr-|?^Szq|xuQ!9^+4z}X$^2jUOc`HnIuVhebQf--JgHA#Rs{4KJS_j8MZ%f zuEiZ@(k6F$E8=e_+a$|O(dgCEv}@59?T1tuOskV@Mqma;U)rnrW$@m$Xlf^*Ds3Bo zp;oZDz_w>o6C_CqT27&4rw#j9xL5x`xL^u2TFzF{b)z(flDTj-p!x;lT&)9aWP>5^ zv%4nYWXde@pz8JlA2ONGPsU*EW`1>Q@8KF-Y<6>4ohLL{h3R4F!#+GEK=K;Df|u|; z`?L;^c+~*YQ{4>)YhgB^Sb&g7#A}E;#q0_B5)`tM>)eFoLdJ{L8^}j>PgkM51C>=`z>CixJj4!Ow$osX)Vi| zh2&fGVG%B8J#R*yuiQ%PXDi~kE|-yea*;CMoA4oxyA7daptq|v6GsMv^%t=v^nW%L z8@EeOiYJAss><-L#(JLHOG)~!fq2}DCi9#?rk83xL%UD8|H)v|Y z)uf3bmj{0wLro<{2rg$B2D=P$wu@>ZyId;+N$U;{Yh>}7HeU-){4*(r@hy`X4Tt_9 zRp)(uU~|8JJpbkY`V8*IrTaSHR^|V=`F{9cQCMG}!#-c^>Dqu8NmUfR6;{tS#GHH7 z>fKo@&EL;BM%H8q(y=T6g%38iP3sx_)gBvb`06`pg`Y4d{fWEh4AnHc!SjWu+N^uVXE)*uuRkPOvw4lO zs*cP4TjJu`BhuLcAHQ@oP9*aNm|p z7S%X8X;wHVl>p>5d z+kvGXe)hNNs97A3YnYsPtCt(lZzb)LdYv3m{IYXck_?|uW8r=@5wOz}cQvKjg2U6# zT#bzkPCCgijZI|Eh+sAIp;^jz z%2bS|RoChCN(;dcoCZT%hw>d{6V$8q(nnIesIq(0uT7!;fhc;tCnClYW~Km**Dr}P z?ztSexkX}>lIHsYGl;*RwjR~#3uM=Sdi*Khx)`9ap^YG9Crn`tF?hMdE4;zve(2;o znTW8Wg|dQU_tBj@V5?sZJ=QI=(z`;uf{)HW&Frl2V+BD(b98}&zxjM zb1(VfFn}G-XSoN+o>3GO2EZF*C^JI5|EWA*(ZS2}^EMi~@-*&)X_*LnggJt8M@4SQ zID*=+Gq+4~0F_VIZ8jBhNx?fl5H{jy$-+-O-qG>x1z|^kh(p`?GhR}qhcV1UH|#DE z5u?7`pDO}E=PE>{+dhzlUsy`zy?Ck8Zt_R!Z40M@5518Nw8L+!z+DOOOqOQ_r6TOd z0kjVxJvEYGH->&+VAfO^XA`y9@PfXkAfAiwng zp24lexpi|&A>XhV?IL$U3JW&6y#%=Bbs2PLwu@=1+f2{1EJ2j$O;jbof z3S^Z79donEXX3lJ{z$BAC--W$SpCILXy5Kqtpw_K)Op)&pm`~@{GMy>{r7Kt+8WdX zwZM{oDCPW-5M%CmEPabbsq(}VsdNg^lLKwLSWBh|(ENjx2fxEbUVPUv1->nZKQ>u| zrCeR4EAuA*iE-Uqc{@4?rSqhsQ+&{1M*VuUZ9T75JZLj5Hu9IXQfgw6BFIL8OEFYR zDZOLEo2;AqnkVx5T(7LLCYQ35xkA>O)oIJc%A+0FZ^O9hrN&6sWXVPBx;qJ>u-i9{>T$(wwC6I1g@P+Y8Uj>5(Dh#qmB3~2+|bLPO(Dvlj*!TT3FWLYWg@@y z8mUoZo{IJ(T*2Cdg4WxRFG9-oudEzF0!iygDC7Q86CCT<3E~GlVIYDCrDavkGO=eD z#dG_HI9Xv+0naK=WAewG9nV{1u=A!uXgqOTTMyb9vTG-Te>thH#5Jy#YfGOGpDh$P zJsdB3|GaWzA5bdiY-|wy&3fOM8OXM;v;H;-*4fk?E7mdP)D=tC?rqqMz-2UzoHuDF z&mf3oVV+N6V_1xt7ipFdjkWn>Pxy*xj^hZ*SCM5^|LrAjQcFGtJ#v!053v{{|F;Q+ zA5fS%IRR#7mad|GoZzSzUQpmmh!_G$JoK2_y<>p7hn8J)PCr|{{CZ>2;KKZ)d%j!o z7lK6Hnn|p(TrPw0H#z8}8YaU=qbYnK$DgOG9%oQnl zDEs5>763G`6n}=--)TQn@>4M5`w)}Cx%}hiOpFO9PHwW3Z(D@g(mv@AQ%s)>lYGYJ zv}zrP0~VkDrK_60ycI%bsAQj|6G`7qQb~A>OX*bPhwIe-z8Q#&_IjDCgf8v+LwwbZ zOnz&r7xQxX@>})^t-@b;{;!wyxLVJ*;ck4|!w-KqDz8@SxU3(-dU8`O!_Fd}2H zy@U77WqdMt?AY+aZy^yWV1lDT zVlFvHyF+iHBdQFC0H)*0L@d>LQzp8a^RytBtZA*lUY9@F zNcNVGW0WX4kz`0MW6;z&DI=iq2d!(lwTh&y%&2_jnsXu--z2J>WOaSfS4}vMgpv{p zwXQGQa2=VceV7;RBmytFB!`tks&GU=uwSoM9)+c#E}{fvHM>H5@y~@Nn?>1YNUchv zs<$O7yZmGj@4_aG;$iJ#?W)#pZF0G~q1A9#l=L{Dk)iQQMc=bh6si$ki>uP>B@GAg z_NcchR#2kNX?p$BnQHcVR>5k51>hi^Wgny6XpTOhNNF z8jRFoi=7V+wdT$8eGJ_i+7F!$N~Z-E9)w=2xEflgMXnx%9>U8g0De`d|Rwk#xo zx?1aGO*Dhr@semlk#EN~Xvo1V8_Ht2(c%|xKk9WCebKJDUo4kjqw?B)*M^Nle~{dgZ<)H3Y=9J z(E;P)kWAKFtlt$`m`$p^^+z?Z*2~_{qMD@b-X>;nK4yw-uMQYUd_{7j_WiF|)MNUa zV3oSdEkYCX|c;p$(2QJs$NXW&lY&lY!1?gu<%)rd0S5L<^?w-Px zoRvrJnlO(7scwG;h*3@MZ1z<;=&B>eZPb2+RiW8^Z-&kIxl0IJmTIXRuXkt0w@--q zOR-iS8sjzPtm{L1e@R_!fL4;qRO_z87eU!~GdC^sY`FmIltaQ?-j<~oHoD(@29~zK zI;n*P&Tj%S$j*KdhWT=+h8Pe`+*IUYur;Eo`hvkXR28F6*4VdXY24L`6Dx46{Xj1& zvYtE~j+5qgyl!8|*qV8@A1-Robk{7s2!mX2<#sIAI4W7~yr^pYb+UoO#qN^L;Am|< z`~!Vhv3CVmP59VERU%+&Qk&dDnja!FeK?&T=Vqq$1xQVKgs`&lfd*r!F=(c>6-?;Z z7vs+Ykul!^A#|~y&4(T8B&Do{_6ku)) zX9e#sw)-v%C6-`)IE6Clkbhhm_B@IvcZaIw`=dK0-z-X0W1Y*>uz9_`*RF2rXB$ix z!;kr!-mVwMvbmzMdx3SW&qo`0Zn#s7$=N$%AQ#{xF}l3M&LC6#05KVdgHWjL=?9eP z^)AMYv4_*uHiT2>=l7ysDtToLKWD2Rl~}B$zK&5591YWM@ps2je(4puYL;vzc+XP* zh-F8i@PG-P<(|MbdH5@CCNbUJb-4Ds584#zUfgW#38K2Qkmnum>#r?#q}5pG&pA=X zx-XRS=+hS4m2l!yCgVU<(CoNETBnwtNoS!Qlal41>=uDNlNt8REM)9GrmC=@iR{4^ zbdKR!P0fD(P~PKi@MUaBggEH*SD57!$EJqBbv8EL-KcXs-n9CiKFc2XB$j?b9~uy1#}IEcvNvb|DO`v4PYs@t7i52v(?v zHFjM_U-j>1Vwprv7*UzJbVqFy(Q)t$*F?q0U=&=!(@mp6$oVayS2#B5jlmar#u*}2 z`>&qsZk<7vc=f#TlpOgJ0Gx#oC`XR{B_N4NLlR600UF7mZfH13ra2K2g_M1$n+Bgt z*I2jS5g~dALBSM32!l1)e(lA6J6DibS=tC2yu1b&8@!t)P>L{u6`-|f18cw#29+cw7e*02#~)uCtsdN?CU!cph~Jgvl~&N*Xd57H#@7pDms$$5TwuX)B2O|HGsRbX zq~7ofGDEJ-gG4PiAxxk~4+dUd9-5qBDjx{)UtM4K&1vaN5Ke=Ug?x6Fwr(nXKdI~M zs-AFPtlpc%SVxxD$3V~Fi*mL_>e^{LPN#IgUEK4K#>FxKC9C;MX!4jD*vvEce2kWH z{;L;|`lhyB1OqpwEHk8dkVdAvw_YCDlBzV<=6Q-noKdma+}kedMX&^{4|Kw(t@`M;}bT6 zuUgpaT#bYC`0>m8ulwR`9Xx!O;nLB}t9QC{v5f&raQ&^!2g=`7chVfRHvRE{^fQNx zh(mW(<_@yjY|1V@Fg{_jZcp!RayBTW5rCTu;BR0vL6VVr@Rs!}Bf~VnWXB@%5<5@_ zR(k^vEj)4Gbk5Nw&Pt0Zd#P$G9eQ>0jd)Zne}9=utQKcs87 zH&0DwqCBMD<)dQHA(6I%4K=t~UT@aneEWg_EW>E{aQd`d1811Qjm!ss?I5>gExdT? z^&TM)rC%T?p8>mh=clS|#EmrAw*5OgIatVCXTzntYo`jAeb7_4E&$V(UsW3Z(VI-M z$FXy?Bb(FNOx|l+k*~%jIR=D9H6~$fNYffhr`0estze{Xnc>&^hGpS}6rrUOZrgN? zber37B^0c;aN*h{{yBQfj#NQI(0tI*C2EvHMhG)0Gf^GGw;KW9;>Y zm#(p@%*xbeuFvOfp2bsL`O%wV!QD#+B~$a6oM4V}F#VaF$f8$WFF4}EE?o-^=4(Ng zDedg(ti?=O5l4z`D|)t*Z@lLfN32- z6Z(#V6k6;9lrWYA#vD#!yyZr0YNEP_k62l>xIFqnKRS=L+JcZ~5mN~uT7fz7W4B@G zCpN?n96L6Tj^-Wh$qm|eyphoa1gziXWA-lO!3`{{dg zL0BJmy5Qi!!NK6zSOU4QJ>P}cBW}F^+Cxxg=YN+wId!#pr*rOG>?q-m^wj!bsEa5> z%~1YX;ZY`9*b?9RM=TKjy_Fb)w;ee2oyysGNR4xQq;h{hF0`zO(alqg{BSe82sgO6 zjis4HmBvOWSqcnS&tm%ZwIQe;Qm3^?p9pHSD#V#qr;J`+Zm4cK(n(Lu8ImX37(?0? z48PX|g{4r;G8;Y!NK_rZ=m9NAlrL|ZIQuHAXIhs z>+>=O_tV?+Iosze+NYe8lzYWoJ76#_hd~Xyp4fhAiD6B80DQwlOFg*e0)@{a&;GsA zV=&ibgJQ&pJqYFBI_KtF=lHABP9DI!&YPc!SNwjto5>*ef0n3J(5jp|et_3xsR_3m zwC6iM>P09{=g$RGch8Ap(~|miFn}}Q739qNyrc^+ed!-`I~M-l{Po)JgO7Us{xZFt z)c^0D&@~$Ti|xyi0!>Qa2puYN`vtQ$&%+|t6PF1lC8u3abRNZj)QaPXj|5O0*v@Pp zTw+QqWQWW=9unw&c6~_U3Vm>rai)#M^r%moY3l({(H^RV&LkT85So z$yM|Zm}o5)Ialh10#98!K)0>XuJc06L8Es`qKvz!tJb}Z`WIj}4my4bKVh0TcQ|y@ zqF!Xm-=mHftZ1 z{Ag3F6LN<(tBTnYO6kAwavz`j;+Aoj7QP3hJ2l7Bcu0k<-ukzsS!LWOVzT=rCOZ+v zKGHPF#C9Vyl3c4e4{TbFc|*CWyYX8^UXNuh2*=4v)b+y8*uJX-+_&lZdFaJ$g^>v4 ztQB!If=fIRCu8>;t?v_@?_<6RMu)3S)uYHb02H|MWOKJX3gFtRFV?Y;x29PzO9~Ur zHdfH2e@?mAvnY02gmzwjQALCZ4hLc78%(`@{S^6xbpwbLG#KCH2mc8Xy7uXXm_2H# z6tBSC6_Uuk9l`PbLFj-HDgFI{p)LL#l?20Yr&j({XX5r2qWAE|L&m52cfPfL-JP-vwqtdR7fm3L zzPsX|@?1Qs&hcG*>b9roJ&tF<^@hQ=7jrAAPXASR`y{PWiqiy_)Za%ek|)L}cs3v2 zkNnH-uYQa~iLp_9iKV(R4t79nnMc9IA2xK$#}hH7_p|*-lTv|)O5)`4)$>1afM({@ z+mwqKdY4lqnCSDhY$6$@OE9xiq~8oe#IjZ`HSg}+=|L}faFIHEN{q8caQFwz*q>^P zHEXL1Euf7@^3^We91-Trty6l*>t&G^CAOK$ZHZ9KbG$yQxytYg~(9! zqds7Csg+c54$76G<}tH|=)9488x8Ja89bL@Nw*$S$Y}q?WGm? zu1L7A2YORJe?PG3GN1EF7)_t;OUmc+4o^J^HMp;lFoh4UAV~e8$tb^~>S_Mn3-EHn zvbZ#Ou$S@U_~_zpg$acAvpnzDzq^~D#xXt>06qMOyJdNwRILmx&(xeC4aGslia(Vo zx>hSZ9t%l@5u}51qE+}j%%tcYOF{GEc%M~${$7#VssT08H`sI(pyR7t#ft5+bZnkLraf^9 z&?y3TzSkOYIeZ~!af8eDTwc>IXnLn+amH)Z$$S3&S2^eE8??(Ap&5mf54|(<3;0J7 zlu1P~_MOBLMaA-?Mz=vXEULCThTLLu0SpmGjgeNwGL{T%2dRVY#_PfaphlSPdT`;;gnzdD0vlry&7I?*%e{wG#I?n5*5sm}`_elh z$wfwG#p57HgEl9k3_B&n_8Gt}yX8^pO2`@uOr|B15^Sv0n%N!|kFmt|W{NV>hrD4S zw(9F?F{~nfrXb8Q1mF~-1Dpn7Ug@jrjKeHGYd$Rs5<=g#!kWVdZQ;Vk3vQ;YBPHAO zT7`@o8dL0h0iSPE1|I2u_8zko^stk&f3Yp5wM5D(HG5B0^k%j5YHnawx z`0M;*oQ&WS-&Ont3P-DLwIKq_qV^JrYzUf&5Sc?zR$jz6NbJFpFdUV{)J+g8{uwH+ z!%~S8`S$a8xf$VD4NJeG& zLvlOfn*rVn!>W$G_=zcs@N73t?fRaRt;Jq7dBEqY*M=K@o&|z2(b5pNcCdncOZ!L% zhB46|H2A?x8O~aTa2_mS#%m)oMfT25)Y=%2f9TyZ{rX*vf@>Y#5*lkq(s2C8F@X2S zt9Mo*voeqOR!<9B9`hTn8i_=IS#}&kaejOhamFx{Y5x547|S0L^$;K-x<8`zeDdxv4GH-aM$ufXLe;#Y-l@_xIc|e8I@`M7Rs0$ks;4^L!lPL(TKlAaIp^LiyTZ zh1F5w0jWO4bCdP&C<`X2enj~qsP^mV6OK{!AgLBgn9hF@N{FUcXQ+m zb%i0f(|X?y>${res3Or)ku(LG;KcArzTL;%vv(pczb<=Bv3-ZFz&4??nN5dn;Jf zwijuPb2PZx#)8#N{U!A-!C|;=Z`CcS(lx#n^Co!LkYoq1&jX-Bf6hoP{}5b@OHk?T z-MWC6+_Y%FtPFPPbyZIM3%bnq*m9###KP$X;o%I&G5{r`K#E0Bf&{Tb|I6~MU zS?c0p;B@l#lSs$_*MBSVF1`iTQ6n# zu>;#(PPk*}kXu&KG1DQV6tF|M!dNlF_F!pxV{X=}j5#x-Os=qYC7drTx$k;W(>O1o zNw}7X1Gc452;*>F z6Mnb22{z!&;D>L7Q6Bw7{ zCwAQT+se<*fVZ=${XQgA`n`+|(wEJYbp%CMg>pijnungPQ*Bhl^d%8BHe)%~AQD@} z6qF@%gm%-$wqgwcJ&g&s^rEfTvwK{w^@3in@9@4>Dusn9Ep%|B(DH)9UGayMXJuW3aAn@eP8wa#L9X{Qam62jh@Xp54;&9>hDkPop|j`tPYjJ-@kwP1l12w%mh*T z>sIO`-j9_>RH1`!WaqT z_zI~!XKCEELKv5{AM5+9CySw2-rv&@MYY~Eb_vRyao}jO4c{rZBBOV~qrOY4jE;OL zwOh#om+V3o8&{}rLzn=12j1^XWjeWgO;U&E($0Hqi_jHu%CN;dyUDKK0_d8!zeia* zj)}TIl$T)cnpX}3`WaZ9jW~-5qYinvRqe-aNEkO5 z;~1sKS4gn@mL$aFV@*bt?fONDY#OR3oYolR`$A8Cq8$i$kCDpQO27RB2^;_k!(%92$A4j6(WS92TJhRcs+j~MiU~* zqIMJ}(Fqywc$W$pfR1(58JEnCb`2T$en2;S8MX=6StcnI!5<{HRGd~Pk+5GsH0m++ z-YDB9w>Eu~$tQUt1PKM#g92slI5Pz8uCe&dI4N&(SeI}ZYDUIK0NFp;sm-ZyU-pre zR=u}XHOgX?m<*W#8^3a%oRq;>%d<_QmR}012kJ#GAFRY|SNX)f9f=oN(d(I`G{}?p zusf+hNNlNNA-pu4b1Zd!_I0?bXxSpbn)@;x<_7v|vW9bTW#N!6T}S9Zl*tq@-0T0m zkZ>L)RLEPzwil(sN(rlGSbuGRhqY%%%4JMuVY0CLa77q&jUTgm_+IUkDhUi{s_F!s zK^+umc(qYI&3l1F8BwPC7AkCvxAzK=r(2a8{daPF_`-i0Fuo?vEMvpY^0G4+tk9ih z#?;>pZat}dp>G2HTbaA#_wpodL?aD+xhhJoFD#4l6;j>IL zeWE6irM9Xt;87+*%P<2~>P_#Fsk}VeJO&qBji&>Ijj1uB%f8E_8gT$xDh&8TRJRNG zsib28;ffxRUwJ@&RK9;c0Hi0iSa|Bsf;2VD$jgUK<>3&aPB8AOx7}kAm;e8G?G*kO zUb_YY3q7H3v?HX6owFE|C9TMUc7>I|!;fISj_`Xz(0%Ec*9*+msD^T<-{ESuo@Pw5 ze&EWfqP$MP5334gyP>B9@!hQ>kVw;BK_^U$UB<{wT(6%mc1-aM@Rd|IrjViSn z2yl@<3ke3eWFF_DY73kZTl-%@h2eA$EPA0WaGw5I(Nc#3ySdsJem<;g_P@J+Vs+wC znj29=B8tv7B%}bP+3nq0g6iFBa_G{t>F-3juu`mPb}KIh_t2yT@kpn3^#2D`c-=@B zR=rzCjT!eZA>XHt-6W(-1n#yWWf3y|lUFpdI!!eL)k`%Huf}nuO>>fk`y9qN)pf`Z zZ^arzJwmKkJ!m&nc4Nmlrk3=7NFl4k7&A04=KpM>UL;4=h<ELx;Y7OFl(=Qbvp=ot)HP)DlRjXui9WJU^<7mw(JTIvv#0@B8FW!Z&uoMI;3 zuVY{M;fm<&xF~m0pKt^#FSu<6eB!qZT$wpG80uYabj8+~>}^Pk_(maG>&{oTiVk~X zP!3F+8uX-f(41ZKp~ppFN_+!Q`%xORTGK>HYL{3w)LZ2_s(E4Gr;mZfU6(PBFl?Wd zNzHla8i#R(F`80nY>5ObXhD)+EKzS%*0M_!%f6<1#FcL0Tt)z-&mm2|D)5W3;=}-3 z)x7q>xASdLKU{Dg#$hw2U}>jgS;|vKrZ@?yKVh^UA#@pn5Xt7)lMo612@o<6{*9?- zzITLBRcJz_Y1B4CBzloOUT;#7y>F6L9~MlD^N8#@Wd*z1$#IOi$TQ0%^m`+5BxbNR z=$nHbC9IWCTb*5jp?d$QT!pET#RDH6kB1{3%8ALD9TF;f!I{cwfr-kN%uH~dY4d`^ zxI8d!DVLuuKxIvw1>HxU?-1z!PjE4)eS@n6qH*EJq|xbkDOO!vsw}xt~{9J#&n8=>#^~r z0Ff?rEj#DbpEJ_a3p5Nb-~tdhuK#9K<;=1)?5q{XH>0ku{$Uj2_LJv7jJmA4nlV@rY}dbLvv`276E@?1Y1rQ6o$J4Mg&U--052rl1c(^28qD&3)C%1=-$j z6@u(i@Vl18y;1P1zT+t%y(gUS&KtQY*V;7wpJIw?YuE7IUcIIN<>@VrD~r<1hz2rt zc)AuX;b+ocJsXQ}&Gdb_n&w>{sK+LXZ^g8@;NMw^=GQri+Sa>;c3~B*3;EcjXLF|^ z_v$(Ded?d(57^NjY#JFgf3YjD)n4CwI|lgE;$Zal$gnvxnMovHTmUHLjPAu{U0l-{{=|@hf0dj z$ZsT+Kz{voaj*kff{@LMHqz>6xTHtm7WpkzgLR4J3sPT%D`be_hKRj5J(069T29rU zMhvtpCMzQ-JsmJ&y()~4>=_xmQrGoLKOUPmR2SA8v#|y|fA-B~Pq%RyY~EZ)+XXm-)i zd{bMzbk8yf%Pj~j4CX_@noP}O*RFEPVymk>A=ym%KoMIH*27_2p4u(+Fy>+MGDT)DmV2lLJ5f)F#IdxKGBiCqfkC7}w zz>11=LJb$Y2CQdVk{mH}>e%WgiBeCT5@my8M03#cgSUZ_GbANlM*h#^(pCqPJth#S zhN6Qzc)%>;sM->PXA^DUWkjgy=#LOcceK_&xbd46N}F8t6totTMD^A&LRp7q-ntB_ z3eik?*T|!Yk2_cq)a4t6SAoSq700Wv#AT!((?+`4m` zP#JVmi$mxUDs9Wvd>csCRRW%fX_!^T9T`WfX9K^IMrW`X+GnekieRI^;>Moc4GM1a z#U_;vfgvkrLM;n)h7xuYI?&wF$XKBRvVZ}ztL@C$Nl7FptJkf5%vIH$IrAxls#+6# zBLmC^vMpVYw9hqtXXD2%-h_w5)vZU*8fwCU&2wt=1fn*l8T+tIj=h}6w$o><15gNj zsjM)R;v%Yr$b(CWp1b6JArR{~6Ab)oS#q&=%2qVyI6^iUT zewCs;gj?<02Ky~PC})M&pwxjQ^3()dH_$!d)@nFQqkZImYtpFxq;x!IoFo2pEOh<= z@@TqJqEj35A#ZXFw^V9+~Af<{HRinqdytL20CMw5%d*kN?Z>h z_^8AfHm2G?mmi$Vrlk)h_JOS2ULqR+V35u`I!c;{nmg96KvnPp8)M(WGhxcWuUbgMXTp6o=15HB7w422|xwD$sxL%GuB^W>I?O0wTn7d~EBR)J@b6XzdleggQ8Tc+Nk zbMeVd4|;jqnrUlDfd28(^wUMOLN8UD3k9CbV#wOmSNe5A=0m~S%RP`i6ERzso7wpB zZyPAtc_4GmD1q|QiqePA-VLpcKK!13Kng$GN=F#jTY3i$7bQkb*T?3y>E}4Qqmsyq z!#xA;daLU~8#rKMcMH2E;~Ae*HH&(jf=$4??7~R?N3;8U9vhZChPdw^1?~4cX5Rs3 zQvguSy3$owpbk)|CKRlZLcFoRLkt*mXY!JN`Gk1N4J~J(;LE1yuMKN#Ne^^+uI{fT z)-zcE9ION|Y`CPKDTKjJ{=|`fBDPvw$>*zBe|vX2b7lj|=js_m5LxHEjR6k$HyXB5 zYNb9IOp}d3hmz;O2$E#$>qE{x6m{Q5{mS7Vp+QvzY%5^~Q<5XyolIGfUUOUam(rW7 z&tb;ot*u=9TuIP9(m!7(tymWeZdKaTN5mszpshKWDQ ziu9~@8egBcb>yHAD1!~W6|=cHsZUfD#1g5Q#um-oazJ6#*Ymw_ukbaz64Tzgmn5!LR(Lel}2$5VS1cm z4>s*5E@#x|MBl~S#yKp{*Mg{4Ex|4ig6;Mu8x4Q|f&$gf8L&hAQG zEl|H*FkPf=7zi@1i)gH2_Lr(C^JDW@$Z`es)pQ?!Yu+%5dXFuSFr}7lRe8?Q0S=Tc zvCm*>)7&gP@pI)8dk7VuMt+N4@lgfvGmO%^o5ci?=6XXg8w}Hq12U4pc6PkH@eV`0 zYa-J zERSxE&oMX5e$-lgRPtRL2wylF=T@nkSw*FQz>JHu^*NSw^E_6?+9y8nIY(86vp13PlUjhIXthSr|Y`>Jmdv=Ef~ zj>ueU%2b;%{StLS#=?RIoFJi#?5+KiajJkHHsGW9Kg1u8AKZ zUopw?X&?3Y4IE!frP7G5|`ph$;Oab2ec3+doL6bZccBdp$!e< z)byNjxBzZQkMHD2Jv)P@xqN!}L9*tgWimPc>v1>SKkaJ>0PO5;_oq`$tO&-xbF5A1 zJl{E1zP;P_!EkAYi$TFvPfo7M#@M^*@!4rTjU=vwJw3P}(uo>_uG>$vfA`eI7rVt7 znaKi)>EIo~jKQ-fO`rzdOXh`U%L3-~@0Ul5qYI}{aZ%|}`f(^nj9z#bVX}3zeYjR? z3EOqMl)ux(*wtT$cca7ex@+JRs#hgQ{n*vn|89IgKD_m}Gxq87e;C`_+20t?agCTe zMH_%xlIk|<-&q>A#A8~*D9`NnQhm~|tpykdABXXjb$<7dbq|eSgp-cK3ZFdG6j9OZ zd5p~;&INOk1tg<%2O4A8^CqI^tMe$Oofw;=jD1HxaG5z*MANYo)Y(W5Mu$dYF+<|- zTy%X>2EMbc)aF}-5fvlmpiWTZ%4HZ`4H@&VN?hwlF|uWfqE77x`sFm13I2?4(sXf- z#RZof_G5x6lKHW<>o8isLmWWkEwZ#bvOPfui@9O7C&g$f=~kvjDy>(HrRZGixc}y_ zkCYV&c`YlRpBKAewyI21sjcSMqcvvyM8od-!>lJc2FfC`MT}V0-mhKvtRYu?{UXO( zboaM5!;})`J#Wf?`Q~IZ`uaO&D04uQ$#TytCa2&+z+9x3CN%aSNA4_s&z#z!&oj9= zr(nb?x=yQdXx5opJ$M;fk6hQ%`3qtdZr+?VZtsDXy_m_2*#N0%Xk9dP^+@Cnv)4B0 zdh-Gf+;ZBuAwKg6qv^HAIh%5Bh+?o+Mh^QzKK+jdP?%HK>U%AuHT4r)szgvOPHZ;V^W?R@5fA|l(jO|*#{xFONU5@XI8D2S1Put2{ODQRo6;ma@*50SLG zX~Ix8TR5ZbPzkBT+S&${nw#7{m4Im?l%s*tjhaO4`I8cz=CE7XVGYYqI9kqdGQ&+} z6-JZT{Z)HY-Cun7M!`xXj;-$PM3O0p6WJ1MbWUh9Qs9OiPAX8$1%0Znh=_@7lod@^ zm!l5|6+%g|x1{+?$_p=*h%JM`Fi#)rC;P^9bV0gKptz=yMYoW!o*(yHCSVIfAzL2` zN<fiOQJW2W4(!Yg?pY_r| z2Q}th{C`ER(mfc{T8ul>%$R0&YXEIgw!!WjL^%~&`#U}C;_MDprkp}B7T$ks+IyPr33qKT=4!R)0?@Y}ZEDo;D( z!EBznRwax^&*3SzLt4;80g)69ASlghDu6n(;sz-a4CrCWVwmQS5AA6SDUt61OxXJQB!NPMs^S2_LA*$mA%A*&@33*CUS9+$O z=)Mh;t&i)Bs3!mFdEGDyVzC%T<^LFs{5$sD|nWkM}Z+ctek`0pPO z_>mY49xr$a@WVRzL3{aM$v{}H>)29$8>PVnE+q&DQxF&+t@A$wuQ)tMhinD;%9qad z8gG;8XG_<{1ZE+*`=p*7zQ_kFAo_(jq(U@Lp_eJ1@BH}b|205;cI-?O=V0%tQ2ak` z6Matwi(sI#!4PXtrDi|4C6N{6OP?3yixAcC%N7L2@2dvL?`vjPn$Wt?RD>GBJ{U^y zD&mh|3^y#oK~#UT(8gGQ>-V5$M_n?k_W$mw^M&^}I}x{B3vugdLa_>GaNf^0Y}k+h zX*3e_%mDuBshaSU-CZLfh%|@{5+V&scQXv#F(NexN+UHiiZFBtjC2SH(r`w<@0|6Wb=Equ&aZdB zd;h=ov!DC9?+?JliU4J?9cA(Lk^&L0kEB}`sblXK#&d&N3ImxMYl5BYX4Ri@ajg>8 zZu``DrXZTc7@42)xXh682r2<)!-_DQ`+Uf#L(U1dJu`i!7rndZIu35_6m9Usmn`1F zz)z}5$6|M4Sohge4U8&mhTU&kL1w}{hMQh6eFZx4!iKqbH#R!hUw(79g9WJ1wlW_v@w9tG28p+-^Z5=yRs5ojhSv^94UAV z2YQVL%oOFU0#mr{)?6Q=c3D_UV7i?SJuICm=x%H_pqvg%3FwwB!i6YkNH3ydW8p$L z<7pr9Gj_~yhZ(m=v9LY}z5B6i3VbA+cMQNAzqA}0sV83a>+mNNE2!p)-b;y^N7bRKPPNS)@9?w1S97LZ>37njd(jrABVh7u$2qI$ z-<%<%JC_X-#i`-tWD~Vgy-bw%cbP~8cD(yRZ^i%;dF9VjKD6QY8MAAuD^b6q=i;Y? zfwp9ml)wY;@sE1WsvYwRqciWX0$jcTME)@hr4Mt67hp^0C=4G>?8Q=lBA)kqg&(`R zs7>Ar!dH@6m5}AtgHdG75NCgPuvphTi^C72UQw1>uR7335}Lv6SxNAuC%nUj z6FYFK-?H1vgtXg=de20zgbENib)0Wg=kk_swyK~fLt?fntb=>7+4S(&Ax>b%6k~)V z2;Bh=(R=pVN!)_^vIuEJ-``WL$WTG#6B(s4Mk}K6(es^Y8C6aUsK1^-RBPsqOYFLX z<5Uj9HUkOyD%Fq23dc=VPq4C24 zbokMo%nnO9QNuh+U~g3_gaswP4P*@xma&>iohhR7LR4%}}ZHFsoh=%oTc6S0vgk zi=>}=M>q$G*A^;Ch^?ibtA17ReGltmk=CIM@XV)Ad`DRc-`ax@zxd4lVcWx~;I8So z`6{2E|BBE1W-E~hhCWQ+XCCH1n$WMnCp|VzG=*UA+5C4&bQAg%7gUY}71z^sGTs~w znBMZfJ160`zoc>#EvPzGS7Z$)k5FlUx!GS9C_NT2{D+(H?xgU(h$y#FROOG~4HH;r zHIJvp6E7a{`bxdFcLVJHqKtGKMM|kiYC1chc>J(YkY z+McL9CE)M8eC%>M3?-ntiea4Z>Q;v-Ib=-?8~+IJn$x;TTWEC^BEZrZw1{7foawhL zMw-b*7+a%1$y{naxU!JTfP3hl!kDPPn_Q>s4rmD-{GHUD>(o&UmjnMnxm+_L2G5q; zsGZ^&z0hU^mf~k|s)5_37HiLX$4EcezmiD4a6;<;$DysXoiC&6Rm#i|X>OGaHU6ig zwr0+f$RHuF#|$%pa?@yyyh<_s^*#*xMBmi3#+=bqOYb7jK4BaHXJ0k3xR&y_#(9r) zYqQ+qGy1DTWySw4BHN71Z36*`79WZ-!knH!D~>lTj{pX?ICb8m#>!yKT}OmjXv|-M z9N$DU+AznQ!WH2lqErH}bTWGK5%()4#U)gOUaJ5rZ$)>gc@Gao$98gCGanc9pDDz> z;Plx<*f$fZ)xiwq3Wk(C5&As69gpL%I*0+)>J8*SetIYU69&JhoC;fYmDRT6#v)EO zyNHYSTX%lNOd(K`F!ArY`0PIOM%Ex&7at`8i0Pb^z*MtU3I3srE2vBTi!OfeBOb4_ z4TFwF{U*i@a>_PN38ee<*?8#`ZTk%CwWZ>7alF5}IPNC^D~YRpEg7yUDJuzYU+8I! zG1XcZ^d}lezh}^Z0^xDsd)lCn{&6=%NeWg;X=WlL*sjMR;I~pgI75w6fxY)DoNV-8 zyYzxl_-v9HtV8RD;A@i?Yp9oWC6hV zlDy`Lk=`~lbGq{e0Q2^nZX`5~K9{^Ft$;_ZPKCi4|2tJ~%NKzg^fhQ)=PuIddvf8C z#ZXz>l9lh-H{VRrG?<}ikbH5uChwK@sv_6lrf&Z{UW%}mEZ|s!k-YN+Ik>-c@nTW~ z)%;RuTtg61zyBQm%lG*W(TQ5qY<4VRTy}$AKLyN{wczT@i}VkrD;^2dR!~P8C zP*7m>tNN%BU4_(8e>5B03@3mClmH&F`z+k|#D=>G!zE$>2dyg~et38bvA`p`-T36q zNa|&bn1ssm*^hz4RJs>6*1kL1PJo@D1LQVtFMrK}eLv<>?#%$Hj`juBS{q$@(2l48 zPx`zrQE!wL2}SY!0F`7|+QL_D12(v^iHiGHAbfFsoS~Jv`l|s|fC^}nsH1qGTj(Up zN-2dbx$EsQ2PMu?Bzh#rrfL>YF3E*R^uj5h_41*B*kPkVL#zZ`jx0U1P&161`6rc@ zxDgT2pw5u-kXM`$J@yP&eS+rvN~1V6n0ceD5~E8SdqwLVy( z9liWhfiOtWww1IAfiaez_vKNN+`E}Kq}Dy;;s3;&xpGoW2w3I#PY_b(@tl{|X{h(v7%pL)8bdG>ik_(FLO1Cuje?u7V|4bOC^8cPN z&;PH4as4M@TK@}Sa{c}X!Ymj#ns5}BnGg`NQ2F2g(qGD6Av}KQmr>^zW0v&jjP>Z@ zFc+~W@8(=f8YpS$);1|N!Q7&M)X=a&RUkkcqE!~cz)#^{dSef1XmNrOP>@A6yiOxF zjPDA=`BYy<9r$3};2Bc|ohYJl3Ls|@+#Sf&^A+&gDO^xDTNYi%JSAJ}65k;3v^hmD z(A5t5mO*3ZLO%uz{FbjTR4&pmjSQD&tt%`63{W6-kHKol34g7nC)q=)*YZ1432+5L2D3ng1wZUJa$5 zf{<(r#X4EBtT2x~b_QnG)3cInwHTjBLqnjpdP2s#*AoiD<_}LV#Z}ta3Q40|Qg?FV z=jb)66L~!2E%8rIvg&AsUnD{~^=FUE5ea`Z?y-H9ZH)I3!Ab}CM5H!=7ZCD% z6imoe9UfHctwCTSsp0)qmy@L-x)`H6xB+c0-+xw)P-VtRfPeMTFVrSi0S!PEr*PSg zPM7|tPB|}dih0&P_O0Pq8SeqOS5UyAR1?gvFTkC8bv*Ju`RuONFXr`7-F9oGj8QQ? zONx7#8|K4AtaD$)!kkTBl~IO`+}q2h-sm}$O6ZF4{?o(C@#~*M>87(ZhB(FcK6IKbUN0V{PtjQ_F=)@_9Vp{+F!gnwj@39MhIbz zPSOd~(6XN<;nR|O)z8MUvH3U<^dld16g@{8_a^lg z*VJ_R>s4`ftJq*^eqAVZ3Rmf{!CEt4Y}@9@S-3xL=Xv;rnhWS~hw^6Qt{`~Nb4NUE z!c4b2tv0@HnjS1p_*?Gno9sa;a8k#PZ%a)nD!@mCE<4PwhN8&qDJj~jeP)dl)x}$D zi)@D56+el`nh_(}P1G2Ww_pvQ^iOq}1AVxo&mMaG<={~^CNxjGIMJ@1L$zwgE9--f zrcgIFwWMBLo(N@Tw^)&wyvn@)m=sm%lU{gslApLRP1Jh*qjE!Y(WQeFh(mT7(vuu` zq4r~sb2Ab!l787~!&Gc)b?3jcJ9R^SaG5ae9Vp~YV=no;DIMIrJ<}t;xmJxl8!!p@ zcZIv{D4m+Xm0ug+5M*iE`mGMNvn^r9(up@lGy}5IKdKf*a=Y6|21Ay%W`L7X18=n) zgXDya6Q5PtzxV8RrioE~t(76u&IEstzxXFY*Pp&Jl98QlEyuk`<>=nWEYoA7wDKE457Lzrt!7 zwNR-pn!>8bIimty;$17nC<+NVm`&cg-&eiLp<2{*9b-(R?*AntJzX1G_hXGAuu*1F z@&OI8SF=und@qt-`87(Q29gd_lRTXA3bxC#WT$H^{5Ix}7e$uD{2Op`w6GxK{?}a~ zsH*e^1``Ygj(|kE@@d^4v2tmAT~LtH_-P?9`;9x=Sm%tm&F{A5CWv4y!+hOfQDIl9 z`eK&R$o?q$fkR-g>d{&_b&68b;!3W~^AhB>jar>c&9|{t z)|@Pe`h-G|oWZFRdbed@d}Q8@TyfM8ouKZ`BH~<1Y0z1ipnodbgRXNIvMdPW&I2RQ zoN8c}aLAp$OBK}|$KKw4Y$^Kzl^_;I++$Ro#N(lnhQ5rT%1?4EK-O?)K8^N`7!Dm%O0&Q-1q6hyOhGsB`WTLQpywJ74QVonEz0>Kl;x{u(aWOWDlQTg6bEa zkL=FJd{+dcI-{Ntlse=jaTC8x9oS@-i}2j;uNZL`m7bRR-d4WMjNd$wQ0=#RD6Fo6 zw#@+^mU~;u4vET$#?er{Pvzj}fj7c3`GOS&9msBM4PJ61MG6FaAJLo@lEln|op@32 zhJP=Nr>^?iocYXm`JK;iW7w~Pfx0t~4HES5Ba)*O&+)cm>JUo`^PeYMCsbkw`fr;N zHGCsJ;Ta|5-lC?eO#JRf%)Z6%b~$QGm)dDvDt7b$WkFwrmSD^(%>197PpW(cM%+HG z{~f!{U=CR4vqo;YwC4)O6*!vJ`%lxAo`orXYHmSAtAwOC9hSMbG$XzCj$N1XhP`4GVej~mW( za3l|^Q#j;P>veARiZ%a8+XGG_mKij@Gk{9Gwsftrn;z%xBc(+7qju359OM>aMu|P! z6}<19sN>LkP@qxcg;@is`Diq<26-GbPmf9rd9=qigPNI5sC(j*mRluKYu|E@mlL)O zF`d-qCauoZx}KP9UWpQ6!(WHtDDFrYsG`y?zsD+X6_+l_3iGF*x>OSN2HX`CmJ4UO zFcwisNlaA-QEhT~UwOvhGlwi-JnX@CKx|!h8ffQ%Ns8K!c*rzG+nOSRpJiGzJbl6I zai~>u^urGNOp8qo{%jgmuvaYAI=<*ucHAqoGxH`&yj_MB^udpSEY|pIZGdG0r}!duNxyIQ@Q14vU5OsL$-$kmx~hJ%xd2%aKnqIK^q;dj=8wrI;Y z0lZCm`pc4PxXv}O00h*^ejtuWbIf9z?A(`cR@B5?g|xj4-1&Hh+nV}3-P3+4#gVu( zNEbGm&r+xXN@x`gHV>z5F9zvkiJiYHsb=V}?k+UgHim!1wC*gYEL{)?o+Vfqrll4A z#1X+DK_8|{D&aO06UA^wGG0U@8u84fmOL8DAU ziRBeVaKkb0RVeYQYSl=+-0+)7=0mAm|L{?sp_VVirki+svS$azw`l)0Xi;K4 zJkRLtNKh6~AZ@4dvC??IQiZ?39mnYX4B|f1`v(n$)gLKxU+p!jes;rE+TUj?cfR*= zMuPe|C7W_QbMkDj@^iBy7Kfgf-8aE(>qq$lKydQ-@lW;@tlSPM>_Oab=bv_^`9#ET z=dxbYYkLTb6)k&opH8`nDDw2{wYu_AT}v`A(WpUUlpxcBP9JC^$yv%e{=jRR)(*fhk)?xr*Sb;4u>IOg8Pefb)^NnlmcM*a zuR9q>BQSku=5}W5jZt|E=Uqy3E$Vm-hJL>ORTxbk!!CV2^O>ac2)6T--oFmQz&|%tW z^EXpEQwq2jDKU`08F1|xhriR5IIr*^u_Ffq6B`e% UaCnD{jwHXsB!V*CyT-luZ{_oH)Bpeg literal 0 HcmV?d00001 diff --git a/assets/fleet/fleet-102.2.3+up0.8.3.tgz b/assets/fleet/fleet-102.2.3+up0.8.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3a9a59c23646acaebeeeebae09ddb4d992a29f36 GIT binary patch literal 5224 zcmV-u6qoBCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$a~rvl`+0svA9YvW^@+oWUOv`l?-WUPoXECLk~f!1r4(?c zNy5SavjB!NSJD0UD?Da6GaQPtB-59K*eb6Ek4B@>=x#L7;D{mW&e4QO9nMI?zWWNP z+wFGucX#doyWMX6|GnLv-S2w4dk6ddgZ}Pr_q%Sdzti3O4!U0hnR?2UCi1)Pll!U< z?(ZZK&V?qL3a$nLKtwcQVjM<9Yla~e9g=C$rd(;l*Z?fMv?Ce+CLubSG`5IPYC57A z4?q$gO;9#g!_O&7njqJN4WOlEhONem6B@_J@2zs34Y55%si@!sc=6M3pcnS`!*06^ zKSD3;zcPQmXl%+!f+{5u4!~u$-5AwOX-pcM2sHpkdG@)nG)0+Et=dJc?HkHtaif}R zOEIM}s`hv)2N1DLX_P9oIFzbQdxWJE(rbj_saz#MKRoc`?}zscUm`=Iux-fTr#B!e z{W%9U?FS@Hi_dQOD%=TTOp(XPBZ_Jev>_5arrK5*Q!P>zA}2$JaRA@|kE#A7h5>-Y zR4A&2oDE<^84fy~uoD^aqdLA)j4F~eb?{yrjNl#NWQ-Ep@P_ISsRE+mA|ea}8kt%X zty4AVctD{ih-F`;P^%6TW1%{Zs%kn8%EK+l*6a4eez^1RS?Y%Qt=Hx{l9T^a!ZK7} zO98Bq|GNj>Ze9NG?e;hFe;tV?WQ>E_!u0FMt(O2mlkotiZczZ(CTAIAXM)jaHh{OI z_d=gZRLFG@kTG)ob|u)ht@owCx8SvqxtIirW2&^Y>I?J)A;n`bID5oeP$&`j6fC-v{B!`V z)@p1p0pyX0F$TNBa-@z9zZku@BVahvfJv%nKs8VWM5!#n81#gyI;6|f3sXhWF~=B& zGazt-jKMV*Hyn-*!})NI4)f6*LY#U0m6nu`VI(9>#0`j%MhFSZt?OY9KH{ zBJ~i7c5{C;!RVUuw_Kx~THW5;ODz09PEb!!!c1gvL%0SlfG{R*3L0jq;59-DP$@=q zG&2OF5*QgGQ(-{ITu3}}4bMwWPHlw&j0jU`x;+w^L3<=cVib|V8;C>@nKtvFW;}u$ zswXhac+Bt^QzmA{Faf2B#xU4|-uALdHK0 ze#|8MY4D?&*q;ojNF)gXg(;ClV+@QcOS4!cgmMK!0!@L$u|%a%xq;nK#_SNxxa>kO zJqKKzIShLJgRpD<>%7|Tb?1K`^sUhrc00ZPcJDvT*DLqAza6S+v>p0khfG9-1;J1V zZDu_+lE#}H12AS{0I&s@6NJLNE1@<-Fjj43rU+voJhoU`pam!9H61ge#26^|_Kdd| zog8zxEcSO}xxoOo_1xmI3+kTE2;T-ea;x0Jv}@ZI=e(fB5<}H?@P3Y7t7Rb^+J$PD zS{xh0$s6;aX;P+2Y}wwjYaPE3E)5!XsVWOpa5ObX8DldjrooML8>m*sCLGamE=~-M zO`oPD7B^gJi6klPT?>~IldTOq^9jJp$TZ3QOl!sZA$fZIC*@zk#)QwEw)BcBZA1w*sY;CqR`WK?2B zuG?+R{ttn#W%q3G=fBuNoJlGq)w3f;lrl`est4ncc^+XO}YYRSDYo0JTI{OG|D#fVEA0eDc zVYUOx3g$>KLoSR>ElqhQGR0<=i4>V)Y^121f!RNb*uX#JGoxW?3{%0f1Z&(E5pGtO z-)qI&mczY%hanmTlo{zY5lWvCJqfm=G&?hB4uUQ4{S2VB-&HM>;W{}g_hBnS0l|Md z<{UsrCuzryJI~j%6bEojrDcoR2YF;u z)w!A=OU({cr_Z((Smpoe?$`Z4yZZ+R8~cA9>Grm5Gz;YjEhi?gyrQ}CX4tF+?Yq0c zRHP#ae|B3%Cunm=LZg5!nx&F*J%ZN1sZQ%r0FWsxK3a2pkjD#u2e-GKm%$&M%cZJd zjs7dNsFAr=+*==w6~t;gFjbsDaM>kMYvkySkk?F**r+#S0vj7WnqZtUCuj9UC@ez^ zUUocwIgxE)+p38Ya5ttlT%*xTWml6?d3N(K@NG>7jz$<6h4@}v`2J0{NDVxrWm+e{ zWQ4WqlxajmdEMl2sH(TQtE&X*Tl4HDJzuKJf2TMTl0Ks|XodXm_qzKv`M=liZu~!M zNflpjFSw>W9)PoK-jOs&P?MNwGAKN`{scg9Esd2XgS^;r&H(;qP43&k**UF7$=(`3 z>-H9Mw!265gm8D)+RlN^eM?^k;r2FHJ97x(+%bufv3%A#74WPM+E3P&v901GuDJoRk zRd?^p8dqzTAk0a7gTsjs*XI}^ZQ`)S^73?#sh(uRkLRan5=ZoNwP~&J?yhB<-ThOX zl>B3+y8bVD3ZBgXSfT&-4tDnH`hRz4qyN{E%KD$Asp=F)z}yY~5Gz2X7!9ne&O5rS zWU!Y6yg%Mc7?P$9&7sibzG10HlUN1Dawq^fA|{z4LOIH!rP;$w=V01?IPVYNom`w9 z9-R~=e$(|@ieymA1Q=0d@i~sFxjx^zehTF0qJE*n*QX~Zmse-!AI=Wn9A2JW9iRO6 zt@}iE9(YEkQCNvhB|9&SN+}#y0YFqe*GlX*ODym1P zA1^LX&aY11|M$m}j|Sn>!#_1*_dxLZesVc}?)ahsqu*U#o*CNx&;1D8+y3Gy0N#Ii zKx=>8@nvJq{f_rc#M#HIv$OLLudj~Zo-ZOW_cV6CQnzO(=Wjn8KY%fFprP}hei-{sObk4>lI~lqoFdDU33Eej>QW&$_G!>;c)Cq*Kapj3+80 z%pDH+)025ki6s8O+3Z{h{hBg#+*h1k<|)l##fu;!l9C~1RNG5fP)e~BX*H(}ho`6a z(bk=4yt4=8<)&>&Ox{^>ictaU*t(qi0J+it)E|v3g0AK-;O($hi~78Zs69?NOB2o6?gY4^vaI+M(oNJRv@=vSJaP6 zi<(Vmqx0?WLg`!xmuI#?5Y}YXQV}9EeyH9HZp1=O7}%nZ3grNL-EOy<|3-=|^#vtV z9$^31_kW+n@G5dAj91=*D__TX)E&W9=YMfEJ=)u z)!Q*L)YwjQXRXatSrj4Kn*c)`35ji+Z7&2-!Hdo8qxYolu5)!W`URq1qG3v%TZ8X$ zS`;;HX&rGrS?gBry1eAejoFed>koYwjoFp9?3~JSTv7PdVLw$#K9@EF7?S8(j7Fz4 zp?UzlFBHpbOLh4#ha`ILd*CbN|IS{oU%&s++v{%R|2k4xhTFL(nVtwqe|7h=u3sq^ zev+RIdZi#3KEx|1Gv*>hNJ_1ZVwY~)hl9++Q0#R-B{CVIukqrg**#BD4oeveaB5*P zj|F4z71ml7zB^?>V^LF^(Jde>?`{(E{002Y~Yxq~_ze!@swZgkBqDhhdd%gUYK+uQKm zg-nH|W4K4r=&6gSiNU^zsUjg{O!@unWXJkUT(KT@_*#5W-=a2px1P3E9zd0nuWT7( zIHC6-Nw}t!T}Jxrt?^PXkDldl9!qeA{ny>;)$jlA_xE-- z_TM^E)4FS%vGl)#7qH{V;^ao^Fa~a zR)bHggn~me5fW9#^tPWELmT9uOw%P(v~3xMDvdmvIaEj%Q=Lz~8zGf7o_}i^$C(WQ z3<4WFX-DHR^^3vGB`H(B!1b-?qP)5iiN(rBPnO=^Fr-k~(7$?NdP0arl-WmB?A(~1 zk!wj9{nb*}66Mdah~Nf?ifa7J_jzEWbEcHu&iEnpp@nFp5lw9s1aE9mx|xrW4djjm zf1zPQrU+DrZmM=n$DcB#fxyw}+c5BCae=3H^g)n+8jMOp$c+ZRchS^_P4ta`A-XW> z8!V!cZT$Ap`LT=IG}0$Axg&<3{gMiQ7zDvz|N7V9UmeCS@;i=wL~cIte8}#4s~Neo zH%yzhf14x+(dJFjw?#~C+Z`gf_f%XQaJzj&sGh%^tSz_PfhFpxnBcXb^hPmtK0v3JKfFs&svh3@?|ge6wh{*AL$7+UTeXZwQ;5G zOjD*xEqme4!DHTM_~&`eq;hs004$5dt-SwWUAZ=DxEwTWsk#^q4A2luJdY-x2NN4& zJ^4k6%EJ-gn$I_>IW@`u=Y9=hrT@2Im;VR5I~)J+TGBt-`w!omo_}xY{`FtFI`9N@ zaHaiMfB&)H-Pzf^|GSp-tY_8UT=eJC#xkj#OuGwvEqhheSss-$YFGTi>?d91OmSH4 zOY8}DGtA}SQV}l!XRN;$^UpDsziteYkLk}}@p;A(%R9Kd zXy?YjURTlkWbKeEMUNZ31GjwizI<`?mB%+=#RD9${1Fbg=OGSw@M9dSUz~tduTH?j z9*(HPS$uus5r7(Ap=gHE@DjxmURlj{4|#|ImOjSN(5=a^kFPI@{B^ZzF7J8MJSw<3 zkZW~s^)P5xt?r6{Qh)0UJ${7zzhD2m%l}V330!6W@AvBG{|Ej3&HGPlNzW6r@-W9w zL%hjyhlFFjWp0P(k3PwV@C-30PuQibeg5xX|K7BEq5xR6{`>oj=Rdof^Z&J^`|jhf zw);~d^Y>zMvtXii+J2S4PhlzyVE!qE7Li~BxI8+`RXdSm)Mvh;ty%V(Y-~acz{muQqwWP2y5F~OlMXi%EYrn+PQb?67-@K@Qf|K=H!amW0Vf2t|(%mEEabe*O4 z*GN_HGE_Hd@G=~d>)>Um6Z5x_bR4|=-(U-VCX$Lw!Q0~#6@;l2#=s9k8YAhr>Qa0P i!l{ZxjGb>ix0|#{o3u&yrT+^60RR89(ZkXJegFV8z(WN9 literal 0 HcmV?d00001 diff --git a/charts/fleet-agent/102.2.3+up0.8.3/Chart.yaml b/charts/fleet-agent/102.2.3+up0.8.3/Chart.yaml new file mode 100644 index 0000000000..bc49a83d49 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: fleet-agent +apiVersion: v2 +appVersion: 0.8.3 +description: Fleet Manager Agent - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet-agent +version: 102.2.3+up0.8.3 diff --git a/charts/fleet-agent/102.2.3+up0.8.3/README.md b/charts/fleet-agent/102.2.3+up0.8.3/README.md new file mode 100644 index 0000000000..2c5724dcef --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/README.md @@ -0,0 +1,8 @@ +## Fleet Agent Helm Chart + +Every Fleet-managed downstream cluster will run an agent that communicates back to the Fleet controller. This agent is just another set of Kubernetes controllers running in the downstream cluster. + +Standalone Fleet users use this chart for agent-initiated registration. For more details see [agent-initiated registration](https://fleet.rancher.io/cluster-registration#agent-initiated). +Fleet in Rancher does not use this chart, but creates the agent deployments programmatically. + +The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/). \ No newline at end of file diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/_helpers.tpl b/charts/fleet-agent/102.2.3+up0.8.3/templates/_helpers.tpl new file mode 100644 index 0000000000..6cd96c3ace --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/configmap.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/configmap.yaml new file mode 100644 index 0000000000..ce61a87568 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/configmap.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: fleet-agent +data: + config: |- + { + {{ if .Values.labels }} + "labels":{{toJson .Values.labels}}, + {{ end }} + "clientID":"{{.Values.clientID}}" + } diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/deployment.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/deployment.yaml new file mode 100644 index 0000000000..582eed608d --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-agent +spec: + selector: + matchLabels: + app: fleet-agent + template: + metadata: + labels: + app: fleet-agent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' + name: fleet-agent + command: + - fleetagent + {{- if .Values.debug }} + - --debug + - --debug-level + - {{ quote .Values.debugLevel }} + {{- else }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + {{- end }} + serviceAccountName: fleet-agent + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.fleetAgent.nodeSelector }} +{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.fleetAgent.tolerations }} +{{ toYaml .Values.fleetAgent.tolerations | indent 8 }} +{{- end }} +{{- if not .Values.debug }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 +{{- end }} diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/network_policy_allow_all.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/network_policy_allow_all.yaml new file mode 100644 index 0000000000..a72109a062 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ .Values.internal.systemNamespace }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/patch_default_serviceaccount.yaml new file mode 100644 index 0000000000..aad4eea415 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-fleet-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: fleet-agent + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ .Values.internal.systemNamespace }}] + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.kubectl.nodeSelector }} +{{ toYaml .Values.kubectl.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.kubectl.tolerations }} +{{ toYaml .Values.kubectl.tolerations | indent 8 }} +{{- end }} + backoffLimit: 1 diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/rbac.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/rbac.yaml new file mode 100644 index 0000000000..805949bf2c --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-agent-system-fleet-agent-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-agent-system-fleet-agent-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-agent-system-fleet-agent-role +subjects: +- kind: ServiceAccount + name: fleet-agent + namespace: {{.Release.Namespace}} diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/secret.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/secret.yaml new file mode 100644 index 0000000000..4715882047 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}" + clusterNamespace: "{{b64enc .Values.clusterNamespace}}" + token: "{{b64enc .Values.token}}" + apiServerURL: "{{b64enc .Values.apiServerURL}}" + apiServerCA: "{{b64enc .Values.apiServerCA}}" +kind: Secret +metadata: + name: fleet-agent-bootstrap diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/serviceaccount.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/serviceaccount.yaml new file mode 100644 index 0000000000..73e27f0be9 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-agent diff --git a/charts/fleet-agent/102.2.3+up0.8.3/templates/validate.yaml b/charts/fleet-agent/102.2.3+up0.8.3/templates/validate.yaml new file mode 100644 index 0000000000..d53ff1c508 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/templates/validate.yaml @@ -0,0 +1,11 @@ +{{if ne .Release.Namespace .Values.internal.systemNamespace }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }} +{{end}} + +{{if ne .Release.Name .Values.internal.managedReleaseName }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }} +{{end}} + +{{if not .Values.apiServerURL }} +{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }} +{{end}} diff --git a/charts/fleet-agent/102.2.3+up0.8.3/values.yaml b/charts/fleet-agent/102.2.3+up0.8.3/values.yaml new file mode 100644 index 0000000000..40d4111a80 --- /dev/null +++ b/charts/fleet-agent/102.2.3+up0.8.3/values.yaml @@ -0,0 +1,63 @@ +image: + os: "windows,linux" + repository: rancher/fleet-agent + tag: v0.8.3 + +# The public URL of the Kubernetes API server running the Fleet Manager must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager. +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# The cluster registration value +token: "" + +# Labels to add to the cluster upon registration only. They are not added after the fact. +#labels: +# foo: bar + +# The client ID of the cluster to associate with +clientID: "" + +# The namespace of the cluster we are register with +clusterNamespace: "" + +# The namespace containing the clusters registration secrets +systemRegistrationNamespace: cattle-fleet-clusters-system + +# Please do not change the below setting unless you really know what you are doing +internal: + systemNamespace: cattle-fleet-system + managedReleaseName: fleet-agent + +# The nodeSelector and tolerations for the agent deployment +fleetAgent: + ## Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## List of node taints to tolerate (requires Kubernetes >= 1.6) + tolerations: [] +kubectl: + ## Node labels for pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## List of node taints to tolerate (requires Kubernetes >= 1.6) + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + operator: "Equal" + value: "true" + effect: NoSchedule + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.21.5 + +debug: false +debugLevel: 0 diff --git a/charts/fleet-crd/102.2.3+up0.8.3/Chart.yaml b/charts/fleet-crd/102.2.3+up0.8.3/Chart.yaml new file mode 100644 index 0000000000..5edd5ed478 --- /dev/null +++ b/charts/fleet-crd/102.2.3+up0.8.3/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: fleet-crd +apiVersion: v2 +appVersion: 0.8.3 +description: Fleet Manager CustomResourceDefinitions +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet-crd +version: 102.2.3+up0.8.3 diff --git a/charts/fleet-crd/102.2.3+up0.8.3/README.md b/charts/fleet-crd/102.2.3+up0.8.3/README.md new file mode 100644 index 0000000000..2452ab2f1f --- /dev/null +++ b/charts/fleet-crd/102.2.3+up0.8.3/README.md @@ -0,0 +1,5 @@ +# Fleet CRD Helm Chart + +Fleet Manager CustomResourceDefinitions Helm chart is a requirement for the Fleet Helm Chart. + +The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/). \ No newline at end of file diff --git a/charts/fleet-crd/102.2.3+up0.8.3/templates/crds.yaml b/charts/fleet-crd/102.2.3+up0.8.3/templates/crds.yaml new file mode 100644 index 0000000000..9bda897477 --- /dev/null +++ b/charts/fleet-crd/102.2.3+up0.8.3/templates/crds.yaml @@ -0,0 +1,3453 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundles.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Bundle + plural: bundles + singular: bundle + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyClusters + name: BundleDeployments-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + defaultNamespace: + nullable: true + type: string + dependsOn: + items: + properties: + name: + nullable: true + type: string + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + nullable: true + type: array + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + atomic: + type: boolean + chart: + nullable: true + type: string + disablePreProcess: + type: boolean + force: + type: boolean + maxHistory: + type: integer + releaseName: + maxLength: 53 + nullable: true + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + waitForJobs: + type: boolean + type: object + ignore: + properties: + conditions: + items: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nullable: true + type: array + type: object + keepResources: + type: boolean + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + namespaceAnnotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + namespaceLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + paused: + type: boolean + resources: + items: + properties: + content: + nullable: true + type: string + encoding: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + rolloutStrategy: + nullable: true + properties: + autoPartitionSize: + nullable: true + type: string + maxUnavailable: + nullable: true + type: string + maxUnavailablePartitions: + nullable: true + type: string + partitions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + maxUnavailable: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + serviceAccount: + nullable: true + type: string + targetRestrictions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + doNotDeploy: + type: boolean + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + atomic: + type: boolean + chart: + nullable: true + type: string + disablePreProcess: + type: boolean + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + waitForJobs: + type: boolean + type: object + ignore: + properties: + conditions: + items: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nullable: true + type: array + type: object + keepResources: + type: boolean + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + name: + nullable: true + type: string + namespace: + nullable: true + type: string + namespaceAnnotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + namespaceLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + nullable: true + type: array + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + maxNew: + type: integer + maxUnavailable: + type: integer + maxUnavailablePartitions: + type: integer + newlyCreated: + type: integer + observedGeneration: + type: integer + partitions: + items: + properties: + count: + type: integer + maxUnavailable: + type: integer + name: + nullable: true + type: string + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + type: object + nullable: true + type: array + resourceKey: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + unavailablePartitions: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundledeployments.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: BundleDeployment + plural: bundledeployments + singular: bundledeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.deployed + name: Deployed + type: string + - jsonPath: .status.display.monitored + name: Monitored + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + dependsOn: + items: + properties: + name: + nullable: true + type: string + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + nullable: true + type: array + deploymentID: + nullable: true + type: string + options: + properties: + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + atomic: + type: boolean + chart: + nullable: true + type: string + disablePreProcess: + type: boolean + force: + type: boolean + maxHistory: + type: integer + releaseName: + maxLength: 53 + nullable: true + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + waitForJobs: + type: boolean + type: object + ignore: + properties: + conditions: + items: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nullable: true + type: array + type: object + keepResources: + type: boolean + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + namespaceAnnotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + namespaceLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + paused: + type: boolean + stagedDeploymentID: + nullable: true + type: string + stagedOptions: + properties: + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + atomic: + type: boolean + chart: + nullable: true + type: string + disablePreProcess: + type: boolean + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + waitForJobs: + type: boolean + type: object + ignore: + properties: + conditions: + items: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nullable: true + type: array + type: object + keepResources: + type: boolean + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + namespaceAnnotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + namespaceLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + type: object + status: + properties: + appliedDeploymentID: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + deployed: + nullable: true + type: string + monitored: + nullable: true + type: string + state: + nullable: true + type: string + type: object + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + nonModified: + type: boolean + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + ready: + type: boolean + release: + nullable: true + type: string + resources: + items: + properties: + apiVersion: + nullable: true + type: string + createdAt: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + nullable: true + type: array + syncGeneration: + nullable: true + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundlenamespacemappings.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: BundleNamespaceMapping + plural: bundlenamespacemappings + singular: bundlenamespacemapping + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + bundleSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustergroups.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: ClusterGroup + plural: clustergroups + singular: clustergroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyClusters + name: Clusters-Ready + type: string + - jsonPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + status: + properties: + clusterCount: + type: integer + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyBundles: + nullable: true + type: string + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + nonReadyClusterCount: + type: integer + nonReadyClusters: + items: + nullable: true + type: string + nullable: true + type: array + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusters.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Cluster + plural: clusters + singular: cluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - jsonPath: .status.display.readyNodes + name: Nodes-Ready + type: string + - jsonPath: .status.display.sampleNode + name: Sample-Node + type: string + - jsonPath: .status.agent.lastSeen + name: Last-Seen + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + metadata: + properties: + name: + maxLength: 63 + pattern: ^[-a-z0-9]+$ + type: string + type: object + spec: + properties: + agentAffinity: + nullable: true + properties: + nodeAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + nullable: true + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + type: object + podAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + podAntiAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + type: object + agentEnvVars: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + agentNamespace: + nullable: true + type: string + agentResources: + nullable: true + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + agentTolerations: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + operator: + nullable: true + type: string + tolerationSeconds: + maximum: 86400 + nullable: true + type: integer + value: + nullable: true + type: string + type: object + nullable: true + type: array + clientID: + nullable: true + type: string + kubeConfigSecret: + nullable: true + type: string + paused: + type: boolean + privateRepoURL: + nullable: true + type: string + redeployAgentGeneration: + type: integer + templateValues: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + agent: + properties: + lastSeen: + nullable: true + type: string + namespace: + nullable: true + type: string + nonReadyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + nonReadyNodes: + type: integer + readyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + readyNodes: + type: integer + type: object + agentAffinityHash: + nullable: true + type: string + agentConfigChanged: + type: boolean + agentDeployedGeneration: + nullable: true + type: integer + agentEnvVarsHash: + nullable: true + type: string + agentMigrated: + type: boolean + agentNamespaceMigrated: + type: boolean + agentPrivateRepoURL: + nullable: true + type: string + agentResourcesHash: + nullable: true + type: string + agentTolerationsHash: + nullable: true + type: string + apiServerCAHash: + nullable: true + type: string + apiServerURL: + nullable: true + type: string + cattleNamespaceMigrated: + type: boolean + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyGitRepos: + type: integer + display: + properties: + readyBundles: + nullable: true + type: string + readyNodes: + nullable: true + type: string + sampleNode: + nullable: true + type: string + state: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + readyGitRepos: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrationtokens.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: ClusterRegistrationToken + plural: clusterregistrationtokens + singular: clusterregistrationtoken + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.secretName + name: Secret-Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + metadata: + properties: + name: + maxLength: 63 + pattern: ^[-a-z0-9]+$ + type: string + type: object + spec: + properties: + ttl: + nullable: true + type: string + type: object + status: + properties: + expires: + nullable: true + type: string + secretName: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitrepos.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: GitRepo + plural: gitrepos + singular: gitrepo + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.repo + name: Repo + type: string + - jsonPath: .status.commit + name: Commit + type: string + - jsonPath: .status.display.readyBundleDeployments + name: BundleDeployments-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + correctDrift: + properties: + enabled: + type: boolean + force: + type: boolean + keepFailHistory: + type: boolean + type: object + forceSyncGeneration: + type: integer + helmRepoURLRegex: + nullable: true + type: string + helmSecretName: + nullable: true + type: string + helmSecretNameForPaths: + nullable: true + type: string + imageScanCommit: + properties: + authorEmail: + nullable: true + type: string + authorName: + nullable: true + type: string + messageTemplate: + nullable: true + type: string + type: object + imageScanInterval: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + keepResources: + type: boolean + paths: + items: + nullable: true + type: string + nullable: true + type: array + paused: + type: boolean + pollingInterval: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + targetNamespace: + nullable: true + type: string + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyClusters: + type: integer + display: + properties: + error: + type: boolean + message: + nullable: true + type: string + readyBundleDeployments: + nullable: true + type: string + state: + nullable: true + type: string + type: object + gitJobStatus: + nullable: true + type: string + lastSyncedImageScanTime: + nullable: true + type: string + observedGeneration: + type: integer + readyClusters: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + resourceErrors: + items: + nullable: true + type: string + nullable: true + type: array + resources: + items: + properties: + apiVersion: + nullable: true + type: string + error: + type: boolean + id: + nullable: true + type: string + incompleteState: + type: boolean + kind: + nullable: true + type: string + message: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + perClusterState: + items: + properties: + clusterId: + nullable: true + type: string + error: + type: boolean + message: + nullable: true + type: string + patch: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrations.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: ClusterRegistration + plural: clusterregistrations + singular: clusterregistration + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.clusterName + name: Cluster-Name + type: string + - jsonPath: .spec.clusterLabels + name: Labels + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + clientID: + nullable: true + type: string + clientRandom: + nullable: true + type: string + clusterLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + status: + properties: + clusterName: + nullable: true + type: string + granted: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitreporestrictions.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: GitRepoRestriction + plural: gitreporestrictions + singular: gitreporestriction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .defaultServiceAccount + name: Default-ServiceAccount + type: string + - jsonPath: .allowedServiceAccounts + name: Allowed-ServiceAccounts + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + allowedClientSecretNames: + items: + nullable: true + type: string + nullable: true + type: array + allowedRepoPatterns: + items: + nullable: true + type: string + nullable: true + type: array + allowedServiceAccounts: + items: + nullable: true + type: string + nullable: true + type: array + allowedTargetNamespaces: + items: + nullable: true + type: string + nullable: true + type: array + defaultClientSecretName: + nullable: true + type: string + defaultServiceAccount: + nullable: true + type: string + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: contents.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Content + plural: contents + singular: content + preserveUnknownFields: false + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + content: + nullable: true + type: string + type: object + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: imagescans.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: ImageScan + plural: imagescans + singular: imagescan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.image + name: Repository + type: string + - jsonPath: .status.latestTag + name: Latest + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + gitrepoName: + nullable: true + type: string + image: + nullable: true + type: string + interval: + nullable: true + type: string + policy: + properties: + alphabetical: + nullable: true + properties: + order: + nullable: true + type: string + type: object + semver: + nullable: true + properties: + range: + nullable: true + type: string + type: object + type: object + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + suspend: + type: boolean + tagName: + nullable: true + type: string + type: object + status: + properties: + canonicalImageName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + lastScanTime: + nullable: true + type: string + latestDigest: + nullable: true + type: string + latestImage: + nullable: true + type: string + latestTag: + nullable: true + type: string + observedGeneration: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/fleet-crd/102.2.3+up0.8.3/templates/gitjobs-crds.yaml b/charts/fleet-crd/102.2.3+up0.8.3/templates/gitjobs-crds.yaml new file mode 100644 index 0000000000..bf6fb789e0 --- /dev/null +++ b/charts/fleet-crd/102.2.3+up0.8.3/templates/gitjobs-crds.yaml @@ -0,0 +1,7714 @@ +{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitjobs.gitjob.cattle.io +spec: + group: gitjob.cattle.io + names: + kind: GitJob + plural: gitjobs + singular: gitjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.git.repo + name: REPO + type: string + - jsonPath: .spec.git.branch + name: BRANCH + type: string + - jsonPath: .status.commit + name: COMMIT + type: string + - jsonPath: .status.jobStatus + name: JOBSTATUS + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + forceUpdateGeneration: + type: integer + git: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + onTag: + nullable: true + type: string + provider: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + jobSpec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + backoffLimit: + nullable: true + type: integer + completionMode: + nullable: true + type: string + completions: + nullable: true + type: integer + manualSelector: + nullable: true + type: boolean + parallelism: + nullable: true + type: integer + podFailurePolicy: + nullable: true + properties: + rules: + items: + properties: + action: + nullable: true + type: string + onExitCodes: + nullable: true + properties: + containerName: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + type: integer + nullable: true + type: array + type: object + onPodConditions: + items: + properties: + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + suspend: + nullable: true + type: boolean + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + subresource: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + affinity: + nullable: true + properties: + nodeAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + nullable: true + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + type: object + podAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + podAntiAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + type: object + automountServiceAccountToken: + nullable: true + type: boolean + containers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + dnsConfig: + nullable: true + properties: + nameservers: + items: + nullable: true + type: string + nullable: true + type: array + options: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + searches: + items: + nullable: true + type: string + nullable: true + type: array + type: object + dnsPolicy: + nullable: true + type: string + enableServiceLinks: + nullable: true + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + nullable: true + type: string + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + hostAliases: + items: + properties: + hostnames: + items: + nullable: true + type: string + nullable: true + type: array + ip: + nullable: true + type: string + type: object + nullable: true + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + nullable: true + type: boolean + hostname: + nullable: true + type: string + imagePullSecrets: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + initContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + nodeName: + nullable: true + type: string + nodeSelector: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + os: + nullable: true + properties: + name: + nullable: true + type: string + type: object + overhead: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + preemptionPolicy: + nullable: true + type: string + priority: + nullable: true + type: integer + priorityClassName: + nullable: true + type: string + readinessGates: + items: + properties: + conditionType: + nullable: true + type: string + type: object + nullable: true + type: array + resourceClaims: + items: + properties: + name: + nullable: true + type: string + source: + properties: + resourceClaimName: + nullable: true + type: string + resourceClaimTemplateName: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + restartPolicy: + nullable: true + type: string + runtimeClassName: + nullable: true + type: string + schedulerName: + nullable: true + type: string + schedulingGates: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + securityContext: + nullable: true + properties: + fsGroup: + nullable: true + type: integer + fsGroupChangePolicy: + nullable: true + type: string + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + supplementalGroups: + items: + type: integer + nullable: true + type: array + sysctls: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + serviceAccount: + nullable: true + type: string + serviceAccountName: + nullable: true + type: string + setHostnameAsFQDN: + nullable: true + type: boolean + shareProcessNamespace: + nullable: true + type: boolean + subdomain: + nullable: true + type: string + terminationGracePeriodSeconds: + nullable: true + type: integer + tolerations: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + operator: + nullable: true + type: string + tolerationSeconds: + nullable: true + type: integer + value: + nullable: true + type: string + type: object + nullable: true + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + matchLabelKeys: + items: + nullable: true + type: string + nullable: true + type: array + maxSkew: + type: integer + minDomains: + nullable: true + type: integer + nodeAffinityPolicy: + nullable: true + type: string + nodeTaintsPolicy: + nullable: true + type: string + topologyKey: + nullable: true + type: string + whenUnsatisfiable: + nullable: true + type: string + type: object + nullable: true + type: array + volumes: + items: + properties: + awsElasticBlockStore: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + azureDisk: + nullable: true + properties: + cachingMode: + nullable: true + type: string + diskName: + nullable: true + type: string + diskURI: + nullable: true + type: string + fsType: + nullable: true + type: string + kind: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + type: object + azureFile: + nullable: true + properties: + readOnly: + type: boolean + secretName: + nullable: true + type: string + shareName: + nullable: true + type: string + type: object + cephfs: + nullable: true + properties: + monitors: + items: + nullable: true + type: string + nullable: true + type: array + path: + nullable: true + type: string + readOnly: + type: boolean + secretFile: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + cinder: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeID: + nullable: true + type: string + type: object + configMap: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + csi: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + nodePublishSecretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + readOnly: + nullable: true + type: boolean + volumeAttributes: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + downwardAPI: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + emptyDir: + nullable: true + properties: + medium: + nullable: true + type: string + sizeLimit: + nullable: true + type: string + type: object + ephemeral: + nullable: true + properties: + volumeClaimTemplate: + nullable: true + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + subresource: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + accessModes: + items: + nullable: true + type: string + nullable: true + type: array + dataSource: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + type: object + dataSourceRef: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + storageClassName: + nullable: true + type: string + volumeMode: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + type: object + type: object + fc: + nullable: true + properties: + fsType: + nullable: true + type: string + lun: + nullable: true + type: integer + readOnly: + type: boolean + targetWWNs: + items: + nullable: true + type: string + nullable: true + type: array + wwids: + items: + nullable: true + type: string + nullable: true + type: array + type: object + flexVolume: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + options: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + type: object + flocker: + nullable: true + properties: + datasetName: + nullable: true + type: string + datasetUUID: + nullable: true + type: string + type: object + gcePersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + pdName: + nullable: true + type: string + readOnly: + type: boolean + type: object + gitRepo: + nullable: true + properties: + directory: + nullable: true + type: string + repository: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + glusterfs: + nullable: true + properties: + endpoints: + nullable: true + type: string + path: + nullable: true + type: string + readOnly: + type: boolean + type: object + hostPath: + nullable: true + properties: + path: + nullable: true + type: string + type: + nullable: true + type: string + type: object + iscsi: + nullable: true + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + nullable: true + type: string + initiatorName: + nullable: true + type: string + iqn: + nullable: true + type: string + iscsiInterface: + nullable: true + type: string + lun: + type: integer + portals: + items: + nullable: true + type: string + nullable: true + type: array + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + targetPortal: + nullable: true + type: string + type: object + name: + nullable: true + type: string + nfs: + nullable: true + properties: + path: + nullable: true + type: string + readOnly: + type: boolean + server: + nullable: true + type: string + type: object + persistentVolumeClaim: + nullable: true + properties: + claimName: + nullable: true + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + pdID: + nullable: true + type: string + type: object + portworxVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + projected: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + sources: + items: + properties: + configMap: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + downwardAPI: + nullable: true + properties: + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + secret: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + serviceAccountToken: + nullable: true + properties: + audience: + nullable: true + type: string + expirationSeconds: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + quobyte: + nullable: true + properties: + group: + nullable: true + type: string + readOnly: + type: boolean + registry: + nullable: true + type: string + tenant: + nullable: true + type: string + user: + nullable: true + type: string + volume: + nullable: true + type: string + type: object + rbd: + nullable: true + properties: + fsType: + nullable: true + type: string + image: + nullable: true + type: string + keyring: + nullable: true + type: string + monitors: + items: + nullable: true + type: string + nullable: true + type: array + pool: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + scaleIO: + nullable: true + properties: + fsType: + nullable: true + type: string + gateway: + nullable: true + type: string + protectionDomain: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + sslEnabled: + type: boolean + storageMode: + nullable: true + type: string + storagePool: + nullable: true + type: string + system: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + secret: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + optional: + nullable: true + type: boolean + secretName: + nullable: true + type: string + type: object + storageos: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeName: + nullable: true + type: string + volumeNamespace: + nullable: true + type: string + type: object + vsphereVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + storagePolicyID: + nullable: true + type: string + storagePolicyName: + nullable: true + type: string + volumePath: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + type: object + ttlSecondsAfterFinished: + nullable: true + type: integer + type: object + syncInterval: + type: integer + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + event: + nullable: true + type: string + hookId: + nullable: true + type: string + jobStatus: + nullable: true + type: string + lastExecutedCommit: + nullable: true + type: string + lastSyncedTime: + nullable: true + type: string + observedGeneration: + type: integer + secretToken: + nullable: true + type: string + updateGeneration: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- else -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitjobs.gitjob.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.git.repo + name: REPO + type: string + - JSONPath: .spec.git.branch + name: BRANCH + type: string + - JSONPath: .status.commit + name: COMMIT + type: string + - JSONPath: .status.jobStatus + name: JOBSTATUS + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: gitjob.cattle.io + names: + kind: GitJob + plural: gitjobs + singular: gitjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + forceUpdateGeneration: + type: integer + git: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + onTag: + nullable: true + type: string + provider: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + jobSpec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + backoffLimit: + nullable: true + type: integer + completionMode: + nullable: true + type: string + completions: + nullable: true + type: integer + manualSelector: + nullable: true + type: boolean + parallelism: + nullable: true + type: integer + podFailurePolicy: + nullable: true + properties: + rules: + items: + properties: + action: + nullable: true + type: string + onExitCodes: + nullable: true + properties: + containerName: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + type: integer + nullable: true + type: array + type: object + onPodConditions: + items: + properties: + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + suspend: + nullable: true + type: boolean + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + subresource: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + affinity: + nullable: true + properties: + nodeAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + nullable: true + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + type: object + podAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + podAntiAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + type: object + automountServiceAccountToken: + nullable: true + type: boolean + containers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + dnsConfig: + nullable: true + properties: + nameservers: + items: + nullable: true + type: string + nullable: true + type: array + options: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + searches: + items: + nullable: true + type: string + nullable: true + type: array + type: object + dnsPolicy: + nullable: true + type: string + enableServiceLinks: + nullable: true + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + nullable: true + type: string + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + hostAliases: + items: + properties: + hostnames: + items: + nullable: true + type: string + nullable: true + type: array + ip: + nullable: true + type: string + type: object + nullable: true + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + nullable: true + type: boolean + hostname: + nullable: true + type: string + imagePullSecrets: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + initContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + nullable: true + type: string + restartPolicy: + nullable: true + type: string + type: object + nullable: true + type: array + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + grpc: + nullable: true + properties: + port: + type: integer + service: + nullable: true + type: string + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + terminationGracePeriodSeconds: + nullable: true + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + nodeName: + nullable: true + type: string + nodeSelector: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + os: + nullable: true + properties: + name: + nullable: true + type: string + type: object + overhead: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + preemptionPolicy: + nullable: true + type: string + priority: + nullable: true + type: integer + priorityClassName: + nullable: true + type: string + readinessGates: + items: + properties: + conditionType: + nullable: true + type: string + type: object + nullable: true + type: array + resourceClaims: + items: + properties: + name: + nullable: true + type: string + source: + properties: + resourceClaimName: + nullable: true + type: string + resourceClaimTemplateName: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + restartPolicy: + nullable: true + type: string + runtimeClassName: + nullable: true + type: string + schedulerName: + nullable: true + type: string + schedulingGates: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + securityContext: + nullable: true + properties: + fsGroup: + nullable: true + type: integer + fsGroupChangePolicy: + nullable: true + type: string + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + supplementalGroups: + items: + type: integer + nullable: true + type: array + sysctls: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + hostProcess: + nullable: true + type: boolean + runAsUserName: + nullable: true + type: string + type: object + type: object + serviceAccount: + nullable: true + type: string + serviceAccountName: + nullable: true + type: string + setHostnameAsFQDN: + nullable: true + type: boolean + shareProcessNamespace: + nullable: true + type: boolean + subdomain: + nullable: true + type: string + terminationGracePeriodSeconds: + nullable: true + type: integer + tolerations: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + operator: + nullable: true + type: string + tolerationSeconds: + nullable: true + type: integer + value: + nullable: true + type: string + type: object + nullable: true + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + matchLabelKeys: + items: + nullable: true + type: string + nullable: true + type: array + maxSkew: + type: integer + minDomains: + nullable: true + type: integer + nodeAffinityPolicy: + nullable: true + type: string + nodeTaintsPolicy: + nullable: true + type: string + topologyKey: + nullable: true + type: string + whenUnsatisfiable: + nullable: true + type: string + type: object + nullable: true + type: array + volumes: + items: + properties: + awsElasticBlockStore: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + azureDisk: + nullable: true + properties: + cachingMode: + nullable: true + type: string + diskName: + nullable: true + type: string + diskURI: + nullable: true + type: string + fsType: + nullable: true + type: string + kind: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + type: object + azureFile: + nullable: true + properties: + readOnly: + type: boolean + secretName: + nullable: true + type: string + shareName: + nullable: true + type: string + type: object + cephfs: + nullable: true + properties: + monitors: + items: + nullable: true + type: string + nullable: true + type: array + path: + nullable: true + type: string + readOnly: + type: boolean + secretFile: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + cinder: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeID: + nullable: true + type: string + type: object + configMap: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + csi: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + nodePublishSecretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + readOnly: + nullable: true + type: boolean + volumeAttributes: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + downwardAPI: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + emptyDir: + nullable: true + properties: + medium: + nullable: true + type: string + sizeLimit: + nullable: true + type: string + type: object + ephemeral: + nullable: true + properties: + volumeClaimTemplate: + nullable: true + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + subresource: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + accessModes: + items: + nullable: true + type: string + nullable: true + type: array + dataSource: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + type: object + dataSourceRef: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + resources: + properties: + claims: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + storageClassName: + nullable: true + type: string + volumeMode: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + type: object + type: object + fc: + nullable: true + properties: + fsType: + nullable: true + type: string + lun: + nullable: true + type: integer + readOnly: + type: boolean + targetWWNs: + items: + nullable: true + type: string + nullable: true + type: array + wwids: + items: + nullable: true + type: string + nullable: true + type: array + type: object + flexVolume: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + options: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + type: object + flocker: + nullable: true + properties: + datasetName: + nullable: true + type: string + datasetUUID: + nullable: true + type: string + type: object + gcePersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + pdName: + nullable: true + type: string + readOnly: + type: boolean + type: object + gitRepo: + nullable: true + properties: + directory: + nullable: true + type: string + repository: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + glusterfs: + nullable: true + properties: + endpoints: + nullable: true + type: string + path: + nullable: true + type: string + readOnly: + type: boolean + type: object + hostPath: + nullable: true + properties: + path: + nullable: true + type: string + type: + nullable: true + type: string + type: object + iscsi: + nullable: true + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + nullable: true + type: string + initiatorName: + nullable: true + type: string + iqn: + nullable: true + type: string + iscsiInterface: + nullable: true + type: string + lun: + type: integer + portals: + items: + nullable: true + type: string + nullable: true + type: array + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + targetPortal: + nullable: true + type: string + type: object + name: + nullable: true + type: string + nfs: + nullable: true + properties: + path: + nullable: true + type: string + readOnly: + type: boolean + server: + nullable: true + type: string + type: object + persistentVolumeClaim: + nullable: true + properties: + claimName: + nullable: true + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + pdID: + nullable: true + type: string + type: object + portworxVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + projected: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + sources: + items: + properties: + configMap: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + downwardAPI: + nullable: true + properties: + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + secret: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + serviceAccountToken: + nullable: true + properties: + audience: + nullable: true + type: string + expirationSeconds: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + quobyte: + nullable: true + properties: + group: + nullable: true + type: string + readOnly: + type: boolean + registry: + nullable: true + type: string + tenant: + nullable: true + type: string + user: + nullable: true + type: string + volume: + nullable: true + type: string + type: object + rbd: + nullable: true + properties: + fsType: + nullable: true + type: string + image: + nullable: true + type: string + keyring: + nullable: true + type: string + monitors: + items: + nullable: true + type: string + nullable: true + type: array + pool: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + scaleIO: + nullable: true + properties: + fsType: + nullable: true + type: string + gateway: + nullable: true + type: string + protectionDomain: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + sslEnabled: + type: boolean + storageMode: + nullable: true + type: string + storagePool: + nullable: true + type: string + system: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + secret: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + optional: + nullable: true + type: boolean + secretName: + nullable: true + type: string + type: object + storageos: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeName: + nullable: true + type: string + volumeNamespace: + nullable: true + type: string + type: object + vsphereVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + storagePolicyID: + nullable: true + type: string + storagePolicyName: + nullable: true + type: string + volumePath: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + type: object + ttlSecondsAfterFinished: + nullable: true + type: integer + type: object + syncInterval: + type: integer + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + event: + nullable: true + type: string + hookId: + nullable: true + type: string + jobStatus: + nullable: true + type: string + lastExecutedCommit: + nullable: true + type: string + lastSyncedTime: + nullable: true + type: string + observedGeneration: + type: integer + secretToken: + nullable: true + type: string + updateGeneration: + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +{{- end -}} diff --git a/charts/fleet-crd/102.2.3+up0.8.3/values.yaml b/charts/fleet-crd/102.2.3+up0.8.3/values.yaml new file mode 100644 index 0000000000..d41d3a2444 --- /dev/null +++ b/charts/fleet-crd/102.2.3+up0.8.3/values.yaml @@ -0,0 +1 @@ +# This file is intentionally empty diff --git a/charts/fleet/102.2.3+up0.8.3/Chart.yaml b/charts/fleet/102.2.3+up0.8.3/Chart.yaml new file mode 100644 index 0000000000..5b3ccb54b3 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.8.3 +dependencies: +- condition: gitops.enabled + name: gitjob + repository: file://./charts/gitjob +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 102.2.3+up0.8.3 diff --git a/charts/fleet/102.2.3+up0.8.3/README.md b/charts/fleet/102.2.3+up0.8.3/README.md new file mode 100644 index 0000000000..2f2a4c302a --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/README.md @@ -0,0 +1,30 @@ +# Fleet Helm Chart + +Fleet is GitOps at scale. Fleet is designed to manage multiple clusters. + +## What is Fleet? + +* Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster. + +* Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters. + +## Introduction + +This chart deploys Fleet on a Kubernetes cluster. It also deploys some of its dependencies as subcharts. + +The documentation is centralized in the [doc website](https://fleet.rancher.io/). + +## Prerequisites + +Get helm if you don't have it. Helm 3 is just a CLI. + + +## Install Fleet + +Install the Fleet Helm charts (there are two because we separate out CRDs for ultimate flexibility.): + +``` +$ helm repo add fleet https://rancher.github.io/fleet-helm-charts/ +$ helm -n cattle-fleet-system install --create-namespace --wait fleet-crd fleet/fleet-crd +$ helm -n cattle-fleet-system install --create-namespace --wait fleet fleet/fleet +``` \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/.helmignore b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/.helmignore new file mode 100644 index 0000000000..691fa13d6a --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/Chart.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/Chart.yaml new file mode 100644 index 0000000000..340e8190a7 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.8.3 +description: Controller that run jobs based on git events +name: gitjob +version: 0.8.3 diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/_helpers.tpl b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/_helpers.tpl new file mode 100644 index 0000000000..f652b5643d --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrole.yaml new file mode 100644 index 0000000000..bcad90164f --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..0bf07c4ef8 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/deployment.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/deployment.yaml new file mode 100644 index 0000000000..e7bbe5f20a --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + args: + {{- if .Values.debug }} + - --debug + {{- end }} + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- if .Values.debug }} + - name: CATTLE_DEV_MODE + value: "true" + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/leases.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/leases.yaml new file mode 100644 index 0000000000..51f9339509 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/leases.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gitjob +rules: + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gitjob +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/service.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/service.yaml new file mode 100644 index 0000000000..bf57c1b55c --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/serviceaccount.yaml new file mode 100644 index 0000000000..5f8aecb045 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/charts/fleet/102.2.3+up0.8.3/charts/gitjob/values.yaml b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/values.yaml new file mode 100644 index 0000000000..2506ccb16a --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/charts/gitjob/values.yaml @@ -0,0 +1,31 @@ +gitjob: + repository: rancher/gitjob + tag: v0.8.3 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.37 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +# PriorityClassName assigned to deployment. +priorityClassName: "" + +debug: false diff --git a/charts/fleet/102.2.3+up0.8.3/templates/_helpers.tpl b/charts/fleet/102.2.3+up0.8.3/templates/_helpers.tpl new file mode 100644 index 0000000000..6cd96c3ace --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/102.2.3+up0.8.3/templates/configmap.yaml b/charts/fleet/102.2.3+up0.8.3/templates/configmap.yaml new file mode 100644 index 0000000000..07f1b5924d --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "systemDefaultRegistry": "{{ template "system_default_registry" . }}", + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + "agentNamespace": "{{.Values.bootstrap.agentNamespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/charts/fleet/102.2.3+up0.8.3/templates/deployment.yaml b/charts/fleet/102.2.3+up0.8.3/templates/deployment.yaml new file mode 100644 index 0000000000..164340c444 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/deployment.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: FLEET_PROPAGATE_DEBUG_SETTINGS_TO_AGENTS + value: {{ quote .Values.propagateDebugSettingsToAgents }} + {{- if .Values.clusterEnqueueDelay }} + - name: FLEET_CLUSTER_ENQUEUE_DELAY + value: {{ .Values.clusterEnqueueDelay }} + {{- end }} + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- if .Values.cpuPprof }} + - name: FLEET_CPU_PPROF_DIR + value: /tmp/pprof/ + {{- end }} + {{- if .Values.cpuPprof }} + - name: FLEET_CPU_PPROF_PERIOD + value: {{ quote .Values.cpuPprof.period }} + {{- end }} + {{- if .Values.debug }} + - name: CATTLE_DEV_MODE + value: "true" + {{- end }} + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + command: + - fleetcontroller + {{- if not .Values.gitops.enabled }} + - --disable-gitops + {{- end }} + {{- if not .Values.bootstrap.enabled }} + - --disable-bootstrap + {{- end }} + {{- if .Values.debug }} + - --debug + - --debug-level + - {{ quote .Values.debugLevel }} + {{- else }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + {{- end }} + volumeMounts: + - mountPath: /tmp + name: tmp + {{- if .Values.cpuPprof }} + - mountPath: /tmp/pprof + name: pprof + {{- end }} + volumes: + - name: tmp + emptyDir: {} + {{- if .Values.cpuPprof }} + - name: pprof {{ toYaml .Values.cpuPprof.volumeConfiguration | nindent 10 }} + {{- end }} + + serviceAccountName: fleet-controller + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + +{{- if not .Values.debug }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 +{{- end }} diff --git a/charts/fleet/102.2.3+up0.8.3/templates/job_cleanup_clusterregistrations.yaml b/charts/fleet/102.2.3+up0.8.3/templates/job_cleanup_clusterregistrations.yaml new file mode 100644 index 0000000000..fa59cc575f --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/job_cleanup_clusterregistrations.yaml @@ -0,0 +1,29 @@ +{{- if .Values.migrations.clusterRegistrationCleanup }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: fleet-cleanup-clusterregistrations + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + metadata: + labels: + app: fleet-job + spec: + serviceAccountName: fleet-controller + restartPolicy: Never + containers: + - name: cleanup + image: "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: + - fleet + args: + - cleanup + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + backoffLimit: 1 +{{- end }} diff --git a/charts/fleet/102.2.3+up0.8.3/templates/rbac.yaml b/charts/fleet/102.2.3+up0.8.3/templates/rbac.yaml new file mode 100644 index 0000000000..361d68c08b --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/rbac.yaml @@ -0,0 +1,114 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +{{- if .Values.bootstrap.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} +{{- end }} diff --git a/charts/fleet/102.2.3+up0.8.3/templates/serviceaccount.yaml b/charts/fleet/102.2.3+up0.8.3/templates/serviceaccount.yaml new file mode 100644 index 0000000000..ba27c748d7 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +{{- if .Values.bootstrap.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap +{{- end }} diff --git a/charts/fleet/102.2.3+up0.8.3/values.yaml b/charts/fleet/102.2.3+up0.8.3/values.yaml new file mode 100644 index 0000000000..b6c70625b6 --- /dev/null +++ b/charts/fleet/102.2.3+up0.8.3/values.yaml @@ -0,0 +1,83 @@ +image: + repository: rancher/fleet + tag: v0.8.3 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.8.3 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +# Counts from gitrepo are out of sync with bundleDeployment state. +# Just retry in a number of seconds as there is no great way to trigger an event that doesn't cause a loop. +# If not set default is 15 seconds. +# clusterEnqueueDelay: 120s + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +bootstrap: + enabled: true + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # The namespace where the fleet agent for the local cluster will be ran, if empty + # this will default to cattle-fleet-system + agentNamespace: "" + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, its configuration and all its downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + + +global: + cattle: + systemDefaultRegistry: "" + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" + +gitops: + enabled: true + +debug: false +debugLevel: 0 +propagateDebugSettingsToAgents: true + +## Optional CPU pprof configuration. Profiles are collected continuously and saved every period +## Any valid volume configuration can be provided, the example below uses hostPath +#cpuPprof: +# period: "60s" +# volumeConfiguration: +# hostPath: +# path: /tmp/pprof +# type: DirectoryOrCreate + +migrations: + clusterRegistrationCleanup: true diff --git a/index.yaml b/index.yaml index 80b421dee8..dd509f1a9e 100755 --- a/index.yaml +++ b/index.yaml @@ -676,6 +676,32 @@ entries: urls: - assets/fleet/fleet-103.1.0+up0.9.0.tgz version: 103.1.0+up0.9.0 + - annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: fleet + apiVersion: v2 + appVersion: 0.8.3 + created: "2024-04-01T16:07:33.581451935-03:00" + dependencies: + - condition: gitops.enabled + name: gitjob + repository: file://./charts/gitjob + description: Fleet Manager - GitOps at Scale + digest: 5aaba4ddce1280c3470652c3f725234b3c6f0f5925e440633083db9cac8dfd23 + icon: https://charts.rancher.io/assets/logos/fleet.svg + name: fleet + urls: + - assets/fleet/fleet-102.2.3+up0.8.3.tgz + version: 102.2.3+up0.8.3 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -1342,6 +1368,25 @@ entries: urls: - assets/fleet-agent/fleet-agent-103.1.0+up0.9.0.tgz version: 103.1.0+up0.9.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: fleet-agent + apiVersion: v2 + appVersion: 0.8.3 + created: "2024-04-01T16:06:46.885564528-03:00" + description: Fleet Manager Agent - GitOps at Scale + digest: 8bb517aa81af6aeeff884b576c710ea99c62a214a18fee8dd7f07eb507c8e5ca + icon: https://charts.rancher.io/assets/logos/fleet.svg + name: fleet-agent + urls: + - assets/fleet-agent/fleet-agent-102.2.3+up0.8.3.tgz + version: 102.2.3+up0.8.3 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1846,6 +1891,23 @@ entries: urls: - assets/fleet-crd/fleet-crd-103.1.0+up0.9.0.tgz version: 103.1.0+up0.9.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: fleet-crd + apiVersion: v2 + appVersion: 0.8.3 + created: "2024-04-01T16:07:10.574587658-03:00" + description: Fleet Manager CustomResourceDefinitions + digest: 98fbb1ef30f9a6b4f16a6de6be896eae2ea045a6fcafbf2b0382749a6182e335 + icon: https://charts.rancher.io/assets/logos/fleet.svg + name: fleet-crd + urls: + - assets/fleet-crd/fleet-crd-102.2.3+up0.8.3.tgz + version: 102.2.3+up0.8.3 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 1026ba2e3e..2d4c7d5c30 100644 --- a/release.yaml +++ b/release.yaml @@ -14,3 +14,9 @@ rancher-eks-operator: - 102.2.0+up1.2.3 rancher-eks-operator-crd: - 102.2.0+up1.2.3 +fleet: + - 102.2.3+up0.8.3 +fleet-agent: + - 102.2.3+up0.8.3 +fleet-crd: + - 102.2.3+up0.8.3