diff --git a/charts/community/.keep b/charts/community/.keep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/community/infinispan/infinispan/0.1.0/infinispan-0.1.0.tgz b/charts/community/infinispan/infinispan/0.1.0/infinispan-0.1.0.tgz deleted file mode 100644 index b2ff72c260..0000000000 Binary files a/charts/community/infinispan/infinispan/0.1.0/infinispan-0.1.0.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.2.0/infinispan-0.2.0.tgz b/charts/community/infinispan/infinispan/0.2.0/infinispan-0.2.0.tgz deleted file mode 100644 index 717a6e5028..0000000000 Binary files a/charts/community/infinispan/infinispan/0.2.0/infinispan-0.2.0.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.2.1/infinispan-0.2.1.tgz b/charts/community/infinispan/infinispan/0.2.1/infinispan-0.2.1.tgz deleted file mode 100644 index 0b912ba409..0000000000 Binary files a/charts/community/infinispan/infinispan/0.2.1/infinispan-0.2.1.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.2.2/infinispan-0.2.2.tgz b/charts/community/infinispan/infinispan/0.2.2/infinispan-0.2.2.tgz deleted file mode 100644 index 871a6540aa..0000000000 Binary files a/charts/community/infinispan/infinispan/0.2.2/infinispan-0.2.2.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.3.0/infinispan-0.3.0.tgz b/charts/community/infinispan/infinispan/0.3.0/infinispan-0.3.0.tgz deleted file mode 100644 index ab1ed65aa6..0000000000 Binary files a/charts/community/infinispan/infinispan/0.3.0/infinispan-0.3.0.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.3.1/infinispan-0.3.1.tgz b/charts/community/infinispan/infinispan/0.3.1/infinispan-0.3.1.tgz deleted file mode 100644 index f6b835397c..0000000000 Binary files a/charts/community/infinispan/infinispan/0.3.1/infinispan-0.3.1.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/0.3.2/infinispan-0.3.2.tgz b/charts/community/infinispan/infinispan/0.3.2/infinispan-0.3.2.tgz deleted file mode 100644 index a44b2eb021..0000000000 Binary files a/charts/community/infinispan/infinispan/0.3.2/infinispan-0.3.2.tgz and /dev/null differ diff --git a/charts/community/infinispan/infinispan/OWNERS b/charts/community/infinispan/infinispan/OWNERS deleted file mode 100644 index 056499a762..0000000000 --- a/charts/community/infinispan/infinispan/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: infinispan - shortDescription: This is the Infinispan chart -publicPgpKey: null -users: -- githubUsername: ryanemerson -vendor: - label: infinispan - name: Infinispan diff --git a/charts/community/janus-idp/backstage/2.0.1/backstage-2.0.1.tgz b/charts/community/janus-idp/backstage/2.0.1/backstage-2.0.1.tgz deleted file mode 100644 index dcc10ff71e..0000000000 Binary files a/charts/community/janus-idp/backstage/2.0.1/backstage-2.0.1.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/2.0.2/backstage-2.0.2.tgz b/charts/community/janus-idp/backstage/2.0.2/backstage-2.0.2.tgz deleted file mode 100644 index 51c39b93aa..0000000000 Binary files a/charts/community/janus-idp/backstage/2.0.2/backstage-2.0.2.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/2.0.3/backstage-2.0.3.tgz b/charts/community/janus-idp/backstage/2.0.3/backstage-2.0.3.tgz deleted file mode 100644 index e6edca2281..0000000000 Binary files a/charts/community/janus-idp/backstage/2.0.3/backstage-2.0.3.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/2.1.0/backstage-2.1.0.tgz b/charts/community/janus-idp/backstage/2.1.0/backstage-2.1.0.tgz deleted file mode 100644 index 46c8855a27..0000000000 Binary files a/charts/community/janus-idp/backstage/2.1.0/backstage-2.1.0.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/2.2.0/backstage-2.2.0.tgz b/charts/community/janus-idp/backstage/2.2.0/backstage-2.2.0.tgz deleted file mode 100644 index 0c45e6355d..0000000000 Binary files a/charts/community/janus-idp/backstage/2.2.0/backstage-2.2.0.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/2.4.0/backstage-2.4.0.tgz b/charts/community/janus-idp/backstage/2.4.0/backstage-2.4.0.tgz deleted file mode 100644 index ad77bf8a84..0000000000 Binary files a/charts/community/janus-idp/backstage/2.4.0/backstage-2.4.0.tgz and /dev/null differ diff --git a/charts/community/janus-idp/backstage/OWNERS b/charts/community/janus-idp/backstage/OWNERS deleted file mode 100644 index 1a1123a38c..0000000000 --- a/charts/community/janus-idp/backstage/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: backstage - shortDescription: A Helm chart for Backstage -publicPgpKey: null -users: - - githubUsername: sabre1041 - - githubUsername: tumido -vendor: - label: janus-idp - name: Janus IDP diff --git a/charts/community/redhat/dotnet/0.0.1/dotnet-0.0.1.tgz b/charts/community/redhat/dotnet/0.0.1/dotnet-0.0.1.tgz deleted file mode 100644 index 0277cad150..0000000000 Binary files a/charts/community/redhat/dotnet/0.0.1/dotnet-0.0.1.tgz and /dev/null differ diff --git a/charts/community/redhat/dotnet/0.0.1/report.yaml b/charts/community/redhat/dotnet/0.0.1/report.yaml deleted file mode 100644 index d8d8818b61..0000000000 --- a/charts/community/redhat/dotnet/0.0.1/report.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/dotnet-0.0.1.tgz - digest: sha256:483cb0144a3e7838e95da3a04a3df4178dc06b40fb4b3276e7c1c2a3b65555ff - digests: - chart: sha256:483cb0144a3e7838e95da3a04a3df4178dc06b40fb4b3276e7c1c2a3b65555ff - package: cd6f9d75d35e8a4f09695047aec97548a5404a1fb392ac9ad9f7e94194d1db34 - lastCertifiedTimestamp: "2021-07-09T21:58:18.976945+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: dotnet - home: "" - sources: [] - version: 0.0.1 - description: A Helm chart to build and deploy .NET applications - keywords: - - runtimes - - dotnet - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : testRelease:latest : Respository not - found: testRelease' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/community/redhat/dotnet/OWNERS b/charts/community/redhat/dotnet/OWNERS deleted file mode 100644 index 67f1e18068..0000000000 --- a/charts/community/redhat/dotnet/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: dotnet - shortDescription: This is the Red Hat DotNet chart -publicPgpKey: null -users: -- githubUsername: tmds -vendor: - label: redhat - name: Red Hat diff --git a/charts/community/redhat/gatekeeper/3.11.0/report.yaml b/charts/community/redhat/gatekeeper/3.11.0/report.yaml deleted file mode 100644 index aafbbba9cd..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/report.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: community - version: v1.2 - reportDigest: uint64:366159531824194231 - chart-uri: . - digests: - chart: sha256:5ac936bda5cbe721ee3253fafbd9f51b80ff96e0c2b6a6475da10459f8e8cbff - lastCertifiedTimestamp: "2023-04-20T13:00:34.695177-04:00" - testedOpenShiftVersion: N/A - supportedOpenShiftVersions: N/A - webCatalogOnly: false - chart: - name: gatekeeper - home: https://github.com/open-policy-agent/gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - version: 3.11.0 - description: A Helm chart for Gatekeeper - keywords: - - open policy agent - maintainers: [] - icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg - apiversion: v2 - condition: "" - tags: "" - appversion: v3.11.0 - deprecated: false - annotations: {} - kubeversion: "" - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Optional - outcome: FAIL - reason: 'Missing required annotations: [charts.openshift.io/name]' - - check: v1.0/signature-is-valid - type: Optional - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contain-csi-objects - type: Optional - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Optional - outcome: FAIL - reason: 'Chart Install failure: failed to install CRD crds/assign-customresourcedefinition.yaml: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "thomasmckay" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope' - - check: v1.0/has-readme - type: Optional - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Optional - outcome: FAIL - reason: Chart contains CRDs - - check: v1.1/has-kubeversion - type: Optional - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/contains-test - type: Optional - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/contains-values-schema - type: Optional - outcome: FAIL - reason: Values schema file does not exist - - check: v1.0/contains-values - type: Optional - outcome: PASS - reason: Values file exist - - check: v1.1/images-are-certified - type: Optional - outcome: SKIPPED - reason: 'Image certification skipped : registry.redhat.io/gatekeeper/gatekeeper-rhel8:v3.11' - - check: v1.0/is-helm-v3 - type: Optional - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/.helmignore b/charts/community/redhat/gatekeeper/3.11.0/src/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/Chart.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/Chart.yaml deleted file mode 100644 index e1b5ac3b55..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -description: A Helm chart for Gatekeeper -name: gatekeeper -icon: https://open-policy-agent.github.io/gatekeeper/website/img/logo.svg -keywords: - - open policy agent -version: 3.11.0 -home: https://github.com/open-policy-agent/gatekeeper -sources: - - https://github.com/open-policy-agent/gatekeeper.git -appVersion: v3.11.0 diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/README.md b/charts/community/redhat/gatekeeper/3.11.0/src/README.md deleted file mode 100644 index 3f9e8044ce..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/README.md +++ /dev/null @@ -1,195 +0,0 @@ -# Gatekeeper Helm Chart - -## Get Repo Info - -```console -helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -```console -# Helm install with gatekeeper-system namespace already created -$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper - -# Helm install and create namespace -$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace - -``` - -_See [parameters](#parameters) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Upgrade Chart - -**Upgrading from < v3.4.0** -Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices. - -Option 1: -A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater. - -```console -$ helm uninstall gatekeeper -$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace - -``` - -Option 2: -Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them. - -```console -$ helm_migrate.sh -$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper -``` - -**Upgrading from >= v3.4.0** -```console -$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper -``` - -_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._ - - -## Exempting Namespace - -The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook. - -_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._ - -## Parameters - -| Parameter | Description | Default | -| :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | -| postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | -| postInstall.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | -| postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postInstall.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0` | -| postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | -| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | -| postInstall.labelNamespace.extraRules | Extra rules for the gatekeeper-update-namespace-label Role | `[]` | -| postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` | -| postInstall.probeWebhook.image.repository | Image with curl to probe the webhook API | `curlimages/curl` | -| postInstall.probeWebhook.image.tag | Image tag | `7.83.1` | -| postInstall.probeWebhook.image.pullPolicy | Image pullPolicy | `IfNotPresent` | -| postInstall.probeWebhook.image.pullSecrets | Image pullSecrets | `[]` | -| postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` | -| postInstall.probeWebhook.httpTimeout | HTTP client timeout | `2` | -| postInstall.probeWebhook.insecureHTTPS | Ignore server SSL certificate | `false` | -| postInstall.affinity | The affinity to use for pod scheduling in postInstall hook jobs | `{}` | -| postInstall.tolerations | The tolerations to use for pod scheduling in postInstall hook jobs | `[]` | -| postInstall.nodeSelector | The node selector to use for pod scheduling in postInstall hook jobs | `kubernetes.io/os: linux` | -| postInstall.resources | The resource request/limits for the container image in postInstall hook jobs | `{}` | -| postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| postUpgrade.labelNamespace.enabled | Add labels to the namespace during post upgrade hooks | `false` | -| postUpgrade.labelNamespace.extraNamespaces | The extra namespaces that need to have the label during post upgrade hooks | `[]` | -| postUpgrade.labelNamespace.image.repository | Image with kubectl to label the namespace | `openpolicyagent/gatekeeper-crds` | -| postUpgrade.labelNamespace.image.tag | Image tag | Current release version: `v3.11.0` | -| postUpgrade.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | -| postUpgrade.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` -| postUpgrade.affinity | The affinity to use for pod scheduling in postUpgrade hook jobs | `{}` | -| postUpgrade.tolerations | The tolerations to use for pod scheduling in postUpgrade hook jobs | `[]` | -| postUpgrade.nodeSelector | The node selector to use for pod scheduling in postUpgrade hook jobs | `kubernetes.io/os: linux` | -| postUpgrade.resources | The resource request/limits for the container image in postUpgrade hook jobs | `{}` | -| postUpgrade.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| preUninstall.deleteWebhooks.enabled | Delete webhooks before gatekeeper itself is uninstalled | `false` | -| preUninstall.deleteWebhooks.image.repository | Image with kubectl to delete the webhooks | `openpolicyagent/gatekeeper-crds` | -| preUninstall.deleteWebhooks.image.tag | Image tag | Current release version: `v3.11.0` | -| preUninstall.deleteWebhooks.image.pullPolicy | Image pullPolicy | `IfNotPresent` | -| preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets | `[]` | -| preUninstall.deleteWebhooks.extraRules | Extra rules for the gatekeeper-delete-webhook-configs Role | `[]` | -| preUninstall.affinity | The affinity to use for pod scheduling in preUninstall hook jobs | `{}` | -| preUninstall.tolerations | The tolerations to use for pod scheduling in preUninstall hook jobs | `[]` | -| preUninstall.nodeSelector | The node selector to use for pod scheduling in preUninstall hook jobs | `kubernetes.io/os: linux` | -| preUninstall.resources | The resource request/limits for the container image in preUninstall hook jobs | `{}` | -| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| psp.enabled | Enabled PodSecurityPolicy | `true` | -| upgradeCRDs.enabled | Upgrade CRDs using pre-install/pre-upgrade hooks | `true` | -| upgradeCRDs.extraRules | Extra rules for the gatekeeper-admin-upgrade-crds ClusterRole | `[]` | -| crds.affinity | The affinity to use for pod scheduling in crds hook jobs | `{}` | -| crds.tolerations | The tolerations to use for pod scheduling in crds hook jobs | `[]` | -| crds.nodeSelector | The node selector to use for pod scheduling in crds hook jobs | `kubernetes.io/os: linux` | -| crds.resources | The resource request/limits for the container image in crds hook jobs | `{}` | -| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` | -| auditInterval | The frequency with which audit is run | `60` | -| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | -| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | -| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `500` | -| auditMatchKindOnly | Only check resources of the kinds specified in all constraints defined in the cluster. | `false` | -| disableValidatingWebhook | Disable the validating webhook | `false` | -| disableMutation | Disable mutation | `false` | -| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | -| validatingWebhookFailurePolicy | The failurePolicy for the validating webhook | `Ignore` | -| validatingWebhookAnnotations | The annotations to add to the ValidatingWebhookConfiguration | `{}` | -| validatingWebhookObjectSelector | The label selector to further refine which namespaced resources will be selected by the webhook. Please note that an exemption label means users can circumvent Gatekeeper's validation webhook unless measures are taken to control how exemption labels can be set. | `{}` | -| validatingWebhookCheckIgnoreFailurePolicy | The failurePolicy for the check-ignore-label validating webhook | `Fail` | -| validatingWebhookExemptNamespacesLabels | Additional namespace labels that will be exempt from the validating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}` | -| validatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` | -| enableDeleteOperations | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules` | `false` | -| enableExternalData | Enable external data | `true` | -| enableGeneratorResourceExpansion | Enable generator resource expansion (alpha feature) | `false` | -| enableTLSHealthcheck | Enable probing webhook API with certificate stored in certDir | `false` | -| maxServingThreads | Limit the number of concurrent calls the validation backend made by the validation webhook. -1 limits this value to GOMAXPROCS. Configuring this value may lower max RAM usage and limit CPU throttling, Tuning it can optimize serving capacity. | `-1` | -| metricsBackends | Metrics exporters to use. Valid exporters are: `prometheus`, `stackdriver`, and `opencensus` | `["prometheus"]` | -| mutatingWebhookFailurePolicy | The failurePolicy for the mutating webhook | `Ignore` | -| mutatingWebhookReinvocationPolicy | The reinvocationPolicy for the mutating webhook | `Never` | -| mutatingWebhookAnnotations | The annotations to add to the MutatingWebhookConfiguration | `{}` | -| mutatingWebhookExemptNamespacesLabels | Additional namespace labels that will be exempt from the mutating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}` | -| mutatingWebhookObjectSelector | The label selector to further refine which namespaced resources will be selected by the webhook. Please note that an exemption label means users can circumvent Gatekeeper's mutation webhook unless measures are taken to control how exemption labels can be set. | `{}` | -| mutatingWebhookTimeoutSeconds | The timeout for the mutating webhook in seconds | `3` | -| mutatingWebhookCustomRules | Custom rules for selecting which API resources trigger the webhook. NOTE: If you change this, ensure all your constraints are still being enforced. | `{}` | -| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | -| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | -| logDenies | Log detailed info on each deny | `false` | -| logLevel | Minimum log level | `INFO` | -| image.pullPolicy | The image pull policy | `IfNotPresent` | -| image.repository | Image repository | `openpolicyagent/gatekeeper` | -| image.release | The image release tag to use | Current release version: `v3.11.0` | -| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | -| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | -| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | -| affinity | The node affinity to use for pod scheduling | `{}` | -| topologySpreadConstraints | The topology spread constraints to use for pod scheduling | `[]` | -| tolerations | The tolerations to use for pod scheduling | `[]` | -| controllerManager.healthPort | Health port for controller manager | `9090` | -| controllerManager.port | Webhook-server port for controller manager | `8443` | -| controllerManager.metricsPort | Metrics port for controller manager | `8888` | -| controllerManager.readinessTimeout | Timeout in seconds for the controller manager's readiness probe | `1` | -| controllerManager.livenessTimeout | Timeout in seconds for the controller manager's liveness probe | `1` | -| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | -| controllerManager.podSecurityContext | Security context on pod level for controller manager | {fsGroup: 999, suplementalGroups: [999]} | -| controllerManager.exemptNamespaces | The exact namespaces to exempt by the admission webhook | `[]` | -| controllerManager.exemptNamespacePrefixes | The namespace prefixes to exempt by the admission webhook | `[]` | -| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` | -| controllerManager.dnsPolicy | Set the dnsPolicy for controllerManager pods | `ClusterFirst` | -| controllerManager.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| controllerManager.tlsMinVersion | Set the minimum supported TLS version for validating and mutating webhook servers | `1.3` | -| controllerManager.extraRules | Extra rules for the gatekeeper-manager-role Role | `[]` | -| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | -| audit.podSecurityContext | Security context for audit on pod level | {fsGroup: 999, suplementalGroups: [999]} | -| audit.hostNetwork | Enables audit to be deployed on hostNetwork | `false` | -| audit.dnsPolicy | Set the dnsPolicy for audit pods | `ClusterFirst` | -| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` | -| audit.healthPort | Health port for audit | `9090` | -| audit.metricsPort | Metrics port for audit | `8888` | -| audit.readinessTimeout | Timeout in seconds for audit's readiness probe | `1` | -| audit.livenessTimeout | Timeout in seconds for the audit's liveness probe | `1` | -| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` | -| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | -| podLabels | The labels to add to the Gatekeeper pods | `{}` | -| podCountLimit | The maximum number of Gatekeeper pods to run | `100` | -| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | -| pdb.controllerManager.minAvailable | The number of controller manager pods that must still be available after an eviction | `1` | -| service.type | Service type | `ClusterIP` | -| service.loadBalancerIP | The IP address of LoadBalancer service | `` | -| service.healthzPort | Service port to gatekeeper Webhook health port | `9090` | -| rbac.create | Enable the creation of RBAC resources | `true` | -| externalCertInjection.enabled | Enable the injection of an external certificate. This disables automatic certificate generation and rotation | `false` | -| externalCertInjection.secretName | Name of secret for injected certificate | `gatekeeper-webhook-server-cert` | - -## Contributing Changes - -Please refer to [Contributing to Helm Chart](https://open-policy-agent.github.io/gatekeeper/website/docs/help#contributing-to-helm-chart) for modifying the Helm chart. diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/assign-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/assign-customresourcedefinition.yaml deleted file mode 100644 index ce98648baf..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/assign-customresourcedefinition.yaml +++ /dev/null @@ -1,757 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: assign.mutations.gatekeeper.sh -spec: - group: mutations.gatekeeper.sh - names: - kind: Assign - listKind: AssignList - plural: assign - singular: assign - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Assign is the Schema for the assign API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - maxLength: 63 - type: string - type: object - spec: - description: AssignSpec defines the desired state of Assign. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - pathTests: - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - type: object - type: object - status: - description: AssignStatus defines the observed state of Assign. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Assign is the Schema for the assign API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AssignSpec defines the desired state of Assign. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - pathTests: - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - type: object - type: object - status: - description: AssignStatus defines the observed state of Assign. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: Assign is the Schema for the assign API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AssignSpec defines the desired state of Assign. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - pathTests: - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - type: object - type: object - status: - description: AssignStatus defines the observed state of Assign. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/assignmetadata-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/assignmetadata-customresourcedefinition.yaml deleted file mode 100644 index 3a63eef3cb..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/assignmetadata-customresourcedefinition.yaml +++ /dev/null @@ -1,655 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: assignmetadata.mutations.gatekeeper.sh -spec: - group: mutations.gatekeeper.sh - names: - kind: AssignMetadata - listKind: AssignMetadataList - plural: assignmetadata - singular: assignmetadata - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: AssignMetadata is the Schema for the assignmetadata API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - maxLength: 63 - type: string - type: object - spec: - description: AssignMetadataSpec defines the desired state of AssignMetadata. - properties: - location: - type: string - match: - description: Match selects objects to apply mutations to. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - status: - description: AssignMetadataStatus defines the observed state of AssignMetadata. - properties: - byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AssignMetadata is the Schema for the assignmetadata API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AssignMetadataSpec defines the desired state of AssignMetadata. - properties: - location: - type: string - match: - description: Match selects objects to apply mutations to. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - status: - description: AssignMetadataStatus defines the observed state of AssignMetadata. - properties: - byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: AssignMetadata is the Schema for the assignmetadata API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AssignMetadataSpec defines the desired state of AssignMetadata. - properties: - location: - type: string - match: - description: Match selects objects to apply mutations to. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - properties: - assign: - description: Assign.value holds the value to be assigned - properties: - externalData: - description: ExternalData describes the external data provider to be used for mutation. - properties: - dataSource: - default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. - enum: - - ValueAtLocation - - Username - type: string - default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". - type: string - failurePolicy: - default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. - enum: - - UseDefault - - Ignore - - Fail - type: string - provider: - description: Provider is the name of the external data provider. - type: string - type: object - fromMetadata: - description: FromMetadata assigns a value from the specified metadata field. - properties: - field: - description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`. - type: string - type: object - value: - description: Value is a constant value that will be assigned to `location` - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - status: - description: AssignMetadataStatus defines the observed state of AssignMetadata. - properties: - byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/config-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/config-customresourcedefinition.yaml deleted file mode 100644 index 57826ac09a..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/config-customresourcedefinition.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: configs.config.gatekeeper.sh -spec: - group: config.gatekeeper.sh - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Config is the Schema for the configs API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigSpec defines the desired state of Config. - properties: - match: - description: Configuration for namespace exclusion - items: - properties: - excludedNamespaces: - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - processes: - items: - type: string - type: array - type: object - type: array - readiness: - description: Configuration for readiness tracker - properties: - statsEnabled: - type: boolean - type: object - sync: - description: Configuration for syncing k8s objects - properties: - syncOnly: - description: If non-empty, only entries on this list will be replicated into OPA - items: - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - type: array - type: object - validation: - description: Configuration for validation - properties: - traces: - description: List of requests to trace. Both "user" and "kinds" must be specified - items: - properties: - dump: - description: Also dump the state of OPA with the trace. Set to `All` to dump everything. - type: string - kind: - description: Only trace requests of the following GroupVersionKind - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - user: - description: Only trace requests from the specified user - type: string - type: object - type: array - type: object - type: object - status: - description: ConfigStatus defines the observed state of Config. - type: object - type: object - served: true - storage: true diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constraintpodstatus-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/constraintpodstatus-customresourcedefinition.yaml deleted file mode 100644 index 230a541bb7..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constraintpodstatus-customresourcedefinition.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: constraintpodstatuses.status.gatekeeper.sh -spec: - group: status.gatekeeper.sh - names: - kind: ConstraintPodStatus - listKind: ConstraintPodStatusList - plural: constraintpodstatuses - singular: constraintpodstatus - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: ConstraintPodStatus is the Schema for the constraintpodstatuses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. - properties: - constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - enforced: - type: boolean - errors: - items: - description: Error represents a single error caught while adding a constraint to OPA. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: object - served: true - storage: true diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplate-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplate-customresourcedefinition.yaml deleted file mode 100644 index a4da4e9e90..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplate-customresourcedefinition.yaml +++ /dev/null @@ -1,303 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: constrainttemplates.templates.gatekeeper.sh -spec: - group: templates.gatekeeper.sh - names: - kind: ConstraintTemplate - listKind: ConstraintTemplateList - plural: constrainttemplates - singular: constrainttemplate - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ConstraintTemplate is the Schema for the constrainttemplates API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate. - properties: - crd: - properties: - spec: - properties: - names: - properties: - kind: - type: string - shortNames: - items: - type: string - type: array - type: object - validation: - default: - legacySchema: false - properties: - legacySchema: - default: false - type: boolean - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - targets: - items: - properties: - libs: - items: - type: string - type: array - rego: - type: string - target: - type: string - type: object - type: array - type: object - status: - description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate. - properties: - byPod: - items: - description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller - properties: - errors: - items: - description: CreateCRDError represents a single error caught during parsing, compiling, etc. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: a unique identifier for the pod that wrote the status - type: string - observedGeneration: - format: int64 - type: integer - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - created: - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ConstraintTemplate is the Schema for the constrainttemplates API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate. - properties: - crd: - properties: - spec: - properties: - names: - properties: - kind: - type: string - shortNames: - items: - type: string - type: array - type: object - validation: - default: - legacySchema: true - properties: - legacySchema: - default: true - type: boolean - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - targets: - items: - properties: - libs: - items: - type: string - type: array - rego: - type: string - target: - type: string - type: object - type: array - type: object - status: - description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate. - properties: - byPod: - items: - description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller - properties: - errors: - items: - description: CreateCRDError represents a single error caught during parsing, compiling, etc. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: a unique identifier for the pod that wrote the status - type: string - observedGeneration: - format: int64 - type: integer - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - created: - type: boolean - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: ConstraintTemplate is the Schema for the constrainttemplates API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate. - properties: - crd: - properties: - spec: - properties: - names: - properties: - kind: - type: string - shortNames: - items: - type: string - type: array - type: object - validation: - default: - legacySchema: true - properties: - legacySchema: - default: true - type: boolean - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - type: object - targets: - items: - properties: - libs: - items: - type: string - type: array - rego: - type: string - target: - type: string - type: object - type: array - type: object - status: - description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate. - properties: - byPod: - items: - description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller - properties: - errors: - items: - description: CreateCRDError represents a single error caught during parsing, compiling, etc. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: a unique identifier for the pod that wrote the status - type: string - observedGeneration: - format: int64 - type: integer - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - created: - type: boolean - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplatepodstatus-customresourcedefinition.yaml deleted file mode 100644 index 271572bd7e..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/constrainttemplatepodstatus-customresourcedefinition.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: constrainttemplatepodstatuses.status.gatekeeper.sh -spec: - group: status.gatekeeper.sh - names: - kind: ConstraintTemplatePodStatus - listKind: ConstraintTemplatePodStatusList - plural: constrainttemplatepodstatuses - singular: constrainttemplatepodstatus - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus. - properties: - errors: - items: - description: CreateCRDError represents a single error caught during parsing, compiling, etc. - properties: - code: - type: string - location: - type: string - message: - type: string - required: - - code - - message - type: object - type: array - id: - description: 'Important: Run "make" to regenerate code after modifying this file' - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - type: object - type: object - served: true - storage: true diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/expansiontemplate-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/expansiontemplate-customresourcedefinition.yaml deleted file mode 100644 index 042249cf10..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/expansiontemplate-customresourcedefinition.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: expansiontemplate.expansion.gatekeeper.sh -spec: - group: expansion.gatekeeper.sh - names: - kind: ExpansionTemplate - listKind: ExpansionTemplateList - plural: expansiontemplate - singular: expansiontemplate - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ExpansionTemplate is the Schema for the ExpansionTemplate API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. - type: string - generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. - properties: - group: - type: string - kind: - type: string - version: - type: string - type: object - templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template - type: string - type: object - type: object - served: true - storage: true diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/modifyset-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/modifyset-customresourcedefinition.yaml deleted file mode 100644 index 1bb1933366..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/modifyset-customresourcedefinition.yaml +++ /dev/null @@ -1,676 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: modifyset.mutations.gatekeeper.sh -spec: - group: mutations.gatekeeper.sh - names: - kind: ModifySet - listKind: ModifySetList - plural: modifyset - singular: modifyset - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - maxLength: 63 - type: string - type: object - spec: - description: ModifySetSpec defines the desired state of ModifySet. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - operation: - default: merge - description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge" - enum: - - merge - - prune - type: string - pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - values: - description: Values describes the values provided to the operation as `values.fromList`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - status: - description: ModifySetStatus defines the observed state of ModifySet. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ModifySetSpec defines the desired state of ModifySet. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - operation: - default: merge - description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge" - enum: - - merge - - prune - type: string - pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - values: - description: Values describes the values provided to the operation as `values.fromList`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - status: - description: ModifySetStatus defines the observed state of ModifySet. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ModifySetSpec defines the desired state of ModifySet. - properties: - applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. - items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. - properties: - groups: - items: - type: string - type: array - kinds: - items: - type: string - type: array - versions: - items: - type: string - type: array - type: object - type: array - location: - description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' - type: string - match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. - properties: - excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - kinds: - items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - items: - type: string - type: array - kinds: - items: - type: string - type: array - type: object - type: array - labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' - items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$ - type: string - type: array - scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) - type: string - source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. - enum: - - All - - Generated - - Original - type: string - type: object - parameters: - description: Parameters define the behavior of the mutator. - properties: - operation: - default: merge - description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge" - enum: - - merge - - prune - type: string - pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied - items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." - properties: - condition: - description: Condition describes whether the path either MustExist or MustNotExist in the original object - enum: - - MustExist - - MustNotExist - type: string - subPath: - type: string - type: object - type: array - values: - description: Values describes the values provided to the operation as `values.fromList`. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - status: - description: ModifySetStatus defines the observed state of ModifySet. - properties: - byPod: - items: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/mutatorpodstatus-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/mutatorpodstatus-customresourcedefinition.yaml deleted file mode 100644 index fd6a0f6dea..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/mutatorpodstatus-customresourcedefinition.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: mutatorpodstatuses.status.gatekeeper.sh -spec: - group: status.gatekeeper.sh - names: - kind: MutatorPodStatus - listKind: MutatorPodStatusList - plural: mutatorpodstatuses - singular: mutatorpodstatus - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: MutatorPodStatus is the Schema for the mutationpodstatuses API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. - properties: - enforced: - type: boolean - errors: - items: - description: MutatorError represents a single error caught while adding a mutator to a system. - properties: - message: - type: string - type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. - type: string - required: - - message - type: object - type: array - id: - type: string - mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch - type: string - observedGeneration: - format: int64 - type: integer - operations: - items: - type: string - type: array - type: object - type: object - served: true - storage: true diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/crds/provider-customresourcedefinition.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/crds/provider-customresourcedefinition.yaml deleted file mode 100644 index 0deb6f630b..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/crds/provider-customresourcedefinition.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - labels: - gatekeeper.sh/system: "yes" - name: providers.externaldata.gatekeeper.sh -spec: - group: externaldata.gatekeeper.sh - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - preserveUnknownFields: false - scope: Cluster - versions: - - deprecated: true - deprecationWarning: externaldata.gatekeeper.sh/v1alpha1 is deprecated. Use externaldata.gatekeeper.sh/v1beta1 instead. - name: v1alpha1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the Provider API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the Provider specifications. - properties: - caBundle: - description: CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate. - type: string - timeout: - description: Timeout is the timeout when querying the provider. - type: integer - url: - description: URL is the url for the provider. URL is prefixed with http:// or https://. - type: string - type: object - type: object - served: true - storage: true - - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the Provider specifications. - properties: - caBundle: - description: CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate. - type: string - timeout: - description: Timeout is the timeout when querying the provider. - type: integer - url: - description: URL is the url for the provider. URL is prefixed with http:// or https://. - type: string - type: object - type: object - served: true - storage: false diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/_helpers.tpl b/charts/community/redhat/gatekeeper/3.11.0/src/templates/_helpers.tpl deleted file mode 100644 index 8898e0df70..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,90 +0,0 @@ - -{{/* -Expand the name of the chart. -*/}} -{{- define "gatekeeper.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gatekeeper.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gatekeeper.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Adds additional pod labels to the common ones -*/}} -{{- define "gatekeeper.podLabels" -}} -{{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} -{{- end }} -{{- end -}} - -{{/* -Output post install webhook probe container entry -*/}} -{{- define "gatekeeper.postInstallWebhookProbeContainer" -}} -- name: webhook-probe-post - image: "{{ .Values.postInstall.probeWebhook.image.repository }}:{{ .Values.postInstall.probeWebhook.image.tag }}" - imagePullPolicy: {{ .Values.postInstall.probeWebhook.image.pullPolicy }} - command: - - "/bin/curl" - args: - - "--retry" - - "99999" - - "--retry-max-time" - - "{{ .Values.postInstall.probeWebhook.waitTimeout }}" - - "--retry-delay" - - "1" - - "--max-time" - - "{{ .Values.postInstall.probeWebhook.httpTimeout }}" - {{- if .Values.postInstall.probeWebhook.insecureHTTPS }} - - "--insecure" - {{- else }} - - "--cacert" - - /certs/ca.crt - {{- end }} - - "-v" - - "https://gatekeeper-webhook-service.{{ .Release.Namespace }}.svc/v1/admitlabel?timeout=2s" - resources: - {{- toYaml .Values.postInstall.resources | nindent 4 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.postInstall.securityContext | nindent 4 }} - volumeMounts: - - mountPath: /certs - name: cert - readOnly: true -{{- end -}} - -{{/* -Output post install webhook probe volume entry -*/}} -{{- define "gatekeeper.postInstallWebhookProbeVolume" -}} -- name: cert - secret: - secretName: {{ .Values.externalCertInjection.secretName }} -{{- end -}} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-podsecuritypolicy.yaml deleted file mode 100644 index 398b146007..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-podsecuritypolicy.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-admin -spec: - allowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - requiredDropCapabilities: - - ALL - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - projected - - secret - - downwardAPI - - emptyDir -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-serviceaccount.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-serviceaccount.yaml deleted file mode 100644 index 4b68998cb4..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-admin-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-admin - namespace: '{{ .Release.Namespace }}' diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-audit-deployment.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-audit-deployment.yaml deleted file mode 100644 index e11ad74871..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-audit-deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: audit-controller - gatekeeper.sh/operation: audit - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-audit - namespace: '{{ .Release.Namespace }}' -spec: - replicas: 1 - selector: - matchLabels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: audit-controller - gatekeeper.sh/operation: audit - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - template: - metadata: - annotations: - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - {{- end }} - labels: -{{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: audit-controller - gatekeeper.sh/operation: audit - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - affinity: - {{- toYaml .Values.audit.affinity | nindent 8 }} - automountServiceAccountToken: true - containers: - - {{- if .Values.image.release }} - image: {{ .Values.image.repository }}:{{ .Values.image.release }} - {{- else }} - image: {{ .Values.image.repository }} - {{- end }} - args: - - --audit-interval={{ .Values.auditInterval }} - - --log-level={{ .Values.logLevel }} - - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} - - --audit-from-cache={{ .Values.auditFromCache }} - - --audit-chunk-size={{ .Values.auditChunkSize }} - - --audit-match-kind-only={{ .Values.auditMatchKindOnly }} - - --emit-audit-events={{ .Values.emitAuditEvents }} - - --operation=audit - - --operation=status - {{ if not .Values.disableMutation}}- --operation=mutation-status{{- end }} - - --logtostderr - - --health-addr=:{{ .Values.audit.healthPort }} - - --prometheus-port={{ .Values.audit.metricsPort }} - - --enable-external-data={{ .Values.enableExternalData }} - - --enable-generator-resource-expansion={{ .Values.enableGeneratorResourceExpansion }} - - {{- range .Values.metricsBackends}} - - --metrics-backend={{ . }} - {{- end }} - - --disable-cert-rotation={{ or .Values.audit.disableCertRotation .Values.externalCertInjection.enabled }} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTAINER_NAME - value: manager - imagePullPolicy: '{{ .Values.image.pullPolicy }}' - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.audit.healthPort }} - timeoutSeconds: {{ .Values.audit.livenessTimeout }} - name: manager - ports: - - containerPort: {{ .Values.audit.metricsPort }} - name: metrics - protocol: TCP - - containerPort: {{ .Values.audit.healthPort }} - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: {{ .Values.audit.healthPort }} - timeoutSeconds: {{ .Values.audit.readinessTimeout }} - resources: - {{- toYaml .Values.audit.resources | nindent 10 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.audit.securityContext | nindent 10}} - volumeMounts: - - mountPath: /certs - name: cert - readOnly: true - - mountPath: /tmp/audit - name: tmp-volume - dnsPolicy: {{ .Values.audit.dnsPolicy }} - hostNetwork: {{ .Values.audit.hostNetwork }} - imagePullSecrets: - {{- toYaml .Values.image.pullSecrets | nindent 8 }} - nodeSelector: - {{- toYaml .Values.audit.nodeSelector | nindent 8 }} - {{- if .Values.audit.priorityClassName }} - priorityClassName: {{ .Values.audit.priorityClassName }} - {{- end }} - securityContext: - {{- toYaml .Values.audit.podSecurityContext | nindent 8 }} - serviceAccountName: gatekeeper-admin - terminationGracePeriodSeconds: 60 - tolerations: - {{- toYaml .Values.audit.tolerations | nindent 8 }} - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: gatekeeper-webhook-server-cert - {{- if .Values.audit.writeToRAMDisk }} - - emptyDir: - medium: Memory - {{ else }} - - emptyDir: {} - {{- end }} - name: tmp-volume diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-deployment.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-deployment.yaml deleted file mode 100644 index 0ac934b00c..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-deployment.yaml +++ /dev/null @@ -1,160 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/operation: webhook - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-controller-manager - namespace: '{{ .Release.Namespace }}' -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/operation: webhook - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - template: - metadata: - annotations: - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - {{- end }} - labels: -{{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/operation: webhook - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - affinity: - {{- toYaml .Values.controllerManager.affinity | nindent 8 }} - automountServiceAccountToken: true - containers: - - {{- if .Values.image.release }} - image: {{ .Values.image.repository }}:{{ .Values.image.release }} - {{- else }} - image: {{ .Values.image.repository }} - {{- end }} - args: - - --port={{ .Values.controllerManager.port }} - - --health-addr=:{{ .Values.controllerManager.healthPort }} - - --prometheus-port={{ .Values.controllerManager.metricsPort }} - - --logtostderr - - --log-denies={{ .Values.logDenies }} - - --emit-admission-events={{ .Values.emitAdmissionEvents }} - - --log-level={{ .Values.logLevel }} - - --exempt-namespace={{ .Release.Namespace }} - - --operation=webhook - - --enable-external-data={{ .Values.enableExternalData }} - - --enable-generator-resource-expansion={{ .Values.enableGeneratorResourceExpansion }} - - --log-mutations={{ .Values.logMutations }} - - --mutation-annotations={{ .Values.mutationAnnotations }} - - --disable-cert-rotation={{ .Values.controllerManager.disableCertRotation }} - - --max-serving-threads={{ .Values.maxServingThreads }} - - --tls-min-version={{ .Values.controllerManager.tlsMinVersion }} - {{ if ne .Values.controllerManager.clientCertName "" }}- --client-cert-name={{ .Values.controllerManager.clientCertName }}{{- end }} - - {{- range .Values.metricsBackends}} - - --metrics-backend={{ . }} - {{- end }} - {{ if .Values.enableTLSHealthcheck}}- --enable-tls-healthcheck{{- end }} - {{ if not .Values.disableMutation}}- --operation=mutation-webhook{{- end }} - - {{- range .Values.disabledBuiltins}} - - --disable-opa-builtin={{ . }} - {{- end }} - - {{- range .Values.controllerManager.exemptNamespaces}} - - --exempt-namespace={{ . }} - {{- end }} - - {{- range .Values.controllerManager.exemptNamespacePrefixes}} - - --exempt-namespace-prefix={{ . }} - {{- end }} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTAINER_NAME - value: manager - imagePullPolicy: '{{ .Values.image.pullPolicy }}' - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.controllerManager.healthPort }} - timeoutSeconds: {{ .Values.controllerManager.livenessTimeout }} - name: manager - ports: - - containerPort: {{ .Values.controllerManager.port }} - name: webhook-server - protocol: TCP - - containerPort: {{ .Values.controllerManager.metricsPort }} - name: metrics - protocol: TCP - - containerPort: {{ .Values.controllerManager.healthPort }} - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: {{ .Values.controllerManager.healthPort }} - timeoutSeconds: {{ .Values.controllerManager.readinessTimeout }} - resources: - {{- toYaml .Values.controllerManager.resources | nindent 10 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.controllerManager.securityContext | nindent 10}} - volumeMounts: - - mountPath: /certs - name: cert - readOnly: true - dnsPolicy: {{ .Values.controllerManager.dnsPolicy }} - hostNetwork: {{ .Values.controllerManager.hostNetwork }} - imagePullSecrets: - {{- toYaml .Values.image.pullSecrets | nindent 8 }} - nodeSelector: - {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }} - {{- if .Values.controllerManager.priorityClassName }} - priorityClassName: {{ .Values.controllerManager.priorityClassName }} - {{- end }} - securityContext: - {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }} - serviceAccountName: gatekeeper-admin - terminationGracePeriodSeconds: 60 - tolerations: - {{- toYaml .Values.controllerManager.tolerations | nindent 8 }} - topologySpreadConstraints: - {{- toYaml .Values.controllerManager.topologySpreadConstraints | nindent 8 }} - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: gatekeeper-webhook-server-cert diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml deleted file mode 100644 index 424f6a67c4..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- $v1 := .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} -{{- $v1beta1 := .Capabilities.APIVersions.Has "policy/v1beta1/PodDisruptionBudget" -}} -apiVersion: policy/v1{{- if and (not $v1) $v1beta1 -}}beta1{{- end }} -kind: PodDisruptionBudget -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-controller-manager - namespace: '{{ .Release.Namespace }}' -spec: - minAvailable: {{ .Values.pdb.controllerManager.minAvailable }} - selector: - matchLabels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/operation: webhook - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-critical-pods-resourcequota.yaml deleted file mode 100644 index 1546463669..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-critical-pods-resourcequota.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.resourceQuota }} -apiVersion: v1 -kind: ResourceQuota -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-critical-pods - namespace: '{{ .Release.Namespace }}' -spec: - hard: - pods: {{ .Values.podCountLimit }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - {{ .Values.controllerManager.priorityClassName }} - - {{ .Values.audit.priorityClassName }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-clusterrole.yaml deleted file mode 100644 index 8b32f96014..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-clusterrole.yaml +++ /dev/null @@ -1,167 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - gatekeeper-mutating-webhook-configuration - resources: - - mutatingwebhookconfigurations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - config.gatekeeper.sh - resources: - - configs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - config.gatekeeper.sh - resources: - - configs/status - verbs: - - get - - patch - - update -- apiGroups: - - constraints.gatekeeper.sh - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - externaldata.gatekeeper.sh - resources: - - providers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mutations.gatekeeper.sh - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -{{- if and .Values.psp.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -- apiGroups: - - policy - resourceNames: - - gatekeeper-admin - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} -- apiGroups: - - status.gatekeeper.sh - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - templates.gatekeeper.sh - resources: - - constrainttemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - templates.gatekeeper.sh - resources: - - constrainttemplates/finalizers - verbs: - - delete - - get - - patch - - update -- apiGroups: - - templates.gatekeeper.sh - resources: - - constrainttemplates/status - verbs: - - get - - patch - - update -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - gatekeeper-validating-webhook-configuration - resources: - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-role.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-role.yaml deleted file mode 100644 index 1018dcdb66..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-role-role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-role - namespace: '{{ .Release.Namespace }}' -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -{{- with .Values.controllerManager.extraRules }} - {{- toYaml . | nindent 0 }} -{{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml deleted file mode 100644 index 1fb9f6c87a..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gatekeeper-manager-role -subjects: -- kind: ServiceAccount - name: gatekeeper-admin - namespace: '{{ .Release.Namespace }}' -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-rolebinding.yaml deleted file mode 100644 index fbe9580d57..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-manager-rolebinding-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-manager-rolebinding - namespace: '{{ .Release.Namespace }}' -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gatekeeper-manager-role -subjects: -- kind: ServiceAccount - name: gatekeeper-admin - namespace: '{{ .Release.Namespace }}' -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml deleted file mode 100644 index 30a23b4fb9..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if not .Values.disableMutation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: {{- toYaml .Values.mutatingWebhookAnnotations | trim | nindent 4 }} - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: gatekeeper-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /v1/mutate - failurePolicy: {{ .Values.mutatingWebhookFailurePolicy }} - matchPolicy: Exact - name: mutation.gatekeeper.sh - namespaceSelector: - matchExpressions: - - key: admission.gatekeeper.sh/ignore - operator: DoesNotExist - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - {{ .Release.Namespace }} - - {{- range $key, $value := .Values.mutatingWebhookExemptNamespacesLabels}} - - key: {{ $key }} - operator: NotIn - values: - {{- range $value }} - - {{ . }} - {{- end }} - {{- end }} - objectSelector: {{ toYaml .Values.mutatingWebhookObjectSelector }} - reinvocationPolicy: {{ .Values.mutatingWebhookReinvocationPolicy }} - rules: - {{- if .Values.mutatingWebhookCustomRules }} - {{- toYaml .Values.mutatingWebhookCustomRules | nindent 2 }} - {{- else }} - - apiGroups: - - '*' - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - '*' - {{- end }} - sideEffects: None - timeoutSeconds: {{ .Values.mutatingWebhookTimeoutSeconds }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml deleted file mode 100644 index a51dcef6bd..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if not .Values.disableValidatingWebhook }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: {{- toYaml .Values.validatingWebhookAnnotations | trim | nindent 4 }} - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: gatekeeper-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /v1/admit - failurePolicy: {{ .Values.validatingWebhookFailurePolicy }} - matchPolicy: Exact - name: validation.gatekeeper.sh - namespaceSelector: - matchExpressions: - - key: admission.gatekeeper.sh/ignore - operator: DoesNotExist - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - {{ .Release.Namespace }} - - {{- range $key, $value := .Values.validatingWebhookExemptNamespacesLabels}} - - key: {{ $key }} - operator: NotIn - values: - {{- range $value }} - - {{ . }} - {{- end }} - {{- end }} - objectSelector: {{ toYaml .Values.validatingWebhookObjectSelector }} - rules: - {{- if .Values.validatingWebhookCustomRules }} - {{- toYaml .Values.validatingWebhookCustomRules | nindent 2 }} - {{- else }} - - apiGroups: - - '*' - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - {{- if .Values.enableDeleteOperations }} - - DELETE - {{- end }} - resources: - - '*' - # Explicitly list all known subresources except "status" (to avoid destabilizing the cluster and increasing load on gatekeeper). - # You can find a rough list of subresources by doing a case-sensitive search in the Kubernetes codebase for 'Subresource("' - - 'pods/ephemeralcontainers' - - 'pods/exec' - - 'pods/log' - - 'pods/eviction' - - 'pods/portforward' - - 'pods/proxy' - - 'pods/attach' - - 'pods/binding' - - 'deployments/scale' - - 'replicasets/scale' - - 'statefulsets/scale' - - 'replicationcontrollers/scale' - - 'services/proxy' - - 'nodes/proxy' - # For constraints that mitigate CVE-2020-8554 - - 'services/status' - {{- end }} - sideEffects: None - timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: gatekeeper-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /v1/admitlabel - failurePolicy: {{ .Values.validatingWebhookCheckIgnoreFailurePolicy }} - matchPolicy: Exact - name: check-ignore-label.gatekeeper.sh - namespaceSelector: - matchExpressions: - - key: kubernetes.io/metadata.name - operator: NotIn - values: - - {{ .Release.Namespace }} - rules: - - apiGroups: - - "" - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - namespaces - sideEffects: None - timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-server-cert-secret.yaml deleted file mode 100644 index a841780a55..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-server-cert-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if not .Values.externalCertInjection.enabled }} -apiVersion: v1 -kind: Secret -metadata: - annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }} - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-webhook-server-cert - namespace: '{{ .Release.Namespace }}' -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-service-service.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-service-service.yaml deleted file mode 100644 index 3c0f4453a1..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/gatekeeper-webhook-service-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - name: gatekeeper-webhook-service - namespace: '{{ .Release.Namespace }}' -spec: - - ports: - - name: https-webhook-server - port: 443 - targetPort: webhook-server -{{- if .Values.service }} -{{- if .Values.service.healthzPort }} - - name: http-webhook-healthz - port: {{ .Values.service.healthzPort }} - targetPort: healthz - {{- end }} - {{- end }} - {{- if .Values.service }} - type: {{ .Values.service.type | default "ClusterIP" }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- end }} - selector: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - control-plane: controller-manager - gatekeeper.sh/operation: webhook - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-install.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-install.yaml deleted file mode 100644 index 4f3a9920cb..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-install.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{- if .Values.postInstall.labelNamespace.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: gatekeeper-update-namespace-label - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - metadata: - annotations: - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - labels: - {{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - restartPolicy: OnFailure - {{- if .Values.postInstall.labelNamespace.image.pullSecrets }} - imagePullSecrets: - {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }} - {{- end }} - serviceAccount: gatekeeper-update-namespace-label - {{- if .Values.postInstall.probeWebhook.enabled }} - volumes: - {{- include "gatekeeper.postInstallWebhookProbeVolume" . | nindent 8 }} - initContainers: - {{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }} - {{- end }} - containers: - - name: kubectl-label - image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}" - imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }} - args: - - label - - ns - - {{ .Release.Namespace }} - - admission.gatekeeper.sh/ignore=no-self-managing - {{- range .Values.postInstall.labelNamespace.podSecurity }} - - {{ . }} - {{- end }} - - --overwrite - resources: - {{- toYaml .Values.postInstall.resources | nindent 12 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.postInstall.securityContext | nindent 12 }} - {{- if .Values.postInstall.labelNamespace.extraNamespaces }} - - name: kubectl-label-extra - image: "{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}" - imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }} - args: - - label - - ns - {{- range .Values.postInstall.labelNamespace.extraNamespaces }} - - {{ . }} - {{- end }} - - admission.gatekeeper.sh/ignore=extra-namespaces - - --overwrite - resources: - {{- toYaml .Values.postInstall.resources | nindent 12 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.postInstall.securityContext | nindent 12 }} - {{- end }} - {{- with .Values.postInstall }} - nodeSelector: - {{- toYaml .nodeSelector | nindent 8 }} - affinity: - {{- toYaml .affinity | nindent 8 }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - {{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gatekeeper-update-namespace-label - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gatekeeper-update-namespace-label - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - update - - patch - resourceNames: - - {{ .Release.Namespace }} - {{- range .Values.postInstall.labelNamespace.extraNamespaces }} - - {{ . }} - {{- end }} -{{- with .Values.postInstall.labelNamespace.extraRules }} - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gatekeeper-update-namespace-label - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gatekeeper-update-namespace-label -subjects: - - kind: ServiceAccount - name: gatekeeper-update-namespace-label - namespace: {{ .Release.Namespace | quote }} -{{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-upgrade.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-upgrade.yaml deleted file mode 100644 index 28d223bf45..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/namespace-post-upgrade.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{- if .Values.postUpgrade.labelNamespace.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: gatekeeper-update-namespace-label-post-upgrade - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - metadata: - labels: - {{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - restartPolicy: OnFailure - {{- if .Values.postUpgrade.labelNamespace.image.pullSecrets }} - imagePullSecrets: - {{- .Values.postUpgrade.labelNamespace.image.pullSecrets | toYaml | nindent 12 }} - {{- end }} - serviceAccount: gatekeeper-update-namespace-label-post-upgrade - containers: - - name: kubectl-label - image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}" - imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }} - args: - - label - - ns - - {{ .Release.Namespace }} - - admission.gatekeeper.sh/ignore=no-self-managing - {{- range .Values.postUpgrade.labelNamespace.podSecurity }} - - {{ . }} - {{- end }} - - --overwrite - resources: - {{- toYaml .Values.postUpgrade.resources | nindent 12 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.postUpgrade.securityContext | nindent 12 }} - {{- if .Values.postUpgrade.labelNamespace.extraNamespaces }} - - name: kubectl-label-extra - image: "{{ .Values.postUpgrade.labelNamespace.image.repository }}:{{ .Values.postUpgrade.labelNamespace.image.tag }}" - imagePullPolicy: {{ .Values.postUpgrade.labelNamespace.image.pullPolicy }} - args: - - label - - ns - {{- range .Values.postUpgrade.labelNamespace.extraNamespaces }} - - {{ . }} - {{- end }} - - admission.gatekeeper.sh/ignore=extra-namespaces - - --overwrite - resources: - {{- toYaml .Values.postUpgrade.resources | nindent 12 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.postUpgrade.securityContext | nindent 12 }} - {{- end }} - {{- with .Values.postUpgrade }} - affinity: - {{- toYaml .affinity | nindent 8 }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - nodeSelector: - {{- toYaml .nodeSelector | nindent 8 }} - {{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gatekeeper-update-namespace-label-post-upgrade - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gatekeeper-update-namespace-label-post-upgrade - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - update - - patch - resourceNames: - - {{ .Release.Namespace }} - {{- range .Values.postUpgrade.labelNamespace.extraNamespaces }} - - {{ . }} - {{- end }} -{{- end }} ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gatekeeper-update-namespace-label-post-upgrade - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gatekeeper-update-namespace-label-post-upgrade -subjects: - - kind: ServiceAccount - name: gatekeeper-update-namespace-label-post-upgrade - namespace: {{ .Release.Namespace | quote }} -{{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/probe-webhook-post-install.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/probe-webhook-post-install.yaml deleted file mode 100644 index 5a140d31ce..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/probe-webhook-post-install.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if not .Values.disableValidatingWebhook }} -{{- if and (not .Values.postInstall.labelNamespace.enabled) .Values.postInstall.probeWebhook.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: gatekeeper-probe-webhook-post-install - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - metadata: - annotations: - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - labels: - {{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - restartPolicy: Never - {{- if .Values.postInstall.probeWebhook.image.pullSecrets }} - imagePullSecrets: - {{- .Values.postInstall.probeWebhook.image.pullSecrets | toYaml | nindent 12 }} - {{- end }} - volumes: - {{- include "gatekeeper.postInstallWebhookProbeVolume" . | nindent 8 }} - containers: - {{- include "gatekeeper.postInstallWebhookProbeContainer" . | nindent 8 }} - {{- with .Values.postInstall }} - affinity: - {{- toYaml .affinity | nindent 8 }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - nodeSelector: - {{- toYaml .nodeSelector | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/upgrade-crds-hook.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/upgrade-crds-hook.yaml deleted file mode 100644 index cd57573f37..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/upgrade-crds-hook.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{- if .Values.upgradeCRDs.enabled }} -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gatekeeper-admin-upgrade-crds - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" - helm.sh/hook-weight: "1" -rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "create", "update", "patch"] -{{- with .Values.upgradeCRDs.extraRules }} - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gatekeeper-admin-upgrade-crds - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" - helm.sh/hook-weight: "1" -subjects: - - kind: ServiceAccount - name: gatekeeper-admin-upgrade-crds - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: gatekeeper-admin-upgrade-crds - apiGroup: rbac.authorization.k8s.io -{{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: gatekeeper-admin-upgrade-crds - namespace: '{{ .Release.Namespace }}' - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" - helm.sh/hook-weight: "1" ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: gatekeeper-update-crds-hook - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "gatekeeper.name" . }} - chart: {{ template "gatekeeper.name" . }} - gatekeeper.sh/system: "yes" - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation" -spec: - backoffLimit: 0 - template: - metadata: - name: gatekeeper-update-crds-hook - annotations: - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - labels: - {{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - serviceAccountName: gatekeeper-admin-upgrade-crds - restartPolicy: Never - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml .Values.image.pullSecrets | nindent 8 }} - {{- end }} - containers: - - name: crds-upgrade - {{- if not .Values.image.release }} - image: '{{ .Values.image.crdRepository }}' - {{- else }} - image: '{{ .Values.image.crdRepository }}:{{ .Values.image.release }}' - {{- end }} - imagePullPolicy: '{{ .Values.image.pullPolicy }}' - args: - - apply - - -f - - crds/ - resources: - {{- toYaml .Values.crds.resources | nindent 10 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.crds.securityContext | nindent 10 }} - {{- with .Values.crds }} - affinity: - {{- toYaml .affinity | nindent 8 }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - nodeSelector: - {{- toYaml .nodeSelector | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/templates/webhook-configs-pre-delete.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/templates/webhook-configs-pre-delete.yaml deleted file mode 100644 index d610394de3..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/templates/webhook-configs-pre-delete.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- if and (or (not .Values.disableValidatingWebhook) (not .Values.disableMutation)) .Values.preUninstall.deleteWebhookConfigurations.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: gatekeeper-delete-webhook-configs - labels: - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - metadata: - annotations: - {{- toYaml .Values.podAnnotations | trim | nindent 8 }} - labels: - {{- include "gatekeeper.podLabels" . }} - app: '{{ template "gatekeeper.name" . }}' - chart: '{{ template "gatekeeper.name" . }}' - gatekeeper.sh/system: "yes" - heritage: '{{ .Release.Service }}' - release: '{{ .Release.Name }}' - spec: - restartPolicy: OnFailure - {{- if .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets }} - imagePullSecrets: - {{- .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets | toYaml | nindent 12 }} - {{- end }} - serviceAccount: gatekeeper-delete-webhook-configs - containers: - - name: kubectl-delete - image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}" - imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }} - args: - - delete - {{- if not .Values.disableValidatingWebhook }} - - validatingwebhookconfiguration/gatekeeper-validating-webhook-configuration - {{- end }} - {{- if not .Values.disableMutation }} - - mutatingwebhookconfiguration/gatekeeper-mutating-webhook-configuration - {{- end }} - resources: - {{- toYaml .Values.preUninstall.resources | nindent 10 }} - securityContext: - {{- if .Values.enableRuntimeDefaultSeccompProfile }} - seccompProfile: - type: RuntimeDefault - {{- end }} - {{- toYaml .Values.preUninstall.securityContext | nindent 10 }} - {{- with .Values.preUninstall }} - nodeSelector: - {{- toYaml .nodeSelector | nindent 8 }} - affinity: - {{- toYaml .affinity | nindent 8 }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - {{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gatekeeper-delete-webhook-configs - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gatekeeper-delete-webhook-configs - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - {{- if not .Values.disableValidatingWebhook }} - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - resourceNames: - - gatekeeper-validating-webhook-configuration - verbs: - - delete - {{- end }} - {{- if not .Values.disableMutation }} - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - resourceNames: - - gatekeeper-mutating-webhook-configuration - verbs: - - delete - {{- end }} -{{- with .Values.preUninstall.deleteWebhookConfigurations.extraRules }} - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} ---- -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gatekeeper-delete-webhook-configs - labels: - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gatekeeper-delete-webhook-configs -subjects: - - kind: ServiceAccount - name: gatekeeper-delete-webhook-configs - namespace: {{ .Release.Namespace | quote }} -{{- end }} -{{- end }} diff --git a/charts/community/redhat/gatekeeper/3.11.0/src/values.yaml b/charts/community/redhat/gatekeeper/3.11.0/src/values.yaml deleted file mode 100644 index b9a24046da..0000000000 --- a/charts/community/redhat/gatekeeper/3.11.0/src/values.yaml +++ /dev/null @@ -1,241 +0,0 @@ -replicas: 3 -auditInterval: 60 -metricsBackends: ["prometheus"] -auditMatchKindOnly: false -constraintViolationsLimit: 20 -auditFromCache: false -disableMutation: false -disableValidatingWebhook: false -validatingWebhookTimeoutSeconds: 3 -validatingWebhookFailurePolicy: Ignore -validatingWebhookAnnotations: {} -validatingWebhookExemptNamespacesLabels: {} -validatingWebhookObjectSelector: {} -validatingWebhookCheckIgnoreFailurePolicy: Fail -validatingWebhookCustomRules: {} -enableDeleteOperations: false -enableExternalData: true -enableGeneratorResourceExpansion: false -enableTLSHealthcheck: false -maxServingThreads: -1 -mutatingWebhookFailurePolicy: Ignore -mutatingWebhookReinvocationPolicy: Never -mutatingWebhookAnnotations: {} -mutatingWebhookExemptNamespacesLabels: {} -mutatingWebhookObjectSelector: {} -mutatingWebhookTimeoutSeconds: 1 -mutatingWebhookCustomRules: {} -mutationAnnotations: false -auditChunkSize: 500 -logLevel: INFO -logDenies: false -logMutations: false -emitAdmissionEvents: false -emitAuditEvents: false -resourceQuota: true -postUpgrade: - labelNamespace: - enabled: false - image: - repository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - tag: v3.11 - pullPolicy: IfNotPresent - pullSecrets: [] - extraNamespaces: [] - podSecurity: ["pod-security.kubernetes.io/audit=baseline", - "pod-security.kubernetes.io/audit-version=latest", - "pod-security.kubernetes.io/warn=baseline", - "pod-security.kubernetes.io/warn-version=latest", - "pod-security.kubernetes.io/enforce=baseline", - "pod-security.kubernetes.io/enforce-version=v1.24"] - affinity: {} - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true -postInstall: - labelNamespace: - enabled: true - extraRules: [] - image: - repository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - tag: v3.11 - pullPolicy: IfNotPresent - pullSecrets: [] - extraNamespaces: [] - podSecurity: ["pod-security.kubernetes.io/audit=baseline", - "pod-security.kubernetes.io/audit-version=latest", - "pod-security.kubernetes.io/warn=baseline", - "pod-security.kubernetes.io/warn-version=latest", - "pod-security.kubernetes.io/enforce=baseline", - "pod-security.kubernetes.io/enforce-version=v1.24"] - probeWebhook: - enabled: true - image: - repository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - tag: v3.11 - pullPolicy: IfNotPresent - pullSecrets: [] - waitTimeout: 60 - httpTimeout: 2 - insecureHTTPS: false - affinity: {} - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true -preUninstall: - deleteWebhookConfigurations: - extraRules: [] - enabled: false - image: - repository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - tag: v3.11 - pullPolicy: IfNotPresent - pullSecrets: [] - affinity: {} - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true -image: - repository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - crdRepository: registry.redhat.io/gatekeeper/gatekeeper-rhel8 - release: v3.11 - pullPolicy: IfNotPresent - pullSecrets: [] -podAnnotations: {} -podLabels: {} -podCountLimit: "100" -secretAnnotations: {} -enableRuntimeDefaultSeccompProfile: false -controllerManager: - exemptNamespaces: [] - exemptNamespacePrefixes: [] - hostNetwork: false - dnsPolicy: ClusterFirst - port: 8443 - metricsPort: 8888 - healthPort: 9090 - readinessTimeout: 1 - livenessTimeout: 1 - priorityClassName: system-cluster-critical - disableCertRotation: false - tlsMinVersion: 1.3 - clientCertName: "" - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: gatekeeper.sh/operation - operator: In - values: - - webhook - topologyKey: kubernetes.io/hostname - weight: 100 - topologySpreadConstraints: [] - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - resources: - limits: - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - podSecurityContext: - fsGroup: 999 - supplementalGroups: - - 999 - extraRules: - - apiGroups: - - security.openshift.io - resourceNames: - - anyuid - resources: - - securitycontextconstraints - verbs: - - use -audit: - hostNetwork: false - dnsPolicy: ClusterFirst - metricsPort: 8888 - healthPort: 9090 - readinessTimeout: 1 - livenessTimeout: 1 - priorityClassName: system-cluster-critical - disableCertRotation: true - affinity: {} - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - resources: - limits: - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - podSecurityContext: - fsGroup: 999 - supplementalGroups: - - 999 - writeToRAMDisk: false - extraRules: [] -crds: - affinity: {} - tolerations: [] - nodeSelector: {kubernetes.io/os: linux} - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true -pdb: - controllerManager: - minAvailable: 1 -service: {} -disabledBuiltins: ["{http.send}"] -psp: - enabled: false -upgradeCRDs: - enabled: true - extraRules: [] -rbac: - create: true -externalCertInjection: - enabled: false - secretName: gatekeeper-webhook-server-cert diff --git a/charts/community/redhat/gatekeeper/OWNERS b/charts/community/redhat/gatekeeper/OWNERS deleted file mode 100644 index c5b28c1ae4..0000000000 --- a/charts/community/redhat/gatekeeper/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -chart: - name: gatekeeper - shortDescription: OPA Gatekeeper -publicPgpKey: null -users: -- githubUsername: thomasmckay -- githubUsername: gparvin -- githubUsername: mprahl -- githubUsername: dhaiducek -- githubUsername: JustinKuli -vendor: - label: redhat - name: Red Hat diff --git a/charts/community/redhat/wildfly/1.4.0/report.yaml b/charts/community/redhat/wildfly/1.4.0/report.yaml deleted file mode 100644 index f17c6f43f3..0000000000 --- a/charts/community/redhat/wildfly/1.4.0/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/wildfly-1.4.0.tgz - digest: sha256:80630f72e50faa6cd799f8bad147f834fe2e4b181ba4a8298a40e743665fba1b - digests: - chart: sha256:80630f72e50faa6cd799f8bad147f834fe2e4b181ba4a8298a40e743665fba1b - package: 1c4a83c3ea0b23f7adf22210e950ddb4a658641ecb57a97ef9a19268059412d2 - lastCertifiedTimestamp: "2021-07-09T23:13:06.36487+00:00" - certifiedOpenShiftVersions: 4.7.5 - chart: - name: wildfly - home: "" - sources: [] - version: 1.4.0 - description: Build and Deploy WildFly applications on OpenShift - keywords: [] - maintainers: - - name: WildFly - email: wildfly-dev@lists.jboss.org - url: https://wildfly.org - icon: https://design.jboss.org/wildfly/logo/final/wildfly_logomark_256px.png - apiversion: v2 - condition: "" - tags: "" - appversion: "24.0" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: - - name: wildfly-common - version: 1.3.0 - repository: file://../wildfly-common - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Failed to certify images : Failed to get images, error running helm template - : execution error at (wildfly/templates/buildconfig-s2i-build-artifacts.yaml:2:4): - Git source repository URL is required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install wildfly-dy22xxfx2x /root/.cache/chart-verifier/https___redhat_developer_github_io_redhat_helm_charts_charts_wildfly_1_4_0_tgz/wildfly --namespace davptest --wait --values /tmp/chart-testing-636415511/values.yaml": exit status 1 - --- - Error: execution error at (wildfly/templates/buildconfig-s2i-build-artifacts.yaml:2:4): Git source repository URL is required - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful diff --git a/charts/community/redhat/wildfly/1.4.0/wildfly-1.4.0.tgz b/charts/community/redhat/wildfly/1.4.0/wildfly-1.4.0.tgz deleted file mode 100644 index 23c088275d..0000000000 Binary files a/charts/community/redhat/wildfly/1.4.0/wildfly-1.4.0.tgz and /dev/null differ diff --git a/charts/community/redhat/wildfly/1.5.2/report.yaml b/charts/community/redhat/wildfly/1.5.2/report.yaml deleted file mode 100644 index eca46fec84..0000000000 --- a/charts/community/redhat/wildfly/1.5.2/report.yaml +++ /dev/null @@ -1,99 +0,0 @@ -2021/10/26 13:47:48 [INFO] Missing required value: Git source repository URL is required -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.3 - profile: - VendorType: partner - version: v1.0 - chart-uri: /charts/1.5.2/wildfly-1.5.2.tgz - digest: sha256:0fc18ecec3ca14a3fe4bcd7dd097e50f34945f412a476df34a60a235f02671fc - digests: - chart: sha256:0fc18ecec3ca14a3fe4bcd7dd097e50f34945f412a476df34a60a235f02671fc - package: 0c999e8ba0987312ec5a40a148a37f8a69d3c0949a3f174ba7e5ca51fa98975f - lastCertifiedTimestamp: "2021-10-26T13:47:49.146017+00:00" - certifiedOpenShiftVersions: N/A - chart: - name: wildfly - home: "" - sources: [] - version: 1.5.2 - description: Build and Deploy WildFly applications on OpenShift - keywords: [] - maintainers: - - name: WildFly - email: wildfly-dev@lists.jboss.org - url: https://wildfly.org - icon: https://design.jboss.org/wildfly/logo/final/wildfly_logomark_256px.png - apiversion: v2 - condition: "" - tags: "" - appversion: "25.0" - deprecated: false - annotations: - charts.openshift.io/name: WildFly - charts.openshift.io/provider: WildFly - kubeversion: "" - dependencies: - - name: wildfly-common - version: 1.4.1 - repository: file://../wildfly-common - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Failed to certify images : Failed to get images, error running helm template - : execution error at (wildfly/templates/buildconfig-s2i-build-artifacts.yaml:2:4): - Git source repository URL is required' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install wildfly-ua0iu48sbs /root/.cache/chart-verifier/_charts_1_5_2_wildfly_1_5_2_tgz/wildfly --namespace default --wait --values /tmp/chart-testing-093101968/values.yaml": exit status 1 - --- - Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - diff --git a/charts/community/redhat/wildfly/1.5.2/wildfly-1.5.2.tgz b/charts/community/redhat/wildfly/1.5.2/wildfly-1.5.2.tgz deleted file mode 100644 index be413305dc..0000000000 Binary files a/charts/community/redhat/wildfly/1.5.2/wildfly-1.5.2.tgz and /dev/null differ diff --git a/charts/community/redhat/wildfly/1.5.4/wildfly-1.5.4.tgz b/charts/community/redhat/wildfly/1.5.4/wildfly-1.5.4.tgz deleted file mode 100644 index 5160eb27f3..0000000000 Binary files a/charts/community/redhat/wildfly/1.5.4/wildfly-1.5.4.tgz and /dev/null differ diff --git a/charts/community/redhat/wildfly/1.5.5/wildfly-1.5.5.tgz b/charts/community/redhat/wildfly/1.5.5/wildfly-1.5.5.tgz deleted file mode 100644 index 6847ec0dea..0000000000 Binary files a/charts/community/redhat/wildfly/1.5.5/wildfly-1.5.5.tgz and /dev/null differ diff --git a/charts/community/redhat/wildfly/OWNERS b/charts/community/redhat/wildfly/OWNERS deleted file mode 100644 index 2ca5e354ed..0000000000 --- a/charts/community/redhat/wildfly/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: wildfly - shortDescription: Build and Deploy WildFly applications -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil -vendor: - label: redhat - name: WildFly diff --git a/charts/community/wildfly/wildfly/OWNERS b/charts/community/wildfly/wildfly/OWNERS deleted file mode 100644 index 045aeff40e..0000000000 --- a/charts/community/wildfly/wildfly/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: wildfly - shortDescription: Build and Deploy WildFly applications -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil -vendor: - label: wildfly - name: WildFly diff --git a/charts/partners/.keep b/charts/partners/.keep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/partners/[company-1644596065-1659-empty-value]/helm-chart/OWNERS b/charts/partners/[company-1644596065-1659-empty-value]/helm-chart/OWNERS deleted file mode 100644 index 4e14f97263..0000000000 --- a/charts/partners/[company-1644596065-1659-empty-value]/helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: '[company-1644596065-1659-empty-value]' - name: New Company diff --git a/charts/partners/a10/a10tkc/OWNERS b/charts/partners/a10/a10tkc/OWNERS deleted file mode 100644 index 408b168cbf..0000000000 --- a/charts/partners/a10/a10tkc/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: a10tkc - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: a10 - name: A10 Networks diff --git a/charts/partners/a10networks/a10tkc/0.1.0/a10tkc-0.1.0.tgz b/charts/partners/a10networks/a10tkc/0.1.0/a10tkc-0.1.0.tgz deleted file mode 100644 index d786a0d942..0000000000 Binary files a/charts/partners/a10networks/a10tkc/0.1.0/a10tkc-0.1.0.tgz and /dev/null differ diff --git a/charts/partners/a10networks/a10tkc/0.1.0/report.yaml b/charts/partners/a10networks/a10tkc/0.1.0/report.yaml deleted file mode 100644 index 56400f9cd6..0000000000 --- a/charts/partners/a10networks/a10tkc/0.1.0/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:12568040126152350149 - chart-uri: https://github.com/csingh-a10/openshift-a10tkc-helmchart/raw/main/charts/partners/a10networks/a10tkc/0.1.0/a10tkc-0.1.0.tgz - digests: - chart: sha256:ca6b78101b4754b4081e804858a033d28160a745fc8b202bf059ac0cc813c023 - package: 92858594d3b7fc0b12065f99c1cf903a1d6bd16da97ab7a4efa771c2241d4f33 - lastCertifiedTimestamp: "2023-01-30T23:18:41.932201-05:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: a10tkc - home: "" - sources: [] - version: 0.1.0 - description: A Helm chart for A10 Thunder Kubernetes Connector - keywords: [] - maintainers: - - name: A10 Networks Support Group - email: support@a10networks.com - url: https://a10networks.com - icon: https://awsmp-logos.s3.amazonaws.com/0cda37b3-aa1a-4c9d-8daf-c396572cc98b/eb20666de8a7a71e6a26afe74e02e517.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: a10networks-a10tkc - kubeversion: '>= 1.19.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/a10networks/tkc:2.1.0.0 - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - diff --git a/charts/partners/a10networks/a10tkc/0.2.0/report.yaml b/charts/partners/a10networks/a10tkc/0.2.0/report.yaml deleted file mode 100644 index 8ad47f576b..0000000000 --- a/charts/partners/a10networks/a10tkc/0.2.0/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5288461864249219119 - chart-uri: https://github.com/a10networks/tkc-doc/raw/master/charts/a10tkc-0.2.0.tgz - digests: - chart: sha256:db2d82c2071a318643b90cda2c74369c4ec587ed21c4f5671d671a8884c4a48a - package: 31ef1828e10eccdec6695bc988a2857ccf6c5b1268351bb75d5f47ad0d126c8b - lastCertifiedTimestamp: "2023-02-15T14:58:54.11247+05:30" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: a10tkc - home: "" - sources: [] - version: 0.2.0 - description: A Helm chart for A10 Thunder Kubernetes Connector - keywords: [] - maintainers: - - name: A10 Networks Support Group - email: support@a10networks.com - url: https://a10networks.com - icon: https://awsmp-logos.s3.amazonaws.com/0cda37b3-aa1a-4c9d-8daf-c396572cc98b/eb20666de8a7a71e6a26afe74e02e517.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: a10networks-a10tkc - kubeversion: '>= 1.19.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi - Image is Red Hat certified : registry.connect.redhat.com/a10networks/tkc:2.1.1.0 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/a10networks/a10tkc/OWNERS b/charts/partners/a10networks/a10tkc/OWNERS deleted file mode 100644 index c299215db5..0000000000 --- a/charts/partners/a10networks/a10tkc/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: a10tkc - shortDescription: Helm Chart for Installing A10 Thunder Kubernetes Connector -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: csingh-a10 -vendor: - label: a10networks - name: A10 Networks diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/extchart/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/extchart/OWNERS deleted file mode 100644 index afa89ae219..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/extchart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: extchart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: vikasmulaje -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-external/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-external/OWNERS deleted file mode 100644 index f397067af6..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-external/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: helm-chart-e2e-external - shortDescription: helm-chart-e2e-external is a helm chart -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: bovem -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-webonly/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-webonly/OWNERS deleted file mode 100644 index 59d87c0d8e..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/helm-chart-e2e-webonly/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: helm-chart-e2e-webonly - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: bovem -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/helm-prod-normal/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/helm-prod-normal/OWNERS deleted file mode 100644 index 5048a6fd53..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/helm-prod-normal/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: helm-prod-normal - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: opcert -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/helm-test-chart-e2e/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/helm-test-chart-e2e/OWNERS deleted file mode 100644 index cb983d3d95..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/helm-test-chart-e2e/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: helm-test-chart-e2e - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: bovem -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/helm/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/helm/OWNERS deleted file mode 100644 index 253ca11345..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/norchart/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/norchart/OWNERS deleted file mode 100644 index 4ef7f88987..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/norchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: norchart - shortDescription: null -publicPgpKey: null -users: -- githubUsername: testuser -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/prodchart4/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/prodchart4/OWNERS deleted file mode 100644 index 88727cc7f7..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/prodchart4/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: prodchart4 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: vikasmulaje -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-1745-hel-chart/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-1745-hel-chart/OWNERS deleted file mode 100644 index 65a7f242b9..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-1745-hel-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-1745-hel-chart - shortDescription: test -providerDelivery: false -publicPgpKey: dGVzdA== -users: -- githubUsername: sawalgiriraj -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-chart-name-20220712-02/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-chart-name-20220712-02/OWNERS deleted file mode 100644 index 0867e34c98..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-chart-name-20220712-02/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-chart-name-20220712-02 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-4-12/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-4-12/OWNERS deleted file mode 100644 index 5e68a74d5b..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-4-12/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: test-helm-chart-4-12 - shortDescription: test-helm-chart-4-12 -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: bovem -- githubUsername: opcert -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-project-2022-12/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-project-2022-12/OWNERS deleted file mode 100644 index 492da49d24..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-chart-project-2022-12/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-helm-chart-project-2022-12 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: sawalgiriraj -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-cnf/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-cnf/OWNERS deleted file mode 100644 index c1fac78068..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-cnf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-helm-cnf - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: opcert -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-internal/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-internal/OWNERS deleted file mode 100644 index 4ed47d3184..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test-helm-internal/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-internal - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/test/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/test/OWNERS deleted file mode 100644 index ceae664f6f..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/test/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/report.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/report.yaml deleted file mode 100644 index a87bc64485..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: src/ - digests: - chart: sha256:1b40d4e41b99df48751f5e9502d01c8398d09c003185649fe3b726c9d91d680a - lastCertifiedTimestamp: "2022-07-27T04:20:50.652479-04:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: testchart411 - home: "" - sources: [] - version: 0.1.8 - description: A Helm chart for a RedHat Certified PSQL - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 10.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: PSQL RedHat Demo Chart - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:1-66' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/.helmignore b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/Chart.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/Chart.yaml deleted file mode 100644 index ad00125b66..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: PSQL RedHat Demo Chart - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart -apiVersion: v2 -appVersion: 10.0.0 -description: A Helm chart for a RedHat Certified PSQL -kubeVersion: ">=1.20.0" -name: testchart411 -type: application -version: 0.1.8 diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/README.md b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/README.md deleted file mode 100644 index 17ba700441..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/README.md +++ /dev/null @@ -1 +0,0 @@ -Helm chart for psql 10 certified image \ No newline at end of file diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/runtime_value.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/runtime_value.yaml deleted file mode 100644 index 6f8d56004e..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/runtime_value.yaml +++ /dev/null @@ -1,5 +0,0 @@ -serviceAccount: - enabled: true - name: sa-with-anyuid - -postgresqlPassword: quebolasere \ No newline at end of file diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/_helpers.tpl b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/_helpers.tpl deleted file mode 100644 index 233e3f493d..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "ssm-service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ssm-service.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ssm-service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "ssm-service.labels" -}} -helm.sh/chart: {{ include "ssm-service.chart" . }} -{{ include "ssm-service.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "ssm-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ssm-service.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ssm-service.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "ssm-service.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/deployment.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/deployment.yaml deleted file mode 100644 index c04fc5e631..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.k8Name }} - #namespace: {{ .Values.k8Project }} - annotations: - app.kubernetes.io/part-of: ssm -spec: - selector: - matchLabels: - app: {{ .Values.k8Name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - annotations: - alpha.image.policy.openshift.io/resolve-names: '*' - labels: - app: {{ .Values.k8Name }} - phase: test - spec: - # securityContext: - # runAsUser: {{ .Values.securityContext.runAsUser }} - # fsGroup: {{ .Values.podSecurityContext.fsGroup }} - # serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.k8Name }} - image: '{{ .Values.image.repository }}{{ .Values.image.name }}:{{ .Values.image.tag }}' - env: - - name: POSTGRESQL_USER - value: {{ .Values.config.postgresUser }} - - name: POSTGRESQL_PASSWORD - value: {{ .Values.config.postgresPassword }} - - name: POSTGRESQL_DATABASE - value: {{ .Values.config.postgresDatabase }} - - name: CHART_VERSION - value: {{ .Chart.AppVersion }} - ports: - - containerPort: {{ .Values.service.port }} - securityContext: - runAsNonRoot: true - resources: - limits: - cpu: {{ .Values.resources.limits.cpu }} - memory: {{ .Values.resources.limits.memory }} - requests: - cpu: {{ .Values.resources.requests.cpu }} - memory: {{ .Values.resources.requests.memory }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.port }} - initialDelaySeconds: 15 - periodSeconds: 20 diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/service.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/service.yaml deleted file mode 100644 index 7e79324667..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.k8ServiceName }} - #namespace: {{ .Values.k8Project }} -spec: - type: {{ .Values.service.type }} - # loadBalancerSourceRanges: - # - {{ .Values.service.sourceRange }} - ports: - - name: rest - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} - selector: - app: {{ .Values.k8Name }} diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/tests/test-psql-connection.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/tests/test-psql-connection.yaml deleted file mode 100644 index 2779a43b60..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/templates/tests/test-psql-connection.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-credentials-test" - #namespace: {{ .Values.k8Project }} - annotations: - "helm.sh/hook": test-success -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: {{ .Release.Name }}-credentials-test - image: '{{ .Values.image.repository }}{{ .Values.image.name }}:{{ .Values.image.tag }}' - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: POSTGRESQL_USER - value: {{ .Values.config.postgresUser }} - - name: PGPASSWORD - value: {{ .Values.config.postgresPassword }} - - name: POSTGRESQL_DATABASE - value: {{ .Values.config.postgresDatabase }} - command: - - /bin/bash - - -ec - - | - psql -d $POSTGRESQL_DATABASE -h psql -p $PSQL_SERVICE_PORT -U $POSTGRESQL_USER -c "select 1" - restartPolicy: Never diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.schema.json b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.schema.json deleted file mode 100644 index 814b7bbb7f..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.schema.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "required": [ - "image", - "k8Project", - "config" - ], - "properties": { - "image": { - "type": "object", - "required": [ - "name", - "repository", - "pullPolicy" - ], - "properties": { - "name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "repository": { - "type": "string", - "pattern": "^[a-z0-9-_./]+$" - }, - "pullPolicy": { - "type": "string", - "pattern": "^(Always|Never|IfNotPresent)$" - } - } - }, - "k8Project": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "config": { - "type": "object", - "required": [ - "postgresUser", - "postgresPassword", - "postgresDatabase" - ], - "properties": { - "postgresUser": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "postgresPassword": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "postgresDatabase": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - } - } - } - } - } \ No newline at end of file diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.yaml b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.yaml deleted file mode 100644 index 5ad9993173..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/0.1.8/src/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Default values for ssm-service. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 -k8Project: davptest -k8Name: psql-bee -k8ServiceName: psql - -serviceAccount: sa-with-anyuid - - -config: - postgresUser: dperaza - postgresPassword: quebolasere - postgresDatabase: helmrocks - -image: - name: postgresql-10-rhel7 - repository: "registry.access.redhat.com/rhscl/" - pullPolicy: IfNotPresent - tag: "1-66" - - -podSecurityContext: - fsGroup: 2000 - -securityContext: - runAsUser: 1000 - - -service: - type: ClusterIP - port: 5432 - sourceRange: 0.0.0.0/0 - -resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/OWNERS deleted file mode 100644 index 3c5536223b..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/testchart411/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart411 - shortDescription: test description for helm chart -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: vikasmulaje -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/a60924148a9b77a2ff5f7b786/web-only-helm-prod/OWNERS b/charts/partners/a60924148a9b77a2ff5f7b786/web-only-helm-prod/OWNERS deleted file mode 100644 index 24e64505b2..0000000000 --- a/charts/partners/a60924148a9b77a2ff5f7b786/web-only-helm-prod/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: web-only-helm-prod - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: opcert -vendor: - label: a60924148a9b77a2ff5f7b786 - name: Vikas Mulaje diff --git a/charts/partners/aaa/5g-amfmme/OWNERS b/charts/partners/aaa/5g-amfmme/OWNERS deleted file mode 100644 index 9689250207..0000000000 --- a/charts/partners/aaa/5g-amfmme/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: 5g-amfmme - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: aaa - name: Samsung Electronics Co., Ltd. diff --git a/charts/partners/abel/semeru-transition/OWNERS b/charts/partners/abel/semeru-transition/OWNERS deleted file mode 100644 index f8ddd9b268..0000000000 --- a/charts/partners/abel/semeru-transition/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: semeru-transition - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: levivic -- githubUsername: redmark-redhat -- githubUsername: dale-fu -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/abel/simple-chart/OWNERS b/charts/partners/abel/simple-chart/OWNERS deleted file mode 100644 index 97d1aac329..0000000000 --- a/charts/partners/abel/simple-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: simple-chart - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/abel/test-chart/OWNERS b/charts/partners/abel/test-chart/OWNERS deleted file mode 100644 index e2344df9fb..0000000000 --- a/charts/partners/abel/test-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-chart - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: elhadjici -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/abel/test-helm-chart-41/OWNERS b/charts/partners/abel/test-helm-chart-41/OWNERS deleted file mode 100644 index a6f597dc72..0000000000 --- a/charts/partners/abel/test-helm-chart-41/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart-41 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/abel/test-helm-web-catalog/OWNERS b/charts/partners/abel/test-helm-web-catalog/OWNERS deleted file mode 100644 index 7da0323406..0000000000 --- a/charts/partners/abel/test-helm-web-catalog/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-web-catalog - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/abel/test-provider-delivery/OWNERS b/charts/partners/abel/test-provider-delivery/OWNERS deleted file mode 100644 index 3c4011a5fb..0000000000 --- a/charts/partners/abel/test-provider-delivery/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-provider-delivery - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: abel - name: Red Hat diff --git a/charts/partners/actano/webclient-01/OWNERS b/charts/partners/actano/webclient-01/OWNERS deleted file mode 100644 index 322272a850..0000000000 --- a/charts/partners/actano/webclient-01/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: webclient-01 - shortDescription: Actano private github repo for helm charts -publicPgpKey: null -users: -- githubUsername: arndtroth -- githubUsername: rohammosalli -vendor: - label: actano - name: ACTANO GmbH diff --git a/charts/partners/api-gateway/corpay-helm/OWNERS b/charts/partners/api-gateway/corpay-helm/OWNERS deleted file mode 100644 index ac747e8fc2..0000000000 --- a/charts/partners/api-gateway/corpay-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: corpay-helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: api-gateway - name: ProgressSoft Corporation diff --git a/charts/partners/arrcus/arcorch/OWNERS b/charts/partners/arrcus/arcorch/OWNERS deleted file mode 100644 index fd1afb22cd..0000000000 --- a/charts/partners/arrcus/arcorch/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: arcorch - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: lakshman-arrcus -vendor: - label: arrcus - name: Arrcus Inc. diff --git a/charts/partners/axual/platform/OWNERS b/charts/partners/axual/platform/OWNERS deleted file mode 100644 index d9f047c211..0000000000 --- a/charts/partners/axual/platform/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: platform - shortDescription: Self Service and Governance suite for Apache Kafka -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: richard-axual -vendor: - label: axual - name: Axual B.V. diff --git a/charts/partners/bcook/asdasd/OWNERS b/charts/partners/bcook/asdasd/OWNERS deleted file mode 100644 index 07e4ab7e46..0000000000 --- a/charts/partners/bcook/asdasd/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: asdasd - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/chart-test/OWNERS b/charts/partners/bcook/chart-test/OWNERS deleted file mode 100644 index 82de39b0e5..0000000000 --- a/charts/partners/bcook/chart-test/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: chart-test - shortDescription: testhelm -publicPgpKey: null -users: -- githubUsername: ghkibria -- githubUsername: mmorency2021 -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/gk-chart/OWNERS b/charts/partners/bcook/gk-chart/OWNERS deleted file mode 100644 index 139d80accc..0000000000 --- a/charts/partners/bcook/gk-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: gk-chart - shortDescription: testhelm -publicPgpKey: null -users: -- githubUsername: ghkibria -- githubUsername: mmorency2021 -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/gkchart/OWNERS b/charts/partners/bcook/gkchart/OWNERS deleted file mode 100644 index 020f0273ad..0000000000 --- a/charts/partners/bcook/gkchart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: gkchart - shortDescription: testhelm -publicPgpKey: null -users: -- githubUsername: ghkibria -- githubUsername: mmorency2021 -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/helm-chart/OWNERS b/charts/partners/bcook/helm-chart/OWNERS deleted file mode 100644 index 6a86320462..0000000000 --- a/charts/partners/bcook/helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/marc/OWNERS b/charts/partners/bcook/marc/OWNERS deleted file mode 100644 index 355a143d25..0000000000 --- a/charts/partners/bcook/marc/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: marc - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/mozn/OWNERS b/charts/partners/bcook/mozn/OWNERS deleted file mode 100644 index 06f2d30a34..0000000000 --- a/charts/partners/bcook/mozn/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: mozn - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/nginx/OWNERS b/charts/partners/bcook/nginx/OWNERS deleted file mode 100644 index 788d635b7b..0000000000 --- a/charts/partners/bcook/nginx/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: nginx - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/test-chart/OWNERS b/charts/partners/bcook/test-chart/OWNERS deleted file mode 100644 index 6eeacae0b7..0000000000 --- a/charts/partners/bcook/test-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-chart - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: elhadjici -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/test-helm-chart-41/OWNERS b/charts/partners/bcook/test-helm-chart-41/OWNERS deleted file mode 100644 index face7df6cb..0000000000 --- a/charts/partners/bcook/test-helm-chart-41/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-helm-chart-41 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/bcook/test-helm-chart/OWNERS b/charts/partners/bcook/test-helm-chart/OWNERS deleted file mode 100644 index a648c1a881..0000000000 --- a/charts/partners/bcook/test-helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bcook - name: Red Hat diff --git a/charts/partners/beamsinc/test123/OWNERS b/charts/partners/beamsinc/test123/OWNERS deleted file mode 100644 index adb5a12e31..0000000000 --- a/charts/partners/beamsinc/test123/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test123 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: beamsinc - name: Beams Inc. diff --git a/charts/partners/bpm-test-registry-namespace/chart-external-prod/OWNERS b/charts/partners/bpm-test-registry-namespace/chart-external-prod/OWNERS deleted file mode 100644 index 758339cb05..0000000000 --- a/charts/partners/bpm-test-registry-namespace/chart-external-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: chart-external-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/chart-internal-prod/OWNERS b/charts/partners/bpm-test-registry-namespace/chart-internal-prod/OWNERS deleted file mode 100644 index a9a4843a3d..0000000000 --- a/charts/partners/bpm-test-registry-namespace/chart-internal-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: chart-internal-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956117/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956117/OWNERS deleted file mode 100644 index 8b771fc365..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956117/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626956117 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956383/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956383/OWNERS deleted file mode 100644 index ab64ffd0a6..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626956383/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626956383 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962724/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962724/OWNERS deleted file mode 100644 index 2661ead112..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962724/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626962724 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962992/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962992/OWNERS deleted file mode 100644 index 51720ad6a4..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1626962992/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626962992 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009429/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009429/OWNERS deleted file mode 100644 index 830200763b..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009429/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1627009429 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009696/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009696/OWNERS deleted file mode 100644 index 1166f5a8c3..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627009696/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1627009696 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019053/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019053/OWNERS deleted file mode 100644 index a03a0a7fdd..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019053/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1627019053 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019310/OWNERS b/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019310/OWNERS deleted file mode 100644 index e70d5934b6..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm-chart-internal-1627019310/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1627019310 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/helm/OWNERS b/charts/partners/bpm-test-registry-namespace/helm/OWNERS deleted file mode 100644 index 6d7e5d91fe..0000000000 --- a/charts/partners/bpm-test-registry-namespace/helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/prodtest/OWNERS b/charts/partners/bpm-test-registry-namespace/prodtest/OWNERS deleted file mode 100644 index 18d03a205b..0000000000 --- a/charts/partners/bpm-test-registry-namespace/prodtest/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: prodtest - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-external/OWNERS b/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-external/OWNERS deleted file mode 100644 index 16bfaeedeb..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-external/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-2021-11-release-helm-chart-external - shortDescription: null -publicPgpKey: null -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-internal/OWNERS b/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-internal/OWNERS deleted file mode 100644 index 8b9618e3c8..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-2021-11-release-helm-chart-internal/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-2021-11-release-helm-chart-internal - shortDescription: null -publicPgpKey: dGVzdA== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-2102/OWNERS b/charts/partners/bpm-test-registry-namespace/test-2102/OWNERS deleted file mode 100644 index 6ea6c40e34..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-2102/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-2102 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-helm-chart/OWNERS b/charts/partners/bpm-test-registry-namespace/test-helm-chart/OWNERS deleted file mode 100644 index 9397cae5d3..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-external/OWNERS b/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-external/OWNERS deleted file mode 100644 index 525c5b9847..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-external/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: test-helmchart-2004-external - shortDescription: a -publicPgpKey: YWFhYQ== -users: -- githubUsername: sawalgiriraj -- githubUsername: abc -- githubUsername: xyz -- githubUsername: kkatare -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-internal/OWNERS b/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-internal/OWNERS deleted file mode 100644 index 3dbad238cf..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-helmchart-2004-internal/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helmchart-2004-internal - shortDescription: fvsfvsdf -publicPgpKey: dndlZnZ2Zg== -users: -- githubUsername: sawalgiriraj -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-release-2021-13-helm-chart/OWNERS b/charts/partners/bpm-test-registry-namespace/test-release-2021-13-helm-chart/OWNERS deleted file mode 100644 index 4e43950bd3..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-release-2021-13-helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-release-2021-13-helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/bpm-test-registry-namespace/test-release-helm-chart/OWNERS b/charts/partners/bpm-test-registry-namespace/test-release-helm-chart/OWNERS deleted file mode 100644 index 39085e07ff..0000000000 --- a/charts/partners/bpm-test-registry-namespace/test-release-helm-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-release-helm-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: opcert -vendor: - label: bpm-test-registry-namespace - name: BPM Test Company diff --git a/charts/partners/broadpeak/bks400/0.2.0/report.yaml b/charts/partners/broadpeak/bks400/0.2.0/report.yaml deleted file mode 100644 index c0133b09c3..0000000000 --- a/charts/partners/broadpeak/bks400/0.2.0/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/Broadpeak-tv/Openshift/raw/main/Certification/bks400-0.2.0.tgz - digests: - chart: sha256:d4dd1dc0d01d17f9c9642a59a1ae630d296f5439c19cb1ca0a4d4d316c981f26 - package: 42c5dd57c0445e76286c216a01ca264bbc9ae3c4eefa9445bf44e3d6240fc340 - lastCertifiedTimestamp: "2022-04-21T10:18:45.000372+02:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: false - chart: - name: bks400 - home: https://broadpeak.tv - sources: [] - version: 0.2.0 - description: BkS400 Helm chart for Kubernetes - keywords: - - http - - https - - www - - web - - cache - maintainers: [] - icon: https://broadpeak.tv/wp-content/uploads/2017/12/Logotype-Broadpeak-rgb.png - apiversion: v2 - condition: "" - tags: "" - appversion: 02.01.07 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: BkS400 Helm chart for Kubernetes - charts.openshift.io/provider: Broadpeak - charts.openshift.io/supportURL: https://broadpeak.tv - kubeversion: '>=1.15.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : harbor.broadpeak.tv/openshift/bks400-rhel8:02.01.07.3607 - Image is Red Hat certified : registry.access.redhat.com/ubi8-minimal:8.4-205 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/broadpeak/bks400/OWNERS b/charts/partners/broadpeak/bks400/OWNERS deleted file mode 100644 index 90d09928ea..0000000000 --- a/charts/partners/broadpeak/bks400/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: bks400 - shortDescription: Broadpeak BkS400 Edge CDN -publicPgpKey: null -users: -- githubUsername: bpkrichardv -vendor: - label: broadpeak - name: Broadpeak diff --git a/charts/partners/c3-ai/c3-cluster/OWNERS b/charts/partners/c3-ai/c3-cluster/OWNERS deleted file mode 100644 index 98a640ad2a..0000000000 --- a/charts/partners/c3-ai/c3-cluster/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: c3-cluster - shortDescription: null -publicPgpKey: null -users: -- githubUsername: c3ivodujmovic -- githubUsername: c3-shiva -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-c3server-7-22-0/OWNERS b/charts/partners/c3-ai/c3-helm-c3server-7-22-0/OWNERS deleted file mode 100644 index e3ace5236c..0000000000 --- a/charts/partners/c3-ai/c3-helm-c3server-7-22-0/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-c3server-7-22-0 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-c3server/OWNERS b/charts/partners/c3-ai/c3-helm-c3server/OWNERS deleted file mode 100644 index 9b939c5d9b..0000000000 --- a/charts/partners/c3-ai/c3-helm-c3server/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-c3server - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-3/OWNERS b/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-3/OWNERS deleted file mode 100644 index 0028c16cfb..0000000000 --- a/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-3/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-cassandra-3-11-10-3 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-4/OWNERS b/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-4/OWNERS deleted file mode 100644 index 8cce1aa37e..0000000000 --- a/charts/partners/c3-ai/c3-helm-cassandra-3-11-10-4/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-cassandra-3-11-10-4 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-jupyter-3-2-6/OWNERS b/charts/partners/c3-ai/c3-helm-jupyter-3-2-6/OWNERS deleted file mode 100644 index cc0319222c..0000000000 --- a/charts/partners/c3-ai/c3-helm-jupyter-3-2-6/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-jupyter-3-2-6 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-postgres-9-6-21-2/OWNERS b/charts/partners/c3-ai/c3-helm-postgres-9-6-21-2/OWNERS deleted file mode 100644 index 545f7a07b5..0000000000 --- a/charts/partners/c3-ai/c3-helm-postgres-9-6-21-2/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-postgres-9-6-21-2 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/c3-ai/c3-helm-zookeeper-3-5-9-3/OWNERS b/charts/partners/c3-ai/c3-helm-zookeeper-3-5-9-3/OWNERS deleted file mode 100644 index b60d1740ef..0000000000 --- a/charts/partners/c3-ai/c3-helm-zookeeper-3-5-9-3/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: c3-helm-zookeeper-3-5-9-3 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: c3-ai - name: C3.AI diff --git a/charts/partners/ca/uma/OWNERS b/charts/partners/ca/uma/OWNERS deleted file mode 100644 index ac7fcd1127..0000000000 --- a/charts/partners/ca/uma/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: uma - shortDescription: Helm-charts for uma -publicPgpKey: null -users: -- githubUsername: mn660971 -vendor: - label: ca - name: CA Technologies diff --git a/charts/partners/can-avanseus/can/OWNERS b/charts/partners/can-avanseus/can/OWNERS deleted file mode 100644 index 978fa8d6e9..0000000000 --- a/charts/partners/can-avanseus/can/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: can - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: can-avanseus - name: Avanseus Holdings Pte Ltd diff --git a/charts/partners/carbonio/carbonio/OWNERS b/charts/partners/carbonio/carbonio/OWNERS deleted file mode 100644 index ba0194f41d..0000000000 --- a/charts/partners/carbonio/carbonio/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: carbonio - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: carbonio - name: Zextras Srl diff --git a/charts/partners/carbonio/ce-single-deployment/OWNERS b/charts/partners/carbonio/ce-single-deployment/OWNERS deleted file mode 100644 index eadbca3cae..0000000000 --- a/charts/partners/carbonio/ce-single-deployment/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ce-single-deployment - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: M0Rf30 -vendor: - label: carbonio - name: Zextras Srl diff --git a/charts/partners/carbonio/ce-single/OWNERS b/charts/partners/carbonio/ce-single/OWNERS deleted file mode 100644 index 244d15e317..0000000000 --- a/charts/partners/carbonio/ce-single/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ce-single - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: M0Rf30 -vendor: - label: carbonio - name: Zextras Srl diff --git a/charts/partners/cast-ai/cast-ai-agent/OWNERS b/charts/partners/cast-ai/cast-ai-agent/OWNERS deleted file mode 100644 index 282daed603..0000000000 --- a/charts/partners/cast-ai/cast-ai-agent/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: cast-ai-agent - shortDescription: 'CAST AI Repository for helm charts to operate the CAST AI kubernetes - automation platform. ' -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: zilvinasu -- githubUsername: CastAIPhil -vendor: - label: cast-ai - name: CAST AI diff --git a/charts/partners/castai/cast-ai-agent/OWNERS b/charts/partners/castai/cast-ai-agent/OWNERS deleted file mode 100644 index 1f6ca1af6a..0000000000 --- a/charts/partners/castai/cast-ai-agent/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: cast-ai-agent - shortDescription: 'CAST AI Repository for helm charts to operate the CAST AI kubernetes - automation platform. ' -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: zilvinasu -- githubUsername: CastAIPhil -vendor: - label: castai - name: CAST AI diff --git a/charts/partners/castai/castai-agent/0.52.0/castai-agent-0.52.0.tgz b/charts/partners/castai/castai-agent/0.52.0/castai-agent-0.52.0.tgz deleted file mode 100644 index 959e247086..0000000000 Binary files a/charts/partners/castai/castai-agent/0.52.0/castai-agent-0.52.0.tgz and /dev/null differ diff --git a/charts/partners/castai/castai-agent/0.52.0/report.yaml b/charts/partners/castai/castai-agent/0.52.0/report.yaml deleted file mode 100644 index 127d9b4d4f..0000000000 --- a/charts/partners/castai/castai-agent/0.52.0/report.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:9227680573663246304 - chart-uri: ./charts/castai-agent-0.52.0.tgz - digests: - chart: sha256:b3c7c29c5aa3e15db68cebd0f340385921539d79e6a9afd09756e38ae766913a - package: 328c4bde8fb4412fa3cd5e13073ab41a961b1d8233fce77c010e4a3ed0cc5ed4 - publicKey: ed8ac67b58b56c1f38afa2e8ed249413a525f42897abb4baaebe80d86c190c9b - lastCertifiedTimestamp: "2023-02-24T14:39:40.440139+02:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.6' - webCatalogOnly: false - chart: - name: castai-agent - home: "" - sources: [] - version: 0.52.0 - description: CAST AI agent deployment chart. - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: v0.42.2 - deprecated: false - annotations: - charts.openshift.io/name: castai-agent - kubeversion: '>= 1.19' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/signature-is-valid - type: Mandatory - outcome: PASS - reason: 'Chart is signed : Signature verification passed' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : us-docker.pkg.dev/castai-hub/library/agent-rh-ubi:v0.42.2' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/castai/castai-agent/OWNERS b/charts/partners/castai/castai-agent/OWNERS deleted file mode 100644 index f94bbcd82a..0000000000 --- a/charts/partners/castai/castai-agent/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: castai-agent - shortDescription: 'CAST AI Repository for helm charts to operate the CAST AI Kubernetes - automation platform. ' -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: zilvinasu -vendor: - label: castai - name: CAST AI diff --git a/charts/partners/catalogicsoftware/cloudcasa/OWNERS b/charts/partners/catalogicsoftware/cloudcasa/OWNERS deleted file mode 100644 index 11d04efe3c..0000000000 --- a/charts/partners/catalogicsoftware/cloudcasa/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: cloudcasa - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: catalogicsoftware - name: Catalogic Software diff --git a/charts/partners/ccpag/xcipio-helm-ccpag-0-1-0/OWNERS b/charts/partners/ccpag/xcipio-helm-ccpag-0-1-0/OWNERS deleted file mode 100644 index 896cbb26f8..0000000000 --- a/charts/partners/ccpag/xcipio-helm-ccpag-0-1-0/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: xcipio-helm-ccpag-0-1-0 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: ccpag - name: SS8 Networks, Inc. diff --git a/charts/partners/ccpag/xcipio-helm-ccpag/OWNERS b/charts/partners/ccpag/xcipio-helm-ccpag/OWNERS deleted file mode 100644 index 15f71ac2f5..0000000000 --- a/charts/partners/ccpag/xcipio-helm-ccpag/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: xcipio-helm-ccpag - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ss8inc -vendor: - label: ccpag - name: SS8 Networks, Inc. diff --git a/charts/partners/ccpag/xcipio-helm-ccpag1/OWNERS b/charts/partners/ccpag/xcipio-helm-ccpag1/OWNERS deleted file mode 100644 index 50a36a48f1..0000000000 --- a/charts/partners/ccpag/xcipio-helm-ccpag1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: xcipio-helm-ccpag1 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: ccpag - name: SS8 Networks, Inc. diff --git a/charts/partners/certops/test-helm-chart/OWNERS b/charts/partners/certops/test-helm-chart/OWNERS deleted file mode 100644 index 4ab2392ceb..0000000000 --- a/charts/partners/certops/test-helm-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: certops - name: certops diff --git a/charts/partners/certpm-test-partner/gitbook/OWNERS b/charts/partners/certpm-test-partner/gitbook/OWNERS deleted file mode 100644 index 0706c0f9c6..0000000000 --- a/charts/partners/certpm-test-partner/gitbook/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: gitbook - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: certpm-test-partner - name: Test Company diff --git a/charts/partners/certpm-test-partner/helm-chart-doc/OWNERS b/charts/partners/certpm-test-partner/helm-chart-doc/OWNERS deleted file mode 100644 index bb1868c8da..0000000000 --- a/charts/partners/certpm-test-partner/helm-chart-doc/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm-chart-doc - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: certpm-test-partner - name: Test Company diff --git a/charts/partners/certpm-test-partner/test-helm-chart-new/OWNERS b/charts/partners/certpm-test-partner/test-helm-chart-new/OWNERS deleted file mode 100644 index c490a82e39..0000000000 --- a/charts/partners/certpm-test-partner/test-helm-chart-new/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart-new - shortDescription: null -publicPgpKey: null -users: -- githubUsername: marcorandria+github@gmail.com -vendor: - label: certpm-test-partner - name: Test Company diff --git a/charts/partners/certpm-test-partner/test-helm-chart/OWNERS b/charts/partners/certpm-test-partner/test-helm-chart/OWNERS deleted file mode 100644 index 0f4fc6348c..0000000000 --- a/charts/partners/certpm-test-partner/test-helm-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart - shortDescription: Helm Chart certification Test -publicPgpKey: null -users: -- githubUsername: marcorandria+github@gmail.com -vendor: - label: certpm-test-partner - name: Test Company diff --git a/charts/partners/cloudcastles/cc-ubi8-hw/OWNERS b/charts/partners/cloudcastles/cc-ubi8-hw/OWNERS deleted file mode 100644 index f9ad85d1d3..0000000000 --- a/charts/partners/cloudcastles/cc-ubi8-hw/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: cc-ubi8-hw - shortDescription: Basic helm chart for cc sample application -publicPgpKey: null -users: -- githubUsername: vrvaderom -vendor: - label: cloudcastles - name: Cloud Castles diff --git a/charts/partners/cloudtruth/kubetruth/OWNERS b/charts/partners/cloudtruth/kubetruth/OWNERS deleted file mode 100644 index 37acadf277..0000000000 --- a/charts/partners/cloudtruth/kubetruth/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: kubetruth - shortDescription: CloudTruth KubeTruth kunernetes operator -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: any -vendor: - label: cloudtruth - name: CloudTruth diff --git a/charts/partners/cpd/wmla231/OWNERS b/charts/partners/cpd/wmla231/OWNERS deleted file mode 100644 index abb205ef80..0000000000 --- a/charts/partners/cpd/wmla231/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: wmla231 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: cpd - name: IBM Canada Ltd. diff --git a/charts/partners/ddosify/ddosify-community-edition/OWNERS b/charts/partners/ddosify/ddosify-community-edition/OWNERS deleted file mode 100644 index 968cdb24cd..0000000000 --- a/charts/partners/ddosify/ddosify-community-edition/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ddosify-community-edition - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: ddosify - name: Ddosify Inc. diff --git a/charts/partners/default/idit-runtime-umbrella-chart/OWNERS b/charts/partners/default/idit-runtime-umbrella-chart/OWNERS deleted file mode 100644 index a09ca26c05..0000000000 --- a/charts/partners/default/idit-runtime-umbrella-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: idit-runtime-umbrella-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: default - name: SAPIENS SOFTWARE SOLUTIONS (IDIT) LTD diff --git a/charts/partners/devnio/nef-nabstract/OWNERS b/charts/partners/devnio/nef-nabstract/OWNERS deleted file mode 100644 index 160d1532aa..0000000000 --- a/charts/partners/devnio/nef-nabstract/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nef-nabstract - shortDescription: Nabstract NEF - 5G Network APIs -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ishanshahnio -vendor: - label: devnio - name: Nabstract Technologies Pvt. Ltd. diff --git a/charts/partners/dh2i/dxemssql/1.0.1/dxemssql-1.0.1.tgz b/charts/partners/dh2i/dxemssql/1.0.1/dxemssql-1.0.1.tgz deleted file mode 100644 index 4068a33662..0000000000 Binary files a/charts/partners/dh2i/dxemssql/1.0.1/dxemssql-1.0.1.tgz and /dev/null differ diff --git a/charts/partners/dh2i/dxemssql/1.0.1/report.yaml b/charts/partners/dh2i/dxemssql/1.0.1/report.yaml deleted file mode 100644 index 42a49822fd..0000000000 --- a/charts/partners/dh2i/dxemssql/1.0.1/report.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.1 - reportDigest: uint64:2374458691333548155 - chart-uri: ./dxemssql-1.0.1.tgz - digests: - chart: sha256:bba38b72bd647ead19350b86ec60253d203d9465d75efd4c25d210110b77d789 - package: 7c06abccc415798d8e8dd0850d639f8e01a250e3dc9c27a9e3b250ccab86d100 - lastCertifiedTimestamp: "2022-12-15T19:27:13.91183+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: dxemssql - home: "" - sources: [] - version: 1.0.1 - description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server availability groups - keywords: [] - maintainers: [] - icon: https://clients.dh2i.com/images/DH2i_Logo_Icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: "22.0" - deprecated: false - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG - catalog.cattle.io/release-name: dxemssql - charts.openshift.io/name: DxEnterprise for Microsoft SQL AG - kubeversion: '>= 1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : mcr.microsoft.com/mssql/rhel/server:latest - Image is Red Hat certified : dh2i/dxe:rhel8 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/dh2i/dxemssql/OWNERS b/charts/partners/dh2i/dxemssql/OWNERS deleted file mode 100644 index 75aea0ac28..0000000000 --- a/charts/partners/dh2i/dxemssql/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: dxemssql - shortDescription: Helm chart for DxEnterprise + SQL Server sidecar container deployment -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: dh2i-devs -vendor: - label: dh2i - name: DH2i diff --git a/charts/partners/diffgram/diffgram-helm/OWNERS b/charts/partners/diffgram/diffgram-helm/OWNERS deleted file mode 100644 index 39850eb715..0000000000 --- a/charts/partners/diffgram/diffgram-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: diffgram-helm - shortDescription: null -publicPgpKey: null -users: -- githubUsername: anthony-sarkis -vendor: - label: diffgram - name: Diffgram diff --git a/charts/partners/edgelabs/ai-sensor/OWNERS b/charts/partners/edgelabs/ai-sensor/OWNERS deleted file mode 100644 index f61663d5b0..0000000000 --- a/charts/partners/edgelabs/ai-sensor/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: ai-sensor - shortDescription: This is actually temporary - we do not use GitHub at all. Need. - to discuss separately. -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: miggi -vendor: - label: edgelabs - name: AI EdgeLabs diff --git a/charts/partners/exate/exateapigator/0.1.0/report.yaml b/charts/partners/exate/exateapigator/0.1.0/report.yaml deleted file mode 100644 index 36b7b1310c..0000000000 --- a/charts/partners/exate/exateapigator/0.1.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:4110802231717007294 - chart-uri: https://charts.test.exate.co/chartrepo/exate-apigator/charts/exateapigator-0.1.0.tgz - digests: - chart: sha256:2844ec382545ca9657f2a3ae5b0b4f417c5fe40b42cf8bdc11577ea162ecbcfb - package: c22f6a06a434022b30a92e05931a5c88cef509eb040b5cf5a99d3b8476c860fa - lastCertifiedTimestamp: "2023-01-16T13:52:25.629673+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: false - chart: - name: exateapigator - home: https://dev.azure.com/exatetechnology/exatetechnology/ - sources: [] - version: 0.1.0 - description: An eXate APIgator application deployment - keywords: [] - maintainers: - - name: eXate Technology - email: "" - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.0 - deprecated: false - annotations: - charts.openshift.io/name: exateapigator - kubeversion: '>= 1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : oneartifactoryexate.azurecr.io/exateapigator:2.11.00' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/exate/exateapigator/0.2.0/report.yaml b/charts/partners/exate/exateapigator/0.2.0/report.yaml deleted file mode 100644 index 3e36ba4a23..0000000000 --- a/charts/partners/exate/exateapigator/0.2.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:4195423915235881051 - chart-uri: https://charts.test.exate.co/chartrepo/exate-apigator/charts/exateapigator-0.2.0.tgz - digests: - chart: sha256:ce2cb79a98a59445871080e9d97cd364dd0ae380035bb34a662237184a2a039c - package: 1fe6a1654d591af227f39b37bb754e3765e1317a0684c555ed1c96f868f6aac4 - lastCertifiedTimestamp: "2023-01-19T13:26:43.568612+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: false - chart: - name: exateapigator - home: https://dev.azure.com/exatetechnology/exatetechnology/ - sources: [] - version: 0.2.0 - description: An eXate APIgator application deployment - keywords: [] - maintainers: - - name: eXate Technology - email: "" - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.2.0 - deprecated: false - annotations: - charts.openshift.io/name: exateapigator - kubeversion: '>= 1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : oneartifactoryexate.azurecr.io/exateapigator:2.11.00' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/exate/exateapigator/0.3.0/report.yaml b/charts/partners/exate/exateapigator/0.3.0/report.yaml deleted file mode 100644 index 8278a0f36d..0000000000 --- a/charts/partners/exate/exateapigator/0.3.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:8515912470851466532 - chart-uri: https://charts.test.exate.co/chartrepo/exate-apigator/charts/exateapigator-0.3.0.tgz - digests: - chart: sha256:2d585ecc336e63e2081ccbc3feadafcd7c6784bad00f82240aa969d4dc4ec7cc - package: 04f2b02145520ccb0ace6be786cb13e26acfa4624f3b129b1751d404757abac7 - lastCertifiedTimestamp: "2023-01-23T09:59:54.580005+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.3' - webCatalogOnly: false - chart: - name: exateapigator - home: https://dev.azure.com/exatetechnology/exatetechnology/ - sources: [] - version: 0.3.0 - description: An eXate APIgator application deployment - keywords: [] - maintainers: - - name: eXate Technology - email: "" - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.3.0 - deprecated: false - annotations: - charts.openshift.io/name: exateapigator - kubeversion: '>= 1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : oneartifactoryexate.azurecr.io/exateapigator:2.11.00' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/exate/exateapigator/OWNERS b/charts/partners/exate/exateapigator/OWNERS deleted file mode 100644 index 3b102967e7..0000000000 --- a/charts/partners/exate/exateapigator/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: exateapigator - shortDescription: eXate APIgator deployment -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: zeeshanAt -vendor: - label: exate - name: EXATE TECHNOLOGY LIMITED diff --git a/charts/partners/exfo/u-verifier-chart/OWNERS b/charts/partners/exfo/u-verifier-chart/OWNERS deleted file mode 100644 index 91bc7bb715..0000000000 --- a/charts/partners/exfo/u-verifier-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: u-verifier-chart - shortDescription: Nova u-Verifier helm chart -publicPgpKey: null -users: -- githubUsername: arasyid-aziz -vendor: - label: exfo - name: EXFO Inc. diff --git a/charts/partners/exfo/uv-helm/0.1.3/report.yaml b/charts/partners/exfo/uv-helm/0.1.3/report.yaml deleted file mode 100644 index 894027bb25..0000000000 --- a/charts/partners/exfo/uv-helm/0.1.3/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: ../uverifier - digests: - chart: sha256:4e7e593c0f1e3fd1d8b984122516d56d5c82035b6da313aac9c8ef12da64173a - lastCertifiedTimestamp: "2022-09-23T20:35:00.390109+08:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: uv-helm - home: "" - sources: [] - version: 0.1.3 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.exfo.com/dist/atomic/organism/o-header/o-header-banner/exfo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 0.2.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: uVerifier Demo Chart - charts.openshift.io/provider: EXFO - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/exfo/uverifier:21.08.17087 - Image is Red Hat certified : registry.access.redhat.com/rhel-minimal:7.9-758 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/exfo/uv-helm/0.1.3/uv-helm-0.1.3.tgz b/charts/partners/exfo/uv-helm/0.1.3/uv-helm-0.1.3.tgz deleted file mode 100644 index e21fad3b93..0000000000 Binary files a/charts/partners/exfo/uv-helm/0.1.3/uv-helm-0.1.3.tgz and /dev/null differ diff --git a/charts/partners/exfo/uv-helm/OWNERS b/charts/partners/exfo/uv-helm/OWNERS deleted file mode 100644 index 98a939297f..0000000000 --- a/charts/partners/exfo/uv-helm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: uv-helm - shortDescription: Nova u-Verifier helm chart -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: arasyid-aziz -vendor: - label: exfo - name: EXFO Inc. diff --git a/charts/partners/exfo/uverifier/0.1.2/report.yaml b/charts/partners/exfo/uverifier/0.1.2/report.yaml deleted file mode 100644 index cca34cf0f6..0000000000 --- a/charts/partners/exfo/uverifier/0.1.2/report.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: ./uverifier-0.1.2.tgz - digests: - chart: sha256:74fa80d28a46d9da1ae7a74bc050449164389a358bd13bd2fb2a23d4770a9206 - package: 388968518305560104f0422c70cb9a1511415779ebf65fd2d2ae915eda544c7e - lastCertifiedTimestamp: "2022-07-20T16:33:20.993665+08:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: uverifier - home: "" - sources: [] - version: 0.1.2 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.exfo.com/dist/atomic/organism/o-header/o-header-banner/exfo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 0.2.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: uVerifier Demo Chart - charts.openshift.io/provider: EXFO - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/exfo/uverifier:21.08.17087 - Image is Red Hat certified : registry.access.redhat.com/rhel-minimal:7.9-758 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/exfo/uverifier/0.1.2/uverifier-0.1.2.tgz b/charts/partners/exfo/uverifier/0.1.2/uverifier-0.1.2.tgz deleted file mode 100644 index c95675a684..0000000000 Binary files a/charts/partners/exfo/uverifier/0.1.2/uverifier-0.1.2.tgz and /dev/null differ diff --git a/charts/partners/exfo/uverifier/OWNERS b/charts/partners/exfo/uverifier/OWNERS deleted file mode 100644 index 50f6334cf2..0000000000 --- a/charts/partners/exfo/uverifier/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: uverifier - shortDescription: Nova u-Verifier helm chart -publicPgpKey: null -users: -- githubUsername: arasyid-aziz -vendor: - label: exfo - name: EXFO Inc. diff --git a/charts/partners/fiware/orion-ld/1.0.1/report.yaml b/charts/partners/fiware/orion-ld/1.0.1/report.yaml deleted file mode 100644 index 7c29930da9..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/report.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.1 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts - digests: - chart: sha256:7e67553ee7d697bed1b7d40a9d1c3ed1d724e32c7894c43629b5c156718aa3dd - lastCertifiedTimestamp: "2022-01-19T16:19:54.899727+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.6' - chart: - name: orion-ld - home: https://github.com/FIWARE/context.Orion-LD - sources: - - https://github.com/FIWARE/context.Orion-LD - version: 1.0.1 - description: A Helm chart for running the fiware orion-ld context broker on kubernetes. - keywords: - - fiware - - orion-ld - maintainers: - - name: wistefan - email: stefan.wiedemann@fiware.org - url: "" - icon: https://fiware.github.io/catalogue/img/fiware.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.1 - deprecated: false - annotations: - charts.openshift.io/name: orion-ld - kubeversion: '>= 1.19' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/opencloudio/ibm-mongodb:4.0.24 - Image is Red Hat certified : quay.io/fiware/orion-ld:1.0.1 - Image is Red Hat certified : quay.io/opencloudio/curl:4.2.0-build.8 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/Chart.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/Chart.yaml deleted file mode 100644 index 10de01bc9a..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: orion-ld -version: 1.0.1 -appVersion: 1.0.1 -kubeVersion: '>= 1.19' -home: https://github.com/FIWARE/context.Orion-LD -description: A Helm chart for running the fiware orion-ld context broker on kubernetes. -icon: https://fiware.github.io/catalogue/img/fiware.png -keywords: -- fiware -- orion-ld -sources: -- https://github.com/FIWARE/context.Orion-LD -maintainers: -- name: wistefan - email: stefan.wiedemann@fiware.org -annotations: - charts.openshift.io/name: orion-ld \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/README.md b/charts/partners/fiware/orion-ld/1.0.1/src/README.md deleted file mode 100644 index bff2a69afc..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# orion-ld - -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1.0.1](https://img.shields.io/badge/AppVersion-1.0.1-informational?style=flat-square) - -A Helm chart for running the fiware orion-ld context broker on kubernetes. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| wistefan | stefan.wiedemann@fiware.org | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>= 1.19` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoscaling.enabled | bool | `false` | should autoscaling be enabled for the context broker | -| autoscaling.maxReplicas | int | `10` | maximum number of running pods | -| autoscaling.metrics | list | `[]` | metrics to react on | -| autoscaling.minReplicas | int | `1` | minimum number of running pods | -| broker.cachedContextFolder | string | `"/opt/orion/ldcontexts"` | | -| broker.db.hosts | list | `[]` | configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set | -| broker.db.name | string | `"orion"` | | -| broker.envPrefix | string | `"ORIONLD_"` | Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld | -| broker.ipv4enabled | bool | `false` | set to true if only ipv4 should be used, do not set both options to true | -| broker.ipv6enabled | bool | `false` | set to true if only ipv6 should be used, do not set both options to true | -| broker.logging.level | string | `"WARN"` | log level of the broker | -| broker.metrics.enabled | string | `"false"` | enable or disable metrics gathering | -| broker.noDevTrace | bool | `true` | should the extended development tracing be disabled? | -| broker.port | int | `1026` | port that the broker is listening to | -| broker.troe | object | `{"dbHost":"postgres","dbPassword":"password","dbPort":5432,"dbUser":"user","enabled":false}` | configuration of temporal entity representation | -| broker.troe.dbHost | string | `"postgres"` | host of the postgres to be used | -| broker.troe.dbPassword | string | `"password"` | password to authenticate with at postgres | -| broker.troe.dbPort | int | `5432` | port of the postgres to be used | -| broker.troe.dbUser | string | `"user"` | username to authenticate with at postgres | -| broker.troe.enabled | bool | `false` | should temporal representation of entities be enabled | -| deployment.additionalAnnotations | object | `{}` | additional annotations for the deployment, if required | -| deployment.additionalLabels | object | `{}` | additional labels for the deployment, if required | -| deployment.affinity | object | `{}` | affinity template ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | -| deployment.image.pullPolicy | string | `"IfNotPresent"` | specification of the image pull policy | -| deployment.image.repository | string | `"quay.io/fiware/orion-ld"` | orion image name ref: https://hub.docker.com/r/fiware/orion/ ref: https://quay.io/repository/fiware/orion-ld | -| deployment.image.tag | string | `"1.0.1"` | | -| deployment.livenessProbe.initialDelaySeconds | int | `30` | | -| deployment.livenessProbe.periodSeconds | int | `10` | | -| deployment.livenessProbe.successThreshold | int | `1` | | -| deployment.livenessProbe.timeoutSeconds | int | `30` | | -| deployment.nodeSelector | object | `{}` | orion resource requests and limits, we leave the default empty to make that a concious choice by the user. for the autoscaling to make sense, you should configure this. resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi -- selector template ref: https://kubernetes.io/docs/user-guide/node-selection/ | -| deployment.readinessProbe.initialDelaySeconds | int | `30` | | -| deployment.readinessProbe.periodSeconds | int | `10` | | -| deployment.readinessProbe.successThreshold | int | `1` | | -| deployment.readinessProbe.timeoutSeconds | int | `30` | | -| deployment.replicaCount | int | `1` | initial number of target replications, can be different if autoscaling is enabled | -| deployment.revisionHistoryLimit | int | `3` | number of old replicas to be retained | -| deployment.sidecars | list | `[]` | additional sidepods for the deployment, if required | -| deployment.tolerations | list | `[]` | tolerations template ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | -| deployment.updateStrategy.rollingUpdate | object | `{"maxSurge":1,"maxUnavailable":0}` | new pods will be added gradually | -| deployment.updateStrategy.rollingUpdate.maxSurge | int | `1` | number of pods that can be created above the desired amount while updating | -| deployment.updateStrategy.rollingUpdate.maxUnavailable | int | `0` | number of pods that can be unavailable while updating | -| deployment.updateStrategy.type | string | `"RollingUpdate"` | type of the update | -| deployment.volumes | list | `[]` | additional volumes for the deployment, if required | -| fullnameOverride | string | `""` | option to override the fullname config in the _helpers.tpl | -| ingress.annotations | object | `{}` | annotations to be added to the ingress | -| ingress.enabled | bool | `false` | should there be an ingress to connect orion with the public internet | -| ingress.hosts | list | `[]` | | -| ingress.tls | list | `[]` | provide a hosts and the paths that should be available - host: localhost paths: - / -- configure the ingress' tls | -| mongo.enabled | bool | `true` | should mongodb be enabled | -| mongo.image.pullPolicy | string | `"IfNotPresent"` | pull policy to be used for mongo | -| mongo.image.repository | string | `"quay.io/opencloudio/ibm-mongodb"` | mongo image name | -| mongo.image.tag | string | `"4.0.24"` | version of mongo | -| mongo.port | int | `27017` | port to make mongo accessible at | -| nameOverride | string | `""` | option to override the name config in the _helpers.tpl | -| route.annotations | object | `{}` | annotations to be added to the route | -| route.enabled | bool | `false` | | -| route.tls | object | `{}` | host to be used host: localhost -- tls configuration for the route | -| service.annotations | object | `{}` | addtional annotations, if required | -| service.port | int | `1026` | port to be used by the service | -| service.type | string | `"ClusterIP"` | service type | -| serviceAccount | object | `{"create":false}` | if a orion specific service account should be used, it can be configured here ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | -| serviceAccount.create | bool | `false` | specifies if the account should be created | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/NOTES.txt b/charts/partners/fiware/orion-ld/1.0.1/src/templates/NOTES.txt deleted file mode 100644 index 8095edd8d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Successfully deployed Orion-LD. - -Connect at {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/_helpers.tpl b/charts/partners/fiware/orion-ld/1.0.1/src/templates/_helpers.tpl deleted file mode 100644 index ae546054d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "orion.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "orion.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "orion.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "orion.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "orion.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "orion.labels" -}} -app.kubernetes.io/name: {{ include "orion.name" . }} -helm.sh/chart: {{ include "orion.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-hpa.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-hpa.yaml deleted file mode 100644 index 89c5b3c8c7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-hpa.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "orion.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} -{{- with .Values.autoscaling.metrics }} - metrics: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-mongo.yaml deleted file mode 100644 index e79ca1c634..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment-mongo.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }}-mongo - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - containers: - - name: mongo-db - imagePullPolicy: {{ .Values.mongo.image.pullPolicy }} - image: "{{ .Values.mongo.image.repository }}:{{ .Values.mongo.image.tag }}" - securityContext: - runAsUser: 999 - ports: - - name: mongo - containerPort: {{ .Values.mongo.port}} - protocol: TCP - livenessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment.yaml deleted file mode 100644 index 3d9289f7a0..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/deployment.yaml +++ /dev/null @@ -1,353 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - {{ include "orion.labels" . | nindent 8 }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "orion.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - {{ if and (.Values.broker.noDevTrace) (eq .Values.deployment.image.repository "fiware/orion-ld") }} - args: ["-lmtmp"] - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - command: ["/bin/bash", "-c", "/usr/bin/contextBroker -fg | sed '/SUMMARY/w /tmp/healthcheck'"] - {{ end }} - ports: - - name: http - containerPort: {{ .Values.broker.port}} - protocol: TCP - {{ if eq .Values.deployment.image.repository "fiware/orion-ld" }} - readinessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds}} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds}} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - env: - # general - - name: {{ .Values.broker.envPrefix }}PORT - value: {{ .Values.broker.port | quote }} - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE_PORT - value: "1027" - - name: {{ .Values.broker.envPrefix }}DISABLE_FILE_LOG - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}CACHED_CONTEXT_DIRECTORY - value: {{ .Values.broker.cachedContextFolder }} - {{- if and (eq .Values.broker.ipv4enabled true) (eq .Values.broker.ipv6enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV4 - value: "TRUE" - {{- end }} - {{- if and (eq .Values.broker.ipv6enabled true) (eq .Values.broker.ipv4enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV6 - value: "TRUE" - {{- end }} - {{- if .Values.broker.httpTimeout }} - - name: {{ .Values.broker.envPrefix }}HTTP_TIMEOUT - value: {{ .Values.broker.httpTimeout }} - {{- end }} - {{- if .Values.broker.reqTimeout }} - - name: {{ .Values.broker.envPrefix }}REQ_TIMEOUT - value: {{ .Values.broker.reqTimeout }} - {{- end }} - {{- if .Values.broker.corsOrigin }} - - name: {{ .Values.broker.envPrefix }}CORS_ALLOWED_ORIGIN - value: {{ .Values.broker.corsOrigin }} - {{- end }} - {{- if .Values.broker.corsMaxAge }} - - name: {{ .Values.broker.envPrefix }}CORS_MAX_AGE - value: {{ .Values.broker.corsMaxAge }} - {{- end }} - {{- if .Values.broker.mutexPolicy }} - - name: {{ .Values.broker.envPrefix }}MUTEX_POLICY - value: {{ .Values.broker.mutexPolicy }} - {{- end }} - {{- if .Values.broker.cprForwardLimit }} - - name: {{ .Values.broker.envPrefix }}CPR_FORWARD_LIMIT - value: {{ .Values.broker.cprForwardLimit }} - {{- end }} - {{- if .Values.broker.subCacheIval }} - - name: {{ .Values.broker.envPrefix }}SUBCACHE_IVAL - value: {{ .Values.broker.subCacheIval }} - {{- end }} - {{- if .Values.broker.noCache }} - - name: {{ .Values.broker.envPrefix }}NOCACHE - value: {{ .Values.broker.noCache | upper | quote }} - {{- end }} - {{- if .Values.broker.connectionMemory }} - - name: {{ .Values.broker.envPrefix }}CONN_MEMORY - value: {{ .Values.broker.connectionMemory }} - {{- end }} - {{- if .Values.broker.maxConnections }} - - name: {{ .Values.broker.envPrefix }}MAX_CONN - value: {{ .Values.broker.maxConnections | quote }} - {{- end }} - {{- if .Values.broker.reqPoolSize }} - - name: {{ .Values.broker.envPrefix }}TRQ_POOL_SIZE - value: {{ .Values.broker.reqPoolSize | quote }} - {{- end }} - {{- if .Values.broker.inReqPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}IN_REQ_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.inReqPayloadMaxSize }} - {{- end }} - {{- if .Values.broker.outReqMsgMaxSize }} - - name: {{ .Values.broker.envPrefix }}OUT_REQ_MSG_MAX_SIZE - value: {{ .Values.broker.outReqMsgMaxSize }} - {{- end }} - {{- if .Values.broker.notificationMode }} - - name: {{ .Values.broker.envPrefix }}NOTIF_MODE - value: {{ .Values.broker.notificationMode }} - {{- end }} - {{- if .Values.broker.notificationFlowControl }} - - name: {{ .Values.broker.envPrefix }}NOTIF_FLOW_CONTROL - value: {{ .Values.broker.notificationFlowControl }} - {{- end }} - {{- if .Values.broker.simulatedNotification }} - - name: {{ .Values.broker.envPrefix }}DROP_NOTIF - value: {{ .Values.broker.simulatedNotification }} - {{- end }} - {{- if .Values.broker.disableCustomNotifications }} - - name: {{ .Values.broker.envPrefix }}DISABLE_CUSTOM_NOTIF - value: {{ .Values.broker.disableCustomNotifications | upper }} - {{- end }} - {{- if .Values.broker.insecureNotifEnabled }} - - name: {{ .Values.broker.envPrefix }}INSECURE_NOTIF - value: {{ .Values.broker.insecureNotifEnabled | upper }} - {{- end }} - {{- if .Values.broker.forwardingEnabled }} - - name: {{ .Values.broker.envPrefix }}FORWARDING - value: {{ .Values.broker.forwardingEnabled | quote | upper }} - {{- end }} - - # db - - name: {{ .Values.broker.envPrefix }}MONGO_HOST - {{- if .Values.mongo.enabled }} - value: {{ include "orion.fullname" . }}-mongo:27017 - {{- else }} - value: {{ join "," .Values.broker.db.hosts }} - {{- end }} - - name: {{ .Values.broker.envPrefix }}MONGO_DB - value: {{ .Values.broker.db.name }} - {{ $numHosts := len .Values.broker.db.hosts }} - {{- if gt $numHosts 1 -}} - - name: {{ .Values.broker.envPrefix }}MONGO_REPLICA_SET - value: {{ .Values.broker.db.replicaSet }} - {{- end }} - {{- if .Values.broker.db.auth }} - - name: {{ .Values.broker.envPrefix }}MONGO_USER - value: {{ .Values.broker.db.auth.user }} - - name: {{ .Values.broker.envPrefix }}MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orion.fullname" . }} - key: dbPassword - {{- if .Values.broker.db.auth.mech }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_MECH - value: {{ .Values.broker.db.auth.mech }} - {{- end }} - {{- end }} - {{- if .Values.broker.db.sslEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_SSL - value: {{ .Values.broker.db.sslEnabled | upper }} - {{- end }} - {{- if .Values.broker.db.timeout }} - - name: {{ .Values.broker.envPrefix }}MONGO_TIMEOUT - value: {{ .Values.broker.db.timeout }} - {{- end }} - {{- if .Values.broker.db.poolSize }} - - name: {{ .Values.broker.envPrefix }}MONGO_POOL_SIZE - value: {{ .Values.broker.db.poolSize | quote }} - {{- end }} - {{- if .Values.broker.db.writeConcern }} - - name: {{ .Values.broker.envPrefix }}MONGO_WRITE_CONCERN - value: {{ .Values.broker.db.writeConcern }} - {{- end }} - - # tenancy - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MULTI_SERVICE - value: {{ .Values.broker.multiserviceEnabled | upper }} - {{- end }} - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_SOURCE - value: admin - {{- end }} - - # metrics - {{ if .Values.broker.metrics }} - {{ if eq .Values.broker.metrics.enabled "false" }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "FALSE" - {{- end }} - {{ if .Values.broker.metrics.statCountersEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_COUNTERS - value: {{ .Values.broker.metrics.statCountersEnabled | upper }} - {{ end }} - {{ if .Values.broker.metrics.statSemWaitEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_SEM_WAIT - value: {{ .Values.broker.metrics.statSemWaitEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statTimingEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_TIMING - value: {{ .Values.broker.metrics.statTimingEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statNotifQueueEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_NOTIF_QUEUE - value: {{ .Values.broker.metrics.statNotifQueueEnabled | upper }} - {{- end }} - {{- end }} - - # logging - - name: {{ .Values.broker.envPrefix }}LOG_LEVEL - value: {{ .Values.broker.logging.level }} - {{- if .Values.broker.logging.dir }} - - name: {{ .Values.broker.envPrefix }}LOG_DIR - value: {{ .Values.broker.logging.dir }} - {{- end }} - {{- if .Values.broker.logging.append }} - - name: {{ .Values.broker.envPrefix }}LOG_APPEND - value: {{ .Values.broker.logging.append }} - {{- end }} - {{- if .Values.broker.logging.trace }} - - name: {{ .Values.broker.envPrefix }}TRACE - value: {{ .Values.broker.logging.trace }} - {{- end }} - {{- if .Values.broker.logging.summaryPeriod }} - - name: {{ .Values.broker.envPrefix }}LOG_SUMMARY_PERIOD - value: {{ .Values.broker.logging.summaryPeriod | quote }} - {{- end }} - {{- if .Values.broker.logging.relogAlarms }} - - name: {{ .Values.broker.envPrefix }}RELOG_ALARMS - value: {{ .Values.broker.logging.relogAlarms | upper }} - {{- end }} - {{- if .Values.broker.logging.forHumans }} - - name: {{ .Values.broker.envPrefix }}LOG_FOR_HUMANS - value: {{ .Values.broker.logging.forHumans | upper }} - {{- end }} - {{- if .Values.broker.logging.lineMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_LINE_MAX_SIZE - value: {{ .Values.broker.logging.lineMaxSize }} - {{- end }} - {{- if .Values.broker.logging.infoPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_INFO_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.logging.infoPayloadMaxSize }} - {{- end }} - - ##TROE - {{ if .Values.broker.troe }} - {{ if eq .Values.broker.troe.enabled true }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "FALSE" - {{- end -}} - {{ if .Values.broker.troe.dbUser }} - - name: {{ .Values.broker.envPrefix }}TROE_USER - value: {{ .Values.broker.troe.dbUser }} - {{ end }} - {{ if .Values.broker.troe.dbPassword }} - - name: {{ .Values.broker.envPrefix }}TROE_PWD - value: {{ .Values.broker.troe.dbPassword }} - {{ end }} - {{ if .Values.broker.troe.dbHost }} - - name: {{ .Values.broker.envPrefix }}TROE_HOST - value: {{ .Values.broker.troe.dbHost }} - {{ end }} - {{ if .Values.broker.troe.dbPort }} - - name: {{ .Values.broker.envPrefix }}TROE_PORT - value: {{ .Values.broker.troe.dbPort | quote }} - {{ end }} - {{ if .Values.broker.troe.dbPoolsize }} - - name: {{ .Values.broker.envPrefix }}TROE_POOL_SIZE - value: {{ .Values.broker.troe.dbPoolsize | quote }} - {{ end }} - {{- end }} - resources: - {{- toYaml .Values.deployment.resources | nindent 12 }} - {{- if .Values.deployment.sidecars }} - {{- toYaml .Values.deployment.sidecars | nindent 8 }} - {{- end }} - {{- if .Values.deployment.volumes }} - volumes: - {{- toYaml .Values.deployment.volumes | nindent 8 }} - {{- end }} - {{- with .Values.deployment.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/ingress.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/ingress.yaml deleted file mode 100644 index 2ea573ab08..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.ingress.annotations }} - annotations: - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/route.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/route.yaml deleted file mode 100644 index 695e9a5208..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/route.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.route.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.route.annotations }} - annotations: - {{- with .Values.route.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - host: {{ .Values.route.host}} - to: - kind: Service - name: {{ $fullName }} - {{- if .Values.route.tls }} - tls: - {{- with .Values.route.tls }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/secret.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/secret.yaml deleted file mode 100644 index a482294488..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.broker.db.auth -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -type: Opaque -data: - dbPassword: {{ .Values.broker.db.auth.password | b64enc }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/service-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/service-mongo.yaml deleted file mode 100644 index e3842429dd..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/service-mongo.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }}-mongo - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.mongo.port }} - targetPort: {{ .Values.mongo.port }} - protocol: TCP - name: mongo - selector: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/service.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/service.yaml deleted file mode 100644 index c71e5a8354..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }} - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.broker.port }} - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/serviceaccount.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/serviceaccount.yaml deleted file mode 100644 index 6c6d08f008..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "orion.fullname" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/templates/tests/orion-test.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/templates/tests/orion-test.yaml deleted file mode 100644 index 8321fdcded..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/templates/tests/orion-test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-orion-test" - labels: - {{ include "orion.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: quay.io/opencloudio/curl:4.2.0-build.8 - args: [ '{{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/version' ] - restartPolicy: Never \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/values.schema.json b/charts/partners/fiware/orion-ld/1.0.1/src/values.schema.json deleted file mode 100644 index 9531904e11..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/values.schema.json +++ /dev/null @@ -1,1123 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "The root schema", - "description": "The root schema comprises the entire JSON document.", - "default": {}, - "examples": [ - { - "nameOverride": "", - "fullnameOverride": "", - "service": { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - }, - "serviceAccount": { - "create": false - }, - "deployment": { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - }, - "autoscaling": { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - }, - "route": { - "enabled": false, - "annotations": {}, - "tls": {} - }, - "ingress": { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - }, - "broker": { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - } - } - ], - "required": [ - "nameOverride", - "fullnameOverride", - "service", - "serviceAccount", - "deployment", - "autoscaling", - "route", - "ingress", - "broker" - ], - "properties": { - "nameOverride": { - "$id": "#/properties/nameOverride", - "type": "string", - "title": "The nameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "fullnameOverride": { - "$id": "#/properties/fullnameOverride", - "type": "string", - "title": "The fullnameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "service": { - "$id": "#/properties/service", - "type": "object", - "title": "The service schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - } - ], - "required": [ - "type", - "port", - "annotations" - ], - "properties": { - "type": { - "$id": "#/properties/service/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ClusterIP" - ] - }, - "port": { - "$id": "#/properties/service/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "annotations": { - "$id": "#/properties/service/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "serviceAccount": { - "$id": "#/properties/serviceAccount", - "type": "object", - "title": "The serviceAccount schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "create": false - } - ], - "required": [ - "create" - ], - "properties": { - "create": { - "$id": "#/properties/serviceAccount/properties/create", - "type": "boolean", - "title": "The create schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - } - }, - "additionalProperties": true - }, - "deployment": { - "$id": "#/properties/deployment", - "type": "object", - "title": "The deployment schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - } - ], - "required": [ - "replicaCount", - "revisionHistoryLimit", - "updateStrategy", - "image", - "additionalLabels", - "additionalAnnotations", - "nodeSelector", - "tolerations", - "affinity", - "livenessProbe", - "readinessProbe", - "sidecars", - "volumes" - ], - "properties": { - "replicaCount": { - "$id": "#/properties/deployment/properties/replicaCount", - "type": "integer", - "title": "The replicaCount schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "revisionHistoryLimit": { - "$id": "#/properties/deployment/properties/revisionHistoryLimit", - "type": "integer", - "title": "The revisionHistoryLimit schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 3 - ] - }, - "updateStrategy": { - "$id": "#/properties/deployment/properties/updateStrategy", - "type": "object", - "title": "The updateStrategy schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - } - ], - "required": [ - "type", - "rollingUpdate" - ], - "properties": { - "type": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "RollingUpdate" - ] - }, - "rollingUpdate": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate", - "type": "object", - "title": "The rollingUpdate schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "maxSurge": 1, - "maxUnavailable": 0 - } - ], - "required": [ - "maxSurge", - "maxUnavailable" - ], - "properties": { - "maxSurge": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxSurge", - "type": "integer", - "title": "The maxSurge schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxUnavailable": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxUnavailable", - "type": "integer", - "title": "The maxUnavailable schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 0 - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "image": { - "$id": "#/properties/deployment/properties/image", - "type": "object", - "title": "The image schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - } - ], - "required": [ - "repository", - "tag", - "pullPolicy" - ], - "properties": { - "repository": { - "$id": "#/properties/deployment/properties/image/properties/repository", - "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "quay.io/fiware/orion-ld" - ] - }, - "tag": { - "$id": "#/properties/deployment/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "1.0.1" - ] - }, - "pullPolicy": { - "$id": "#/properties/deployment/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "IfNotPresent" - ] - } - }, - "additionalProperties": true - }, - "additionalLabels": { - "$id": "#/properties/deployment/properties/additionalLabels", - "type": "object", - "title": "The additionalLabels schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "additionalAnnotations": { - "$id": "#/properties/deployment/properties/additionalAnnotations", - "type": "object", - "title": "The additionalAnnotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "nodeSelector": { - "$id": "#/properties/deployment/properties/nodeSelector", - "type": "object", - "title": "The nodeSelector schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tolerations": { - "$id": "#/properties/deployment/properties/tolerations", - "type": "array", - "title": "The tolerations schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/tolerations/items" - } - }, - "affinity": { - "$id": "#/properties/deployment/properties/affinity", - "type": "object", - "title": "The affinity schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "livenessProbe": { - "$id": "#/properties/deployment/properties/livenessProbe", - "type": "object", - "title": "The livenessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "readinessProbe": { - "$id": "#/properties/deployment/properties/readinessProbe", - "type": "object", - "title": "The readinessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "sidecars": { - "$id": "#/properties/deployment/properties/sidecars", - "type": "array", - "title": "The sidecars schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/sidecars/items" - } - }, - "volumes": { - "$id": "#/properties/deployment/properties/volumes", - "type": "array", - "title": "The volumes schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/volumes/items" - } - } - }, - "additionalProperties": true - }, - "autoscaling": { - "$id": "#/properties/autoscaling", - "type": "object", - "title": "The autoscaling schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - } - ], - "required": [ - "enabled", - "minReplicas", - "maxReplicas", - "metrics" - ], - "properties": { - "enabled": { - "$id": "#/properties/autoscaling/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "minReplicas": { - "$id": "#/properties/autoscaling/properties/minReplicas", - "type": "integer", - "title": "The minReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxReplicas": { - "$id": "#/properties/autoscaling/properties/maxReplicas", - "type": "integer", - "title": "The maxReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "metrics": { - "$id": "#/properties/autoscaling/properties/metrics", - "type": "array", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/autoscaling/properties/metrics/items" - } - } - }, - "additionalProperties": true - }, - "route": { - "$id": "#/properties/route", - "type": "object", - "title": "The route schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "tls": {} - } - ], - "required": [ - "enabled", - "annotations", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/route/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/route/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tls": { - "$id": "#/properties/route/properties/tls", - "type": "object", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "ingress": { - "$id": "#/properties/ingress", - "type": "object", - "title": "The ingress schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - } - ], - "required": [ - "enabled", - "annotations", - "hosts", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/ingress/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/ingress/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "hosts": { - "$id": "#/properties/ingress/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/hosts/items" - } - }, - "tls": { - "$id": "#/properties/ingress/properties/tls", - "type": "array", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/tls/items" - } - } - }, - "additionalProperties": true - }, - "broker": { - "$id": "#/properties/broker", - "type": "object", - "title": "The broker schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - } - ], - "required": [ - "envPrefix", - "port", - "ipv6enabled", - "ipv4enabled", - "noDevTrace", - "troe", - "cachedContextFolder", - "logging", - "db", - "metrics" - ], - "properties": { - "envPrefix": { - "$id": "#/properties/broker/properties/envPrefix", - "type": "string", - "title": "The envPrefix schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ORIONLD_" - ] - }, - "port": { - "$id": "#/properties/broker/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "ipv6enabled": { - "$id": "#/properties/broker/properties/ipv6enabled", - "type": "boolean", - "title": "The ipv6enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "ipv4enabled": { - "$id": "#/properties/broker/properties/ipv4enabled", - "type": "boolean", - "title": "The ipv4enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "noDevTrace": { - "$id": "#/properties/broker/properties/noDevTrace", - "type": "boolean", - "title": "The noDevTrace schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - true - ] - }, - "troe": { - "$id": "#/properties/broker/properties/troe", - "type": "object", - "title": "The troe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - } - ], - "required": [ - "enabled", - "dbHost", - "dbPort", - "dbUser", - "dbPassword" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/troe/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "dbHost": { - "$id": "#/properties/broker/properties/troe/properties/dbHost", - "type": "string", - "title": "The dbHost schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "postgres" - ] - }, - "dbPort": { - "$id": "#/properties/broker/properties/troe/properties/dbPort", - "type": "integer", - "title": "The dbPort schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 5432 - ] - }, - "dbUser": { - "$id": "#/properties/broker/properties/troe/properties/dbUser", - "type": "string", - "title": "The dbUser schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "user" - ] - }, - "dbPassword": { - "$id": "#/properties/broker/properties/troe/properties/dbPassword", - "type": "string", - "title": "The dbPassword schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "password" - ] - } - }, - "additionalProperties": true - }, - "cachedContextFolder": { - "$id": "#/properties/broker/properties/cachedContextFolder", - "type": "string", - "title": "The cachedContextFolder schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "/opt/orion/ldcontexts" - ] - }, - "logging": { - "$id": "#/properties/broker/properties/logging", - "type": "object", - "title": "The logging schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "level": "WARN" - } - ], - "required": [ - "level" - ], - "properties": { - "level": { - "$id": "#/properties/broker/properties/logging/properties/level", - "type": "string", - "title": "The level schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "WARN" - ] - } - }, - "additionalProperties": true - }, - "db": { - "$id": "#/properties/broker/properties/db", - "type": "object", - "title": "The db schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "hosts": [], - "name": "orion" - } - ], - "required": [ - "hosts", - "name" - ], - "properties": { - "hosts": { - "$id": "#/properties/broker/properties/db/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/broker/properties/db/properties/hosts/items" - } - }, - "name": { - "$id": "#/properties/broker/properties/db/properties/name", - "type": "string", - "title": "The name schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "orion" - ] - } - }, - "additionalProperties": true - }, - "metrics": { - "$id": "#/properties/broker/properties/metrics", - "type": "object", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": "false" - } - ], - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/metrics/properties/enabled", - "type": "string", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "false" - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true -} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.1/src/values.yaml b/charts/partners/fiware/orion-ld/1.0.1/src/values.yaml deleted file mode 100644 index fd49828d1b..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.1/src/values.yaml +++ /dev/null @@ -1,296 +0,0 @@ -## Default values for orion. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# -- option to override the name config in the _helpers.tpl -nameOverride: "" -# -- option to override the fullname config in the _helpers.tpl -fullnameOverride: "" - -## configuration for the k8s service to access orion -service: - # -- service type - type: ClusterIP - # -- port to be used by the service - port: 1026 - # -- addtional annotations, if required - annotations: {} - -# -- if a orion specific service account should be used, it can be configured here -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - # -- specifies if the account should be created - create: false - -## deployment specific configuration -deployment: - # -- initial number of target replications, can be different if autoscaling is enabled - replicaCount: 1 - # -- number of old replicas to be retained - revisionHistoryLimit: 3 - ## configuration of the orion update strategy - updateStrategy: - # -- type of the update - type: RollingUpdate - # -- new pods will be added gradually - rollingUpdate: - # -- number of pods that can be created above the desired amount while updating - maxSurge: 1 - # -- number of pods that can be unavailable while updating - maxUnavailable: 0 - ## configuration of the image to be used - image: - # -- orion image name - # ref: https://hub.docker.com/r/fiware/orion/ - # ref: https://quay.io/repository/fiware/orion-ld - repository: quay.io/fiware/orion-ld - #repository: fiware/orion - # -- tag of the image to be used - tag: 1.0.1 - # -- specification of the image pull policy - pullPolicy: IfNotPresent - # -- additional labels for the deployment, if required - additionalLabels: {} - # -- additional annotations for the deployment, if required - additionalAnnotations: {} - # -- orion resource requests and limits, we leave the default empty to make that a concious choice by the user. - # for the autoscaling to make sense, you should configure this. - # resources: - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- selector template - # ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} - # -- tolerations template - # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # -- affinity template - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - ## liveness and readiness probes of the orion broker, they will be evaluated against the version endpoint - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - # -- additional sidepods for the deployment, if required - sidecars: [] - # -- additional volumes for the deployment, if required - volumes: [] - -## pod autoscaling configuration, use for automatic scaling of the broker pods -autoscaling: - # -- should autoscaling be enabled for the context broker - enabled: false - # -- minimum number of running pods - minReplicas: 1 - # -- maximum number of running pods - maxReplicas: 10 - # -- metrics to react on - metrics: [] - # -- List of MetricSpecs to decide whether to scale - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling - # scaler targets to hold average cpu around 80% - #- type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 80 - ## scaler targets to hold average memory around 80% - # - type: Resource - # resource: - # name: memory - # target: - # type: Utilization - # averageUtilization: 80 - -## openshift specific route definition. Will not work on plain k8s -route: - ## -- should the deployment create openshift routes - enabled: false - # -- annotations to be added to the route - annotations: {} - # -- host to be used - # host: localhost - # -- tls configuration for the route - tls: {} - # termination: edge - -## ingress configuration -ingress: - # -- should there be an ingress to connect orion with the public internet - enabled: false - # -- annotations to be added to the ingress - annotations: {} - # kubernetes.io/ingress.class: "ambassador" - ## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl. - # kubernetes.io/tls-acme: "true" - # ingress.kubernetes.io/ssl-redirect: "true" - # -- all hosts to be provided - hosts: [] - # -- provide a hosts and the paths that should be available - # - host: localhost - # paths: - # - / - # -- configure the ingress' tls - tls: [] - # - secretName: orion-tls - # hosts: - # - orion.fiware.org - - -## orion-broker specific configuration -# see defaults of the unset values at: -# ref: https://fiware-orion.readthedocs.io/en/master/admin/cli/index.html -broker: - # -- Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld - envPrefix: ORIONLD_ - # -- port that the broker is listening to - port: 1026 - # -- set to true if only ipv6 should be used, do not set both options to true - ipv6enabled: false - # -- set to true if only ipv4 should be used, do not set both options to true - ipv4enabled: false - # -- should the extended development tracing be disabled? - noDevTrace: true - # -- configuration of temporal entity representation - troe: - # -- should temporal representation of entities be enabled - enabled: false - # -- host of the postgres to be used - dbHost: postgres - # -- port of the postgres to be used - dbPort: 5432 - # -- username to authenticate with at postgres - dbUser: user - # -- password to authenticate with at postgres - dbPassword: password - ## connection pool of postgres - # poolSize: 10 - ## timeout in milliseconds for forwarding messages and notifications - # httpTimeout: 5 - ## the timeout in seconds for REST connection - # reqTimeout: 0 - ## cross-Origin Resource Sharing, specifing the allowed origin (use __ALL for *). - ## ref: https://fiware-orion.readthedocs.io/en/master/user/cors/index.html - # corsOrigin: - ## maximum time (in seconds) preflight requests are allowed to be cached - # corsMaxAge: 86400 - ## internal mutex policy - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#mutex-policy-impact-on-performance - # mutexPolicy: all - ## maximum number of forwarded requests to Context Providers for a single client request - # cprForwardLimit: 0 - ## interval in seconds between calls to subscription cache refresh - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#subscription-cache - # subCacheIval: 60 - ## disables the context subscription cache, so subscriptions searches are always done in DB - # noCache: false - ## sets the size of the connection memory buffer (in kB) per connection used internally by the HTTP server library - # connectionMemory: 64 - ## maximum number of simultaneous connections - # maxConnections: 1020 - ## size of thread pool for incoming connections - # reqPoolSize: 0 - ## max allowed size for incoming requests payloads, in bytes - # inReqPayloadMaxSize: 1024 - ## max allowed total size for request outgoing message, in bytes - # outReqMsgMaxSize: 8192 - ## allows to select notification mode, either: transient, permanent or threadpool:q:n - # notificationMode: transient - ## enables flow control mechanism - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#updates-flow-control-mechanism - # notificationFlowControl: - ## notifications are not sent, but recorded internally and shown in the statistics operation. only for debbuging - # simulatedNotification: false - ## disabled NGSIv2 custom notifications - # disableCustomNotifications: - ## allow HTTPS notifications to peers which certificate cannot be authenticated with known CA certificates - # insecureNotifEnabled: false - ## enables multiservice/multitenant mode - ## ref: https://fiware-orion.readthedocs.io/en/master/user/multitenancy/index.html - # multiserviceEnabled: true - ## enables forwarding for the ld endpoint - # forwardingEnabled: true - ## folder holding cached context's - cachedContextFolder: "/opt/orion/ldcontexts" - - ## logging configuration of the orion broker - logging: - # -- log level of the broker - level: "WARN" - ## specifies the initial trace levels for logging - # trace: 70 - ## log summary period in seconds - # summaryPeriod: 0 - ## to see every possible alarm-provoking failure in the log-file, even when an alarm is already active - # relogAlarms: false - ## to make the traces to standard out formated for humans - # forHumans: false - ## log line maximum length - # lineMaxSize: - ## for those log traces at INFO level that print request and/or response payloads, this is the maximum allowed size for those payloads - # infoPayloadMaxSize: - - ## database configuration - db: - # -- configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set - hosts: [] - # - mongodb - # -- the db to use. if running in multiservice mode, its used as a prefix. - name: orion - # -- Database authentication (not needed if MongoDB doesn't use --auth) - # auth: - # --user for connecting mongo - # user: - # -- password to be used on mongo - # password: - # -- the MongoDB authentication mechanism to use in the case user and password is set - # mech: SCRAM-SHA-1 - # -- name of the replicaset - #replicaSet: rs0 - # -- enable SSL in the connection to MongoDB. needs to correspond with the mongoDB setting - # sslEnabled: true - # -- specifies the timeout in milliseconds for connections to the replica set - # timeout: - # -- database connection pool - # poolSize: 10 - # -- write concern for MongoDB write operations: acknowledged (1) or unacknowledged (0) - # writeConcern: 1 - - ## configratuion of orion metrics - metrics: - # -- enable or disable metrics gathering - enabled: "false" - # -- see statistics documentation for the following configurations - #ref: https://fiware-orion.readthedocs.io/en/master/admin/statistics/index.html - # statCountersEnabled: true - # statSemWaitEnabled: true - # statTimingEnabled: true - # statNotifQueueEnabled: true - -## Configuration for embedding mongodb into the chart. Do not use this in production. -mongo: - # -- should mongodb be enabled - enabled: true - ## configuration for the mongo image to be used - image: - # -- pull policy to be used for mongo - pullPolicy: IfNotPresent - # -- mongo image name - repository: quay.io/opencloudio/ibm-mongodb - # -- version of mongo - tag: 4.0.24 - # -- port to make mongo accessible at - port: 27017 diff --git a/charts/partners/fiware/orion-ld/1.0.2/report.yaml b/charts/partners/fiware/orion-ld/1.0.2/report.yaml deleted file mode 100644 index cd4d4c63d3..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/src - digests: - chart: sha256:0d92b66be3aa627001ab8c9e86c3c9eeb8f1d1da2c722576e72e2f446c11ca6c - lastCertifiedTimestamp: "2022-02-22T14:56:04.991993+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.6' - chart: - name: orion-ld - home: https://github.com/FIWARE/context.Orion-LD - sources: - - https://github.com/FIWARE/context.Orion-LD - version: 1.0.2 - description: A Helm chart for running the fiware orion-ld context broker on kubernetes. - keywords: - - fiware - - orion-ld - maintainers: - - name: wistefan - email: stefan.wiedemann@fiware.org - url: "" - icon: https://fiware.github.io/catalogue/img/fiware.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.1 - deprecated: false - annotations: - charts.openshift.io/name: orion-ld - kubeversion: '>= 1.19' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/opencloudio/ibm-mongodb:4.0.24 - Image is Red Hat certified : quay.io/fiware/orion-ld:1.0.1 - Image is Red Hat certified : quay.io/opencloudio/curl:4.2.0-build.8 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/Chart.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/Chart.yaml deleted file mode 100644 index b5e06c5316..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: orion-ld -version: 1.0.2 -appVersion: 1.0.1 -kubeVersion: '>= 1.19' -home: https://github.com/FIWARE/context.Orion-LD -description: A Helm chart for running the fiware orion-ld context broker on kubernetes. -icon: https://fiware.github.io/catalogue/img/fiware.png -keywords: -- fiware -- orion-ld -sources: -- https://github.com/FIWARE/context.Orion-LD -maintainers: -- name: wistefan - email: stefan.wiedemann@fiware.org -annotations: - charts.openshift.io/name: orion-ld \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/README.md b/charts/partners/fiware/orion-ld/1.0.2/src/README.md deleted file mode 100644 index 4dc06a56dd..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# orion-ld - -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![AppVersion: 1.0.1](https://img.shields.io/badge/AppVersion-1.0.1-informational?style=flat-square) - -A Helm chart for running the fiware orion-ld context broker on kubernetes. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| wistefan | stefan.wiedemann@fiware.org | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>= 1.19` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoscaling.enabled | bool | `false` | should autoscaling be enabled for the context broker | -| autoscaling.maxReplicas | int | `10` | maximum number of running pods | -| autoscaling.metrics | list | `[]` | metrics to react on | -| autoscaling.minReplicas | int | `1` | minimum number of running pods | -| broker.cachedContextFolder | string | `"/opt/orion/ldcontexts"` | | -| broker.db.hosts | list | `[]` | configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set | -| broker.db.name | string | `"orion"` | the db to use. if running in multiservice mode, its used as a prefix. | -| broker.envPrefix | string | `"ORIONLD_"` | Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld | -| broker.ipv4enabled | bool | `false` | set to true if only ipv4 should be used, do not set both options to true | -| broker.ipv6enabled | bool | `false` | set to true if only ipv6 should be used, do not set both options to true | -| broker.logging.level | string | `"WARN"` | log level of the broker | -| broker.metrics.enabled | string | `"false"` | enable or disable metrics gathering | -| broker.noDevTrace | bool | `true` | should the extended development tracing be disabled? | -| broker.port | int | `1026` | port that the broker is listening to | -| broker.troe | object | `{"dbHost":"postgres","dbPassword":"password","dbPort":5432,"dbUser":"user","enabled":false}` | configuration of temporal entity representation | -| broker.troe.dbHost | string | `"postgres"` | host of the postgres to be used | -| broker.troe.dbPassword | string | `"password"` | password to authenticate with at postgres | -| broker.troe.dbPort | int | `5432` | port of the postgres to be used | -| broker.troe.dbUser | string | `"user"` | username to authenticate with at postgres | -| broker.troe.enabled | bool | `false` | should temporal representation of entities be enabled | -| deployment.additionalAnnotations | object | `{}` | additional annotations for the deployment, if required | -| deployment.additionalLabels | object | `{}` | additional labels for the deployment, if required | -| deployment.affinity | object | `{}` | affinity template ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | -| deployment.image.pullPolicy | string | `"IfNotPresent"` | specification of the image pull policy | -| deployment.image.repository | string | `"quay.io/fiware/orion-ld"` | orion image name ref: https://hub.docker.com/r/fiware/orion/ ref: https://quay.io/repository/fiware/orion-ld | -| deployment.image.tag | string | `"1.0.1"` | tag of the image to be used | -| deployment.livenessProbe.initialDelaySeconds | int | `30` | | -| deployment.livenessProbe.periodSeconds | int | `10` | | -| deployment.livenessProbe.successThreshold | int | `1` | | -| deployment.livenessProbe.timeoutSeconds | int | `30` | | -| deployment.nodeSelector | object | `{}` | selector template ref: https://kubernetes.io/docs/user-guide/node-selection/ | -| deployment.readinessProbe.initialDelaySeconds | int | `30` | | -| deployment.readinessProbe.periodSeconds | int | `10` | | -| deployment.readinessProbe.successThreshold | int | `1` | | -| deployment.readinessProbe.timeoutSeconds | int | `30` | | -| deployment.replicaCount | int | `1` | initial number of target replications, can be different if autoscaling is enabled | -| deployment.revisionHistoryLimit | int | `3` | number of old replicas to be retained | -| deployment.sidecars | list | `[]` | additional sidepods for the deployment, if required | -| deployment.tolerations | list | `[]` | tolerations template ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | -| deployment.updateStrategy.rollingUpdate | object | `{"maxSurge":1,"maxUnavailable":0}` | new pods will be added gradually | -| deployment.updateStrategy.rollingUpdate.maxSurge | int | `1` | number of pods that can be created above the desired amount while updating | -| deployment.updateStrategy.rollingUpdate.maxUnavailable | int | `0` | number of pods that can be unavailable while updating | -| deployment.updateStrategy.type | string | `"RollingUpdate"` | type of the update | -| deployment.volumes | list | `[]` | additional volumes for the deployment, if required | -| fullnameOverride | string | `""` | option to override the fullname config in the _helpers.tpl | -| ingress.annotations | object | `{}` | annotations to be added to the ingress | -| ingress.enabled | bool | `false` | should there be an ingress to connect orion with the public internet | -| ingress.hosts | list | `[]` | all hosts to be provided | -| ingress.tls | list | `[]` | configure the ingress' tls | -| mongo.enabled | bool | `true` | should mongodb be enabled | -| mongo.image.pullPolicy | string | `"IfNotPresent"` | pull policy to be used for mongo | -| mongo.image.repository | string | `"quay.io/opencloudio/ibm-mongodb"` | mongo image name | -| mongo.image.tag | string | `"4.0.24"` | version of mongo | -| mongo.port | int | `27017` | port to make mongo accessible at | -| nameOverride | string | `""` | option to override the name config in the _helpers.tpl | -| route.annotations | object | `{}` | annotations to be added to the route | -| route.enabled | bool | `false` | | -| route.tls | object | `{}` | tls configuration for the route | -| service.annotations | object | `{}` | addtional annotations, if required | -| service.port | int | `1026` | port to be used by the service | -| service.type | string | `"ClusterIP"` | service type | -| serviceAccount | object | `{"create":false}` | if a orion specific service account should be used, it can be configured here ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | -| serviceAccount.create | bool | `false` | specifies if the account should be created | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.6.0](https://github.com/norwoodj/helm-docs/releases/v1.6.0) diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/NOTES.txt b/charts/partners/fiware/orion-ld/1.0.2/src/templates/NOTES.txt deleted file mode 100644 index 8095edd8d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Successfully deployed Orion-LD. - -Connect at {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/_helpers.tpl b/charts/partners/fiware/orion-ld/1.0.2/src/templates/_helpers.tpl deleted file mode 100644 index ae546054d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "orion.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "orion.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "orion.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "orion.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "orion.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "orion.labels" -}} -app.kubernetes.io/name: {{ include "orion.name" . }} -helm.sh/chart: {{ include "orion.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-hpa.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-hpa.yaml deleted file mode 100644 index 89c5b3c8c7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-hpa.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "orion.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} -{{- with .Values.autoscaling.metrics }} - metrics: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-mongo.yaml deleted file mode 100644 index e79ca1c634..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment-mongo.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }}-mongo - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - containers: - - name: mongo-db - imagePullPolicy: {{ .Values.mongo.image.pullPolicy }} - image: "{{ .Values.mongo.image.repository }}:{{ .Values.mongo.image.tag }}" - securityContext: - runAsUser: 999 - ports: - - name: mongo - containerPort: {{ .Values.mongo.port}} - protocol: TCP - livenessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment.yaml deleted file mode 100644 index b17046a3f3..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/deployment.yaml +++ /dev/null @@ -1,362 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - {{ include "orion.labels" . | nindent 8 }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "orion.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - {{ if and (.Values.broker.noDevTrace) (eq .Values.deployment.image.repository "fiware/orion-ld") }} - args: ["-lmtmp"] - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - command: ["/bin/bash", "-c", "/usr/bin/contextBroker -fg | sed '/SUMMARY/w /tmp/healthcheck'"] - {{ end }} - ports: - - name: http - containerPort: {{ .Values.broker.port}} - protocol: TCP - {{ if eq .Values.deployment.image.repository "fiware/orion-ld" }} - readinessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds}} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds}} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - env: - # general - - name: {{ .Values.broker.envPrefix }}PORT - value: {{ .Values.broker.port | quote }} - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE_PORT - value: "1027" - - name: {{ .Values.broker.envPrefix }}DISABLE_FILE_LOG - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}CACHED_CONTEXT_DIRECTORY - value: {{ .Values.broker.cachedContextFolder }} - {{- if and (eq .Values.broker.ipv4enabled true) (eq .Values.broker.ipv6enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV4 - value: "TRUE" - {{- end }} - {{- if and (eq .Values.broker.ipv6enabled true) (eq .Values.broker.ipv4enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV6 - value: "TRUE" - {{- end }} - {{- if .Values.broker.httpTimeout }} - - name: {{ .Values.broker.envPrefix }}HTTP_TIMEOUT - value: {{ .Values.broker.httpTimeout }} - {{- end }} - {{- if .Values.broker.reqTimeout }} - - name: {{ .Values.broker.envPrefix }}REQ_TIMEOUT - value: {{ .Values.broker.reqTimeout }} - {{- end }} - {{- if .Values.broker.corsOrigin }} - - name: {{ .Values.broker.envPrefix }}CORS_ALLOWED_ORIGIN - value: {{ .Values.broker.corsOrigin }} - {{- end }} - {{- if .Values.broker.corsMaxAge }} - - name: {{ .Values.broker.envPrefix }}CORS_MAX_AGE - value: {{ .Values.broker.corsMaxAge }} - {{- end }} - {{- if .Values.broker.mutexPolicy }} - - name: {{ .Values.broker.envPrefix }}MUTEX_POLICY - value: {{ .Values.broker.mutexPolicy }} - {{- end }} - {{- if .Values.broker.cprForwardLimit }} - - name: {{ .Values.broker.envPrefix }}CPR_FORWARD_LIMIT - value: {{ .Values.broker.cprForwardLimit }} - {{- end }} - {{- if .Values.broker.subCacheIval }} - - name: {{ .Values.broker.envPrefix }}SUBCACHE_IVAL - value: {{ .Values.broker.subCacheIval }} - {{- end }} - {{- if .Values.broker.noCache }} - - name: {{ .Values.broker.envPrefix }}NOCACHE - value: {{ .Values.broker.noCache | upper | quote }} - {{- end }} - {{- if .Values.broker.connectionMemory }} - - name: {{ .Values.broker.envPrefix }}CONN_MEMORY - value: {{ .Values.broker.connectionMemory }} - {{- end }} - {{- if .Values.broker.maxConnections }} - - name: {{ .Values.broker.envPrefix }}MAX_CONN - value: {{ .Values.broker.maxConnections | quote }} - {{- end }} - {{- if .Values.broker.reqPoolSize }} - - name: {{ .Values.broker.envPrefix }}TRQ_POOL_SIZE - value: {{ .Values.broker.reqPoolSize | quote }} - {{- end }} - {{- if .Values.broker.inReqPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}IN_REQ_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.inReqPayloadMaxSize }} - {{- end }} - {{- if .Values.broker.outReqMsgMaxSize }} - - name: {{ .Values.broker.envPrefix }}OUT_REQ_MSG_MAX_SIZE - value: {{ .Values.broker.outReqMsgMaxSize }} - {{- end }} - {{- if .Values.broker.notificationMode }} - - name: {{ .Values.broker.envPrefix }}NOTIF_MODE - value: {{ .Values.broker.notificationMode }} - {{- end }} - {{- if .Values.broker.notificationFlowControl }} - - name: {{ .Values.broker.envPrefix }}NOTIF_FLOW_CONTROL - value: {{ .Values.broker.notificationFlowControl }} - {{- end }} - {{- if .Values.broker.simulatedNotification }} - - name: {{ .Values.broker.envPrefix }}DROP_NOTIF - value: {{ .Values.broker.simulatedNotification }} - {{- end }} - {{- if .Values.broker.disableCustomNotifications }} - - name: {{ .Values.broker.envPrefix }}DISABLE_CUSTOM_NOTIF - value: {{ .Values.broker.disableCustomNotifications | upper }} - {{- end }} - {{- if .Values.broker.insecureNotifEnabled }} - - name: {{ .Values.broker.envPrefix }}INSECURE_NOTIF - value: {{ .Values.broker.insecureNotifEnabled | upper }} - {{- end }} - {{- if .Values.broker.forwardingEnabled }} - - name: {{ .Values.broker.envPrefix }}FORWARDING - value: {{ .Values.broker.forwardingEnabled | quote | upper }} - {{- end }} - - # db - - name: {{ .Values.broker.envPrefix }}MONGO_HOST - {{- if .Values.mongo.enabled }} - value: {{ include "orion.fullname" . }}-mongo:27017 - {{- else }} - value: {{ join "," .Values.broker.db.hosts }} - {{- end }} - - name: {{ .Values.broker.envPrefix }}MONGO_DB - value: {{ .Values.broker.db.name }} - {{ $numHosts := len .Values.broker.db.hosts }} - {{- if gt $numHosts 1 -}} - - name: {{ .Values.broker.envPrefix }}MONGO_REPLICA_SET - value: {{ .Values.broker.db.replicaSet }} - {{- end }} - {{- if .Values.broker.db.existingSecret }} - - name: {{ .Values.broker.envPrefix }}MONGO_USER - value: {{ .Values.broker.db.user }} - - name: {{ .Values.broker.envPrefix }}MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.broker.db.existingSecret.name }} - key: {{ .Values.broker.db.existingSecret.key }} - {{- end }} - {{- if .Values.broker.db.auth }} - - name: {{ .Values.broker.envPrefix }}MONGO_USER - value: {{ .Values.broker.db.user }} - - name: {{ .Values.broker.envPrefix }}MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orion.fullname" . }} - key: dbPassword - {{- if .Values.broker.db.auth.mech }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_MECH - value: {{ .Values.broker.db.auth.mech }} - {{- end }} - {{- end }} - {{- if .Values.broker.db.sslEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_SSL - value: {{ .Values.broker.db.sslEnabled | upper }} - {{- end }} - {{- if .Values.broker.db.timeout }} - - name: {{ .Values.broker.envPrefix }}MONGO_TIMEOUT - value: {{ .Values.broker.db.timeout }} - {{- end }} - {{- if .Values.broker.db.poolSize }} - - name: {{ .Values.broker.envPrefix }}MONGO_POOL_SIZE - value: {{ .Values.broker.db.poolSize | quote }} - {{- end }} - {{- if .Values.broker.db.writeConcern }} - - name: {{ .Values.broker.envPrefix }}MONGO_WRITE_CONCERN - value: {{ .Values.broker.db.writeConcern }} - {{- end }} - - # tenancy - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MULTI_SERVICE - value: {{ .Values.broker.multiserviceEnabled | upper }} - {{- end }} - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_SOURCE - value: admin - {{- end }} - - # metrics - {{ if .Values.broker.metrics }} - {{ if eq .Values.broker.metrics.enabled "false" }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "FALSE" - {{- end }} - {{ if .Values.broker.metrics.statCountersEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_COUNTERS - value: {{ .Values.broker.metrics.statCountersEnabled | upper }} - {{ end }} - {{ if .Values.broker.metrics.statSemWaitEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_SEM_WAIT - value: {{ .Values.broker.metrics.statSemWaitEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statTimingEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_TIMING - value: {{ .Values.broker.metrics.statTimingEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statNotifQueueEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_NOTIF_QUEUE - value: {{ .Values.broker.metrics.statNotifQueueEnabled | upper }} - {{- end }} - {{- end }} - - # logging - - name: {{ .Values.broker.envPrefix }}LOG_LEVEL - value: {{ .Values.broker.logging.level }} - {{- if .Values.broker.logging.dir }} - - name: {{ .Values.broker.envPrefix }}LOG_DIR - value: {{ .Values.broker.logging.dir }} - {{- end }} - {{- if .Values.broker.logging.append }} - - name: {{ .Values.broker.envPrefix }}LOG_APPEND - value: {{ .Values.broker.logging.append }} - {{- end }} - {{- if .Values.broker.logging.trace }} - - name: {{ .Values.broker.envPrefix }}TRACE - value: {{ .Values.broker.logging.trace }} - {{- end }} - {{- if .Values.broker.logging.summaryPeriod }} - - name: {{ .Values.broker.envPrefix }}LOG_SUMMARY_PERIOD - value: {{ .Values.broker.logging.summaryPeriod | quote }} - {{- end }} - {{- if .Values.broker.logging.relogAlarms }} - - name: {{ .Values.broker.envPrefix }}RELOG_ALARMS - value: {{ .Values.broker.logging.relogAlarms | upper }} - {{- end }} - {{- if .Values.broker.logging.forHumans }} - - name: {{ .Values.broker.envPrefix }}LOG_FOR_HUMANS - value: {{ .Values.broker.logging.forHumans | upper }} - {{- end }} - {{- if .Values.broker.logging.lineMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_LINE_MAX_SIZE - value: {{ .Values.broker.logging.lineMaxSize }} - {{- end }} - {{- if .Values.broker.logging.infoPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_INFO_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.logging.infoPayloadMaxSize }} - {{- end }} - - ##TROE - {{ if .Values.broker.troe }} - {{ if eq .Values.broker.troe.enabled true }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "FALSE" - {{- end -}} - {{ if .Values.broker.troe.dbUser }} - - name: {{ .Values.broker.envPrefix }}TROE_USER - value: {{ .Values.broker.troe.dbUser }} - {{ end }} - {{ if .Values.broker.troe.dbPassword }} - - name: {{ .Values.broker.envPrefix }}TROE_PWD - value: {{ .Values.broker.troe.dbPassword }} - {{ end }} - {{ if .Values.broker.troe.dbHost }} - - name: {{ .Values.broker.envPrefix }}TROE_HOST - value: {{ .Values.broker.troe.dbHost }} - {{ end }} - {{ if .Values.broker.troe.dbPort }} - - name: {{ .Values.broker.envPrefix }}TROE_PORT - value: {{ .Values.broker.troe.dbPort | quote }} - {{ end }} - {{ if .Values.broker.troe.dbPoolsize }} - - name: {{ .Values.broker.envPrefix }}TROE_POOL_SIZE - value: {{ .Values.broker.troe.dbPoolsize | quote }} - {{ end }} - {{- end }} - resources: - {{- toYaml .Values.deployment.resources | nindent 12 }} - {{- if .Values.deployment.sidecars }} - {{- toYaml .Values.deployment.sidecars | nindent 8 }} - {{- end }} - {{- if .Values.deployment.volumes }} - volumes: - {{- toYaml .Values.deployment.volumes | nindent 8 }} - {{- end }} - {{- with .Values.deployment.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/ingress.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/ingress.yaml deleted file mode 100644 index 2ea573ab08..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.ingress.annotations }} - annotations: - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/route.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/route.yaml deleted file mode 100644 index 695e9a5208..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/route.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.route.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.route.annotations }} - annotations: - {{- with .Values.route.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - host: {{ .Values.route.host}} - to: - kind: Service - name: {{ $fullName }} - {{- if .Values.route.tls }} - tls: - {{- with .Values.route.tls }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/secret.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/secret.yaml deleted file mode 100644 index a482294488..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.broker.db.auth -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -type: Opaque -data: - dbPassword: {{ .Values.broker.db.auth.password | b64enc }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/service-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/service-mongo.yaml deleted file mode 100644 index e3842429dd..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/service-mongo.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }}-mongo - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.mongo.port }} - targetPort: {{ .Values.mongo.port }} - protocol: TCP - name: mongo - selector: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/service.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/service.yaml deleted file mode 100644 index c71e5a8354..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }} - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.broker.port }} - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/serviceaccount.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/serviceaccount.yaml deleted file mode 100644 index 6c6d08f008..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "orion.fullname" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/templates/tests/orion-test.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/templates/tests/orion-test.yaml deleted file mode 100644 index 8321fdcded..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/templates/tests/orion-test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-orion-test" - labels: - {{ include "orion.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: quay.io/opencloudio/curl:4.2.0-build.8 - args: [ '{{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/version' ] - restartPolicy: Never \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/values.schema.json b/charts/partners/fiware/orion-ld/1.0.2/src/values.schema.json deleted file mode 100644 index 2a9740e334..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/values.schema.json +++ /dev/null @@ -1,1231 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "The root schema", - "description": "The root schema comprises the entire JSON document.", - "default": {}, - "examples": [ - { - "nameOverride": "", - "fullnameOverride": "", - "service": { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - }, - "serviceAccount": { - "create": false - }, - "deployment": { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - }, - "autoscaling": { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - }, - "route": { - "enabled": false, - "annotations": {}, - "tls": {} - }, - "ingress": { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - }, - "broker": { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - }, - "mongo": { - "enabled": true, - "image": { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - }, - "port": 27017 - } - } - ], - "required": [ - "nameOverride", - "fullnameOverride", - "service", - "serviceAccount", - "deployment", - "autoscaling", - "route", - "ingress", - "broker", - "mongo" - ], - "properties": { - "nameOverride": { - "$id": "#/properties/nameOverride", - "type": "string", - "title": "The nameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "fullnameOverride": { - "$id": "#/properties/fullnameOverride", - "type": "string", - "title": "The fullnameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "service": { - "$id": "#/properties/service", - "type": "object", - "title": "The service schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - } - ], - "required": [ - "type", - "port", - "annotations" - ], - "properties": { - "type": { - "$id": "#/properties/service/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ClusterIP" - ] - }, - "port": { - "$id": "#/properties/service/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "annotations": { - "$id": "#/properties/service/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "serviceAccount": { - "$id": "#/properties/serviceAccount", - "type": "object", - "title": "The serviceAccount schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "create": false - } - ], - "required": [ - "create" - ], - "properties": { - "create": { - "$id": "#/properties/serviceAccount/properties/create", - "type": "boolean", - "title": "The create schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - } - }, - "additionalProperties": true - }, - "deployment": { - "$id": "#/properties/deployment", - "type": "object", - "title": "The deployment schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - } - ], - "required": [ - "replicaCount", - "revisionHistoryLimit", - "updateStrategy", - "image", - "additionalLabels", - "additionalAnnotations", - "nodeSelector", - "tolerations", - "affinity", - "livenessProbe", - "readinessProbe", - "sidecars", - "volumes" - ], - "properties": { - "replicaCount": { - "$id": "#/properties/deployment/properties/replicaCount", - "type": "integer", - "title": "The replicaCount schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "revisionHistoryLimit": { - "$id": "#/properties/deployment/properties/revisionHistoryLimit", - "type": "integer", - "title": "The revisionHistoryLimit schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 3 - ] - }, - "updateStrategy": { - "$id": "#/properties/deployment/properties/updateStrategy", - "type": "object", - "title": "The updateStrategy schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - } - ], - "required": [ - "type", - "rollingUpdate" - ], - "properties": { - "type": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "RollingUpdate" - ] - }, - "rollingUpdate": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate", - "type": "object", - "title": "The rollingUpdate schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "maxSurge": 1, - "maxUnavailable": 0 - } - ], - "required": [ - "maxSurge", - "maxUnavailable" - ], - "properties": { - "maxSurge": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxSurge", - "type": "integer", - "title": "The maxSurge schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxUnavailable": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxUnavailable", - "type": "integer", - "title": "The maxUnavailable schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 0 - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "image": { - "$id": "#/properties/deployment/properties/image", - "type": "object", - "title": "The image schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - } - ], - "required": [ - "repository", - "tag", - "pullPolicy" - ], - "properties": { - "repository": { - "$id": "#/properties/deployment/properties/image/properties/repository", - "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "quay.io/fiware/orion-ld" - ] - }, - "tag": { - "$id": "#/properties/deployment/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "1.0.1" - ] - }, - "pullPolicy": { - "$id": "#/properties/deployment/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "IfNotPresent" - ] - } - }, - "additionalProperties": true - }, - "additionalLabels": { - "$id": "#/properties/deployment/properties/additionalLabels", - "type": "object", - "title": "The additionalLabels schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "additionalAnnotations": { - "$id": "#/properties/deployment/properties/additionalAnnotations", - "type": "object", - "title": "The additionalAnnotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "nodeSelector": { - "$id": "#/properties/deployment/properties/nodeSelector", - "type": "object", - "title": "The nodeSelector schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tolerations": { - "$id": "#/properties/deployment/properties/tolerations", - "type": "array", - "title": "The tolerations schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/tolerations/items" - } - }, - "affinity": { - "$id": "#/properties/deployment/properties/affinity", - "type": "object", - "title": "The affinity schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "livenessProbe": { - "$id": "#/properties/deployment/properties/livenessProbe", - "type": "object", - "title": "The livenessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "readinessProbe": { - "$id": "#/properties/deployment/properties/readinessProbe", - "type": "object", - "title": "The readinessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "sidecars": { - "$id": "#/properties/deployment/properties/sidecars", - "type": "array", - "title": "The sidecars schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/sidecars/items" - } - }, - "volumes": { - "$id": "#/properties/deployment/properties/volumes", - "type": "array", - "title": "The volumes schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/volumes/items" - } - } - }, - "additionalProperties": true - }, - "autoscaling": { - "$id": "#/properties/autoscaling", - "type": "object", - "title": "The autoscaling schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - } - ], - "required": [ - "enabled", - "minReplicas", - "maxReplicas", - "metrics" - ], - "properties": { - "enabled": { - "$id": "#/properties/autoscaling/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "minReplicas": { - "$id": "#/properties/autoscaling/properties/minReplicas", - "type": "integer", - "title": "The minReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxReplicas": { - "$id": "#/properties/autoscaling/properties/maxReplicas", - "type": "integer", - "title": "The maxReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "metrics": { - "$id": "#/properties/autoscaling/properties/metrics", - "type": "array", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/autoscaling/properties/metrics/items" - } - } - }, - "additionalProperties": true - }, - "route": { - "$id": "#/properties/route", - "type": "object", - "title": "The route schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "tls": {} - } - ], - "required": [ - "enabled", - "annotations", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/route/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/route/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tls": { - "$id": "#/properties/route/properties/tls", - "type": "object", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "ingress": { - "$id": "#/properties/ingress", - "type": "object", - "title": "The ingress schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - } - ], - "required": [ - "enabled", - "annotations", - "hosts", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/ingress/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/ingress/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "hosts": { - "$id": "#/properties/ingress/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/hosts/items" - } - }, - "tls": { - "$id": "#/properties/ingress/properties/tls", - "type": "array", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/tls/items" - } - } - }, - "additionalProperties": true - }, - "broker": { - "$id": "#/properties/broker", - "type": "object", - "title": "The broker schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - } - ], - "required": [ - "envPrefix", - "port", - "ipv6enabled", - "ipv4enabled", - "noDevTrace", - "troe", - "cachedContextFolder", - "logging", - "db", - "metrics" - ], - "properties": { - "envPrefix": { - "$id": "#/properties/broker/properties/envPrefix", - "type": "string", - "title": "The envPrefix schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ORIONLD_" - ] - }, - "port": { - "$id": "#/properties/broker/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "ipv6enabled": { - "$id": "#/properties/broker/properties/ipv6enabled", - "type": "boolean", - "title": "The ipv6enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "ipv4enabled": { - "$id": "#/properties/broker/properties/ipv4enabled", - "type": "boolean", - "title": "The ipv4enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "noDevTrace": { - "$id": "#/properties/broker/properties/noDevTrace", - "type": "boolean", - "title": "The noDevTrace schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - true - ] - }, - "troe": { - "$id": "#/properties/broker/properties/troe", - "type": "object", - "title": "The troe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - } - ], - "required": [ - "enabled", - "dbHost", - "dbPort", - "dbUser", - "dbPassword" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/troe/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "dbHost": { - "$id": "#/properties/broker/properties/troe/properties/dbHost", - "type": "string", - "title": "The dbHost schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "postgres" - ] - }, - "dbPort": { - "$id": "#/properties/broker/properties/troe/properties/dbPort", - "type": "integer", - "title": "The dbPort schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 5432 - ] - }, - "dbUser": { - "$id": "#/properties/broker/properties/troe/properties/dbUser", - "type": "string", - "title": "The dbUser schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "user" - ] - }, - "dbPassword": { - "$id": "#/properties/broker/properties/troe/properties/dbPassword", - "type": "string", - "title": "The dbPassword schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "password" - ] - } - }, - "additionalProperties": true - }, - "cachedContextFolder": { - "$id": "#/properties/broker/properties/cachedContextFolder", - "type": "string", - "title": "The cachedContextFolder schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "/opt/orion/ldcontexts" - ] - }, - "logging": { - "$id": "#/properties/broker/properties/logging", - "type": "object", - "title": "The logging schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "level": "WARN" - } - ], - "required": [ - "level" - ], - "properties": { - "level": { - "$id": "#/properties/broker/properties/logging/properties/level", - "type": "string", - "title": "The level schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "WARN" - ] - } - }, - "additionalProperties": true - }, - "db": { - "$id": "#/properties/broker/properties/db", - "type": "object", - "title": "The db schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "hosts": [], - "name": "orion" - } - ], - "required": [ - "hosts", - "name" - ], - "properties": { - "hosts": { - "$id": "#/properties/broker/properties/db/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/broker/properties/db/properties/hosts/items" - } - }, - "name": { - "$id": "#/properties/broker/properties/db/properties/name", - "type": "string", - "title": "The name schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "orion" - ] - } - }, - "additionalProperties": true - }, - "metrics": { - "$id": "#/properties/broker/properties/metrics", - "type": "object", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": "false" - } - ], - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/metrics/properties/enabled", - "type": "string", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "false" - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "mongo": { - "$id": "#/properties/mongo", - "type": "object", - "title": "The mongo schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": true, - "image": { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - }, - "port": 27017 - } - ], - "required": [ - "enabled", - "image", - "port" - ], - "properties": { - "enabled": { - "$id": "#/properties/mongo/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - true - ] - }, - "image": { - "$id": "#/properties/mongo/properties/image", - "type": "object", - "title": "The image schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - } - ], - "required": [ - "pullPolicy", - "repository", - "tag" - ], - "properties": { - "pullPolicy": { - "$id": "#/properties/mongo/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "IfNotPresent" - ] - }, - "repository": { - "$id": "#/properties/mongo/properties/image/properties/repository", - "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "quay.io/opencloudio/ibm-mongodb" - ] - }, - "tag": { - "$id": "#/properties/mongo/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "4.0.24" - ] - } - }, - "additionalProperties": true - }, - "port": { - "$id": "#/properties/mongo/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 27017 - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true -} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.2/src/values.yaml b/charts/partners/fiware/orion-ld/1.0.2/src/values.yaml deleted file mode 100644 index db2b0e0c89..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.2/src/values.yaml +++ /dev/null @@ -1,302 +0,0 @@ -## Default values for orion. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# -- option to override the name config in the _helpers.tpl -nameOverride: "" -# -- option to override the fullname config in the _helpers.tpl -fullnameOverride: "" - -## configuration for the k8s service to access orion -service: - # -- service type - type: ClusterIP - # -- port to be used by the service - port: 1026 - # -- addtional annotations, if required - annotations: {} - -# -- if a orion specific service account should be used, it can be configured here -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - # -- specifies if the account should be created - create: false - -## deployment specific configuration -deployment: - # -- initial number of target replications, can be different if autoscaling is enabled - replicaCount: 1 - # -- number of old replicas to be retained - revisionHistoryLimit: 3 - ## configuration of the orion update strategy - updateStrategy: - # -- type of the update - type: RollingUpdate - # -- new pods will be added gradually - rollingUpdate: - # -- number of pods that can be created above the desired amount while updating - maxSurge: 1 - # -- number of pods that can be unavailable while updating - maxUnavailable: 0 - ## configuration of the image to be used - image: - # -- orion image name - # ref: https://hub.docker.com/r/fiware/orion/ - # ref: https://quay.io/repository/fiware/orion-ld - repository: quay.io/fiware/orion-ld - #repository: fiware/orion - # -- tag of the image to be used - tag: 1.0.1 - # -- specification of the image pull policy - pullPolicy: IfNotPresent - # -- additional labels for the deployment, if required - additionalLabels: {} - # -- additional annotations for the deployment, if required - additionalAnnotations: {} - # -- orion resource requests and limits, we leave the default empty to make that a concious choice by the user. - # for the autoscaling to make sense, you should configure this. - # resources: - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- selector template - # ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} - # -- tolerations template - # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # -- affinity template - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - ## liveness and readiness probes of the orion broker, they will be evaluated against the version endpoint - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - # -- additional sidepods for the deployment, if required - sidecars: [] - # -- additional volumes for the deployment, if required - volumes: [] - -## pod autoscaling configuration, use for automatic scaling of the broker pods -autoscaling: - # -- should autoscaling be enabled for the context broker - enabled: false - # -- minimum number of running pods - minReplicas: 1 - # -- maximum number of running pods - maxReplicas: 10 - # -- metrics to react on - metrics: [] - # -- List of MetricSpecs to decide whether to scale - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling - # scaler targets to hold average cpu around 80% - #- type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 80 - ## scaler targets to hold average memory around 80% - # - type: Resource - # resource: - # name: memory - # target: - # type: Utilization - # averageUtilization: 80 - -## openshift specific route definition. Will not work on plain k8s -route: - ## -- should the deployment create openshift routes - enabled: false - # -- annotations to be added to the route - annotations: {} - # -- host to be used - # host: localhost - # -- tls configuration for the route - tls: {} - # termination: edge - -## ingress configuration -ingress: - # -- should there be an ingress to connect orion with the public internet - enabled: false - # -- annotations to be added to the ingress - annotations: {} - # kubernetes.io/ingress.class: "ambassador" - ## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl. - # kubernetes.io/tls-acme: "true" - # ingress.kubernetes.io/ssl-redirect: "true" - # -- all hosts to be provided - hosts: [] - # -- provide a hosts and the paths that should be available - # - host: localhost - # paths: - # - / - # -- configure the ingress' tls - tls: [] - # - secretName: orion-tls - # hosts: - # - orion.fiware.org - - -## orion-broker specific configuration -# see defaults of the unset values at: -# ref: https://fiware-orion.readthedocs.io/en/master/admin/cli/index.html -broker: - # -- Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld - envPrefix: ORIONLD_ - # -- port that the broker is listening to - port: 1026 - # -- set to true if only ipv6 should be used, do not set both options to true - ipv6enabled: false - # -- set to true if only ipv4 should be used, do not set both options to true - ipv4enabled: false - # -- should the extended development tracing be disabled? - noDevTrace: true - # -- configuration of temporal entity representation - troe: - # -- should temporal representation of entities be enabled - enabled: false - # -- host of the postgres to be used - dbHost: postgres - # -- port of the postgres to be used - dbPort: 5432 - # -- username to authenticate with at postgres - dbUser: user - # -- password to authenticate with at postgres - dbPassword: password - ## connection pool of postgres - # poolSize: 10 - ## timeout in milliseconds for forwarding messages and notifications - # httpTimeout: 5 - ## the timeout in seconds for REST connection - # reqTimeout: 0 - ## cross-Origin Resource Sharing, specifing the allowed origin (use __ALL for *). - ## ref: https://fiware-orion.readthedocs.io/en/master/user/cors/index.html - # corsOrigin: - ## maximum time (in seconds) preflight requests are allowed to be cached - # corsMaxAge: 86400 - ## internal mutex policy - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#mutex-policy-impact-on-performance - # mutexPolicy: all - ## maximum number of forwarded requests to Context Providers for a single client request - # cprForwardLimit: 0 - ## interval in seconds between calls to subscription cache refresh - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#subscription-cache - # subCacheIval: 60 - ## disables the context subscription cache, so subscriptions searches are always done in DB - # noCache: false - ## sets the size of the connection memory buffer (in kB) per connection used internally by the HTTP server library - # connectionMemory: 64 - ## maximum number of simultaneous connections - # maxConnections: 1020 - ## size of thread pool for incoming connections - # reqPoolSize: 0 - ## max allowed size for incoming requests payloads, in bytes - # inReqPayloadMaxSize: 1024 - ## max allowed total size for request outgoing message, in bytes - # outReqMsgMaxSize: 8192 - ## allows to select notification mode, either: transient, permanent or threadpool:q:n - # notificationMode: transient - ## enables flow control mechanism - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#updates-flow-control-mechanism - # notificationFlowControl: - ## notifications are not sent, but recorded internally and shown in the statistics operation. only for debbuging - # simulatedNotification: false - ## disabled NGSIv2 custom notifications - # disableCustomNotifications: - ## allow HTTPS notifications to peers which certificate cannot be authenticated with known CA certificates - # insecureNotifEnabled: false - ## enables multiservice/multitenant mode - ## ref: https://fiware-orion.readthedocs.io/en/master/user/multitenancy/index.html - # multiserviceEnabled: true - ## enables forwarding for the ld endpoint - # forwardingEnabled: true - ## folder holding cached context's - cachedContextFolder: "/opt/orion/ldcontexts" - - ## logging configuration of the orion broker - logging: - # -- log level of the broker - level: "WARN" - ## specifies the initial trace levels for logging - # trace: 70 - ## log summary period in seconds - # summaryPeriod: 0 - ## to see every possible alarm-provoking failure in the log-file, even when an alarm is already active - # relogAlarms: false - ## to make the traces to standard out formated for humans - # forHumans: false - ## log line maximum length - # lineMaxSize: - ## for those log traces at INFO level that print request and/or response payloads, this is the maximum allowed size for those payloads - # infoPayloadMaxSize: - - ## database configuration - db: - # -- configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set - hosts: [] - # - mongodb - # -- the db to use. if running in multiservice mode, its used as a prefix. - name: orion - # --user for connecting mongo - # user: - # -- Existing secret to be used for database auth - # existingSecret: - # --name of the secret - # name: - # --key to get the password from - # key: - # -- Database authentication (not needed if MongoDB doesn't use --auth) - # auth: - # -- password to be used on mongo - # password: - # -- the MongoDB authentication mechanism to use in the case user and password is set - # mech: SCRAM-SHA-1 - # -- name of the replicaset - #replicaSet: rs0 - # -- enable SSL in the connection to MongoDB. needs to correspond with the mongoDB setting - # sslEnabled: true - # -- specifies the timeout in milliseconds for connections to the replica set - # timeout: - # -- database connection pool - # poolSize: 10 - # -- write concern for MongoDB write operations: acknowledged (1) or unacknowledged (0) - # writeConcern: 1 - - ## configratuion of orion metrics - metrics: - # -- enable or disable metrics gathering - enabled: "false" - # -- see statistics documentation for the following configurations - #ref: https://fiware-orion.readthedocs.io/en/master/admin/statistics/index.html - # statCountersEnabled: true - # statSemWaitEnabled: true - # statTimingEnabled: true - # statNotifQueueEnabled: true - -## Configuration for embedding mongodb into the chart. Do not use this in production. -mongo: - # -- should mongodb be enabled - enabled: true - ## configuration for the mongo image to be used - image: - # -- pull policy to be used for mongo - pullPolicy: IfNotPresent - # -- mongo image name - repository: quay.io/opencloudio/ibm-mongodb - # -- version of mongo - tag: 4.0.24 - # -- port to make mongo accessible at - port: 27017 diff --git a/charts/partners/fiware/orion-ld/1.0.3/report.yaml b/charts/partners/fiware/orion-ld/1.0.3/report.yaml deleted file mode 100644 index afc4dfb3e5..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts - digests: - chart: sha256:4fbe5370fcc2d45adf73d69320f2efb193c2946faf359b6436ac27dc06c8a359 - lastCertifiedTimestamp: "2022-05-05T12:16:10.065501+00:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.6' - chart: - name: orion-ld - home: https://github.com/FIWARE/context.Orion-LD - sources: - - https://github.com/FIWARE/context.Orion-LD - version: 1.0.3 - description: A Helm chart for running the fiware orion-ld context broker on kubernetes. - keywords: - - fiware - - orion-ld - maintainers: - - name: wistefan - email: stefan.wiedemann@fiware.org - url: "" - icon: https://fiware.github.io/catalogue/img/fiware.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.1 - deprecated: false - annotations: - charts.openshift.io/name: orion-ld - kubeversion: '>= 1.19' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/opencloudio/ibm-mongodb:4.0.24 - Image is Red Hat certified : quay.io/fiware/orion-ld:1.0.1 - Image is Red Hat certified : quay.io/opencloudio/curl:4.2.0-build.8 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/Chart.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/Chart.yaml deleted file mode 100644 index 2d9a074c48..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: orion-ld -version: 1.0.3 -appVersion: 1.0.1 -kubeVersion: '>= 1.19' -home: https://github.com/FIWARE/context.Orion-LD -description: A Helm chart for running the fiware orion-ld context broker on kubernetes. -icon: https://fiware.github.io/catalogue/img/fiware.png -keywords: -- fiware -- orion-ld -sources: -- https://github.com/FIWARE/context.Orion-LD -maintainers: -- name: wistefan - email: stefan.wiedemann@fiware.org -annotations: - charts.openshift.io/name: orion-ld \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/README.md b/charts/partners/fiware/orion-ld/1.0.3/src/README.md deleted file mode 100644 index 4dc06a56dd..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# orion-ld - -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![AppVersion: 1.0.1](https://img.shields.io/badge/AppVersion-1.0.1-informational?style=flat-square) - -A Helm chart for running the fiware orion-ld context broker on kubernetes. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| wistefan | stefan.wiedemann@fiware.org | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>= 1.19` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| autoscaling.enabled | bool | `false` | should autoscaling be enabled for the context broker | -| autoscaling.maxReplicas | int | `10` | maximum number of running pods | -| autoscaling.metrics | list | `[]` | metrics to react on | -| autoscaling.minReplicas | int | `1` | minimum number of running pods | -| broker.cachedContextFolder | string | `"/opt/orion/ldcontexts"` | | -| broker.db.hosts | list | `[]` | configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set | -| broker.db.name | string | `"orion"` | the db to use. if running in multiservice mode, its used as a prefix. | -| broker.envPrefix | string | `"ORIONLD_"` | Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld | -| broker.ipv4enabled | bool | `false` | set to true if only ipv4 should be used, do not set both options to true | -| broker.ipv6enabled | bool | `false` | set to true if only ipv6 should be used, do not set both options to true | -| broker.logging.level | string | `"WARN"` | log level of the broker | -| broker.metrics.enabled | string | `"false"` | enable or disable metrics gathering | -| broker.noDevTrace | bool | `true` | should the extended development tracing be disabled? | -| broker.port | int | `1026` | port that the broker is listening to | -| broker.troe | object | `{"dbHost":"postgres","dbPassword":"password","dbPort":5432,"dbUser":"user","enabled":false}` | configuration of temporal entity representation | -| broker.troe.dbHost | string | `"postgres"` | host of the postgres to be used | -| broker.troe.dbPassword | string | `"password"` | password to authenticate with at postgres | -| broker.troe.dbPort | int | `5432` | port of the postgres to be used | -| broker.troe.dbUser | string | `"user"` | username to authenticate with at postgres | -| broker.troe.enabled | bool | `false` | should temporal representation of entities be enabled | -| deployment.additionalAnnotations | object | `{}` | additional annotations for the deployment, if required | -| deployment.additionalLabels | object | `{}` | additional labels for the deployment, if required | -| deployment.affinity | object | `{}` | affinity template ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | -| deployment.image.pullPolicy | string | `"IfNotPresent"` | specification of the image pull policy | -| deployment.image.repository | string | `"quay.io/fiware/orion-ld"` | orion image name ref: https://hub.docker.com/r/fiware/orion/ ref: https://quay.io/repository/fiware/orion-ld | -| deployment.image.tag | string | `"1.0.1"` | tag of the image to be used | -| deployment.livenessProbe.initialDelaySeconds | int | `30` | | -| deployment.livenessProbe.periodSeconds | int | `10` | | -| deployment.livenessProbe.successThreshold | int | `1` | | -| deployment.livenessProbe.timeoutSeconds | int | `30` | | -| deployment.nodeSelector | object | `{}` | selector template ref: https://kubernetes.io/docs/user-guide/node-selection/ | -| deployment.readinessProbe.initialDelaySeconds | int | `30` | | -| deployment.readinessProbe.periodSeconds | int | `10` | | -| deployment.readinessProbe.successThreshold | int | `1` | | -| deployment.readinessProbe.timeoutSeconds | int | `30` | | -| deployment.replicaCount | int | `1` | initial number of target replications, can be different if autoscaling is enabled | -| deployment.revisionHistoryLimit | int | `3` | number of old replicas to be retained | -| deployment.sidecars | list | `[]` | additional sidepods for the deployment, if required | -| deployment.tolerations | list | `[]` | tolerations template ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | -| deployment.updateStrategy.rollingUpdate | object | `{"maxSurge":1,"maxUnavailable":0}` | new pods will be added gradually | -| deployment.updateStrategy.rollingUpdate.maxSurge | int | `1` | number of pods that can be created above the desired amount while updating | -| deployment.updateStrategy.rollingUpdate.maxUnavailable | int | `0` | number of pods that can be unavailable while updating | -| deployment.updateStrategy.type | string | `"RollingUpdate"` | type of the update | -| deployment.volumes | list | `[]` | additional volumes for the deployment, if required | -| fullnameOverride | string | `""` | option to override the fullname config in the _helpers.tpl | -| ingress.annotations | object | `{}` | annotations to be added to the ingress | -| ingress.enabled | bool | `false` | should there be an ingress to connect orion with the public internet | -| ingress.hosts | list | `[]` | all hosts to be provided | -| ingress.tls | list | `[]` | configure the ingress' tls | -| mongo.enabled | bool | `true` | should mongodb be enabled | -| mongo.image.pullPolicy | string | `"IfNotPresent"` | pull policy to be used for mongo | -| mongo.image.repository | string | `"quay.io/opencloudio/ibm-mongodb"` | mongo image name | -| mongo.image.tag | string | `"4.0.24"` | version of mongo | -| mongo.port | int | `27017` | port to make mongo accessible at | -| nameOverride | string | `""` | option to override the name config in the _helpers.tpl | -| route.annotations | object | `{}` | annotations to be added to the route | -| route.enabled | bool | `false` | | -| route.tls | object | `{}` | tls configuration for the route | -| service.annotations | object | `{}` | addtional annotations, if required | -| service.port | int | `1026` | port to be used by the service | -| service.type | string | `"ClusterIP"` | service type | -| serviceAccount | object | `{"create":false}` | if a orion specific service account should be used, it can be configured here ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | -| serviceAccount.create | bool | `false` | specifies if the account should be created | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.6.0](https://github.com/norwoodj/helm-docs/releases/v1.6.0) diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/NOTES.txt b/charts/partners/fiware/orion-ld/1.0.3/src/templates/NOTES.txt deleted file mode 100644 index 8095edd8d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Successfully deployed Orion-LD. - -Connect at {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/_helpers.tpl b/charts/partners/fiware/orion-ld/1.0.3/src/templates/_helpers.tpl deleted file mode 100644 index ae546054d7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "orion.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "orion.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "orion.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "orion.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "orion.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "orion.labels" -}} -app.kubernetes.io/name: {{ include "orion.name" . }} -helm.sh/chart: {{ include "orion.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-hpa.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-hpa.yaml deleted file mode 100644 index 89c5b3c8c7..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-hpa.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "orion.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} -{{- with .Values.autoscaling.metrics }} - metrics: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-mongo.yaml deleted file mode 100644 index e79ca1c634..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment-mongo.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }}-mongo - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - containers: - - name: mongo-db - imagePullPolicy: {{ .Values.mongo.image.pullPolicy }} - image: "{{ .Values.mongo.image.repository }}:{{ .Values.mongo.image.tag }}" - securityContext: - runAsUser: 999 - ports: - - name: mongo - containerPort: {{ .Values.mongo.port}} - protocol: TCP - livenessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 - readinessProbe: - exec: - command: - - bash - - -ec - - | - mongo --eval 'db.runCommand("ping").ok' 127.0.0.1:27017/test && echo 0 || echo 1 - initialDelaySeconds: 5 - periodSeconds: 5 -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment.yaml deleted file mode 100644 index b17046a3f3..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/deployment.yaml +++ /dev/null @@ -1,362 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }} - strategy: - {{- with .Values.deployment.updateStrategy }} - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - {{ include "orion.labels" . | nindent 8 }} - {{- with .Values.deployment.additionalLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.deployment.additionalAnnotations -}} - annotations: - {{- with .Values.deployment.additionalAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - spec: - serviceAccountName: {{ include "orion.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - {{ if and (.Values.broker.noDevTrace) (eq .Values.deployment.image.repository "fiware/orion-ld") }} - args: ["-lmtmp"] - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - command: ["/bin/bash", "-c", "/usr/bin/contextBroker -fg | sed '/SUMMARY/w /tmp/healthcheck'"] - {{ end }} - ports: - - name: http - containerPort: {{ .Values.broker.port}} - protocol: TCP - {{ if eq .Values.deployment.image.repository "fiware/orion-ld" }} - readinessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds}} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds}} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - tcpSocket: - port: 1027 - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - # special handling for the health check of telefonica/orion - {{ if eq .Values.broker.envPrefix "ORION_" }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.readinessProbe.timeoutSeconds }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - "echo /tmp/healthcheck? && true > /tmp/healthcheck" - initialDelaySeconds: {{ .Values.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.deployment.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.deployment.livenessProbe.timeoutSeconds }} - {{ end }} - env: - # general - - name: {{ .Values.broker.envPrefix }}PORT - value: {{ .Values.broker.port | quote }} - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}SOCKET_SERVICE_PORT - value: "1027" - - name: {{ .Values.broker.envPrefix }}DISABLE_FILE_LOG - value: "TRUE" - - name: {{ .Values.broker.envPrefix }}CACHED_CONTEXT_DIRECTORY - value: {{ .Values.broker.cachedContextFolder }} - {{- if and (eq .Values.broker.ipv4enabled true) (eq .Values.broker.ipv6enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV4 - value: "TRUE" - {{- end }} - {{- if and (eq .Values.broker.ipv6enabled true) (eq .Values.broker.ipv4enabled false) }} - - name: {{ .Values.broker.envPrefix }}USEIPV6 - value: "TRUE" - {{- end }} - {{- if .Values.broker.httpTimeout }} - - name: {{ .Values.broker.envPrefix }}HTTP_TIMEOUT - value: {{ .Values.broker.httpTimeout }} - {{- end }} - {{- if .Values.broker.reqTimeout }} - - name: {{ .Values.broker.envPrefix }}REQ_TIMEOUT - value: {{ .Values.broker.reqTimeout }} - {{- end }} - {{- if .Values.broker.corsOrigin }} - - name: {{ .Values.broker.envPrefix }}CORS_ALLOWED_ORIGIN - value: {{ .Values.broker.corsOrigin }} - {{- end }} - {{- if .Values.broker.corsMaxAge }} - - name: {{ .Values.broker.envPrefix }}CORS_MAX_AGE - value: {{ .Values.broker.corsMaxAge }} - {{- end }} - {{- if .Values.broker.mutexPolicy }} - - name: {{ .Values.broker.envPrefix }}MUTEX_POLICY - value: {{ .Values.broker.mutexPolicy }} - {{- end }} - {{- if .Values.broker.cprForwardLimit }} - - name: {{ .Values.broker.envPrefix }}CPR_FORWARD_LIMIT - value: {{ .Values.broker.cprForwardLimit }} - {{- end }} - {{- if .Values.broker.subCacheIval }} - - name: {{ .Values.broker.envPrefix }}SUBCACHE_IVAL - value: {{ .Values.broker.subCacheIval }} - {{- end }} - {{- if .Values.broker.noCache }} - - name: {{ .Values.broker.envPrefix }}NOCACHE - value: {{ .Values.broker.noCache | upper | quote }} - {{- end }} - {{- if .Values.broker.connectionMemory }} - - name: {{ .Values.broker.envPrefix }}CONN_MEMORY - value: {{ .Values.broker.connectionMemory }} - {{- end }} - {{- if .Values.broker.maxConnections }} - - name: {{ .Values.broker.envPrefix }}MAX_CONN - value: {{ .Values.broker.maxConnections | quote }} - {{- end }} - {{- if .Values.broker.reqPoolSize }} - - name: {{ .Values.broker.envPrefix }}TRQ_POOL_SIZE - value: {{ .Values.broker.reqPoolSize | quote }} - {{- end }} - {{- if .Values.broker.inReqPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}IN_REQ_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.inReqPayloadMaxSize }} - {{- end }} - {{- if .Values.broker.outReqMsgMaxSize }} - - name: {{ .Values.broker.envPrefix }}OUT_REQ_MSG_MAX_SIZE - value: {{ .Values.broker.outReqMsgMaxSize }} - {{- end }} - {{- if .Values.broker.notificationMode }} - - name: {{ .Values.broker.envPrefix }}NOTIF_MODE - value: {{ .Values.broker.notificationMode }} - {{- end }} - {{- if .Values.broker.notificationFlowControl }} - - name: {{ .Values.broker.envPrefix }}NOTIF_FLOW_CONTROL - value: {{ .Values.broker.notificationFlowControl }} - {{- end }} - {{- if .Values.broker.simulatedNotification }} - - name: {{ .Values.broker.envPrefix }}DROP_NOTIF - value: {{ .Values.broker.simulatedNotification }} - {{- end }} - {{- if .Values.broker.disableCustomNotifications }} - - name: {{ .Values.broker.envPrefix }}DISABLE_CUSTOM_NOTIF - value: {{ .Values.broker.disableCustomNotifications | upper }} - {{- end }} - {{- if .Values.broker.insecureNotifEnabled }} - - name: {{ .Values.broker.envPrefix }}INSECURE_NOTIF - value: {{ .Values.broker.insecureNotifEnabled | upper }} - {{- end }} - {{- if .Values.broker.forwardingEnabled }} - - name: {{ .Values.broker.envPrefix }}FORWARDING - value: {{ .Values.broker.forwardingEnabled | quote | upper }} - {{- end }} - - # db - - name: {{ .Values.broker.envPrefix }}MONGO_HOST - {{- if .Values.mongo.enabled }} - value: {{ include "orion.fullname" . }}-mongo:27017 - {{- else }} - value: {{ join "," .Values.broker.db.hosts }} - {{- end }} - - name: {{ .Values.broker.envPrefix }}MONGO_DB - value: {{ .Values.broker.db.name }} - {{ $numHosts := len .Values.broker.db.hosts }} - {{- if gt $numHosts 1 -}} - - name: {{ .Values.broker.envPrefix }}MONGO_REPLICA_SET - value: {{ .Values.broker.db.replicaSet }} - {{- end }} - {{- if .Values.broker.db.existingSecret }} - - name: {{ .Values.broker.envPrefix }}MONGO_USER - value: {{ .Values.broker.db.user }} - - name: {{ .Values.broker.envPrefix }}MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.broker.db.existingSecret.name }} - key: {{ .Values.broker.db.existingSecret.key }} - {{- end }} - {{- if .Values.broker.db.auth }} - - name: {{ .Values.broker.envPrefix }}MONGO_USER - value: {{ .Values.broker.db.user }} - - name: {{ .Values.broker.envPrefix }}MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orion.fullname" . }} - key: dbPassword - {{- if .Values.broker.db.auth.mech }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_MECH - value: {{ .Values.broker.db.auth.mech }} - {{- end }} - {{- end }} - {{- if .Values.broker.db.sslEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_SSL - value: {{ .Values.broker.db.sslEnabled | upper }} - {{- end }} - {{- if .Values.broker.db.timeout }} - - name: {{ .Values.broker.envPrefix }}MONGO_TIMEOUT - value: {{ .Values.broker.db.timeout }} - {{- end }} - {{- if .Values.broker.db.poolSize }} - - name: {{ .Values.broker.envPrefix }}MONGO_POOL_SIZE - value: {{ .Values.broker.db.poolSize | quote }} - {{- end }} - {{- if .Values.broker.db.writeConcern }} - - name: {{ .Values.broker.envPrefix }}MONGO_WRITE_CONCERN - value: {{ .Values.broker.db.writeConcern }} - {{- end }} - - # tenancy - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MULTI_SERVICE - value: {{ .Values.broker.multiserviceEnabled | upper }} - {{- end }} - {{- if .Values.broker.multiserviceEnabled }} - - name: {{ .Values.broker.envPrefix }}MONGO_AUTH_SOURCE - value: admin - {{- end }} - - # metrics - {{ if .Values.broker.metrics }} - {{ if eq .Values.broker.metrics.enabled "false" }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}DISABLE_METRICS - value: "FALSE" - {{- end }} - {{ if .Values.broker.metrics.statCountersEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_COUNTERS - value: {{ .Values.broker.metrics.statCountersEnabled | upper }} - {{ end }} - {{ if .Values.broker.metrics.statSemWaitEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_SEM_WAIT - value: {{ .Values.broker.metrics.statSemWaitEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statTimingEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_TIMING - value: {{ .Values.broker.metrics.statTimingEnabled | upper }} - {{- end }} - {{ if .Values.broker.metrics.statNotifQueueEnabled }} - - name: {{ .Values.broker.envPrefix }}STAT_NOTIF_QUEUE - value: {{ .Values.broker.metrics.statNotifQueueEnabled | upper }} - {{- end }} - {{- end }} - - # logging - - name: {{ .Values.broker.envPrefix }}LOG_LEVEL - value: {{ .Values.broker.logging.level }} - {{- if .Values.broker.logging.dir }} - - name: {{ .Values.broker.envPrefix }}LOG_DIR - value: {{ .Values.broker.logging.dir }} - {{- end }} - {{- if .Values.broker.logging.append }} - - name: {{ .Values.broker.envPrefix }}LOG_APPEND - value: {{ .Values.broker.logging.append }} - {{- end }} - {{- if .Values.broker.logging.trace }} - - name: {{ .Values.broker.envPrefix }}TRACE - value: {{ .Values.broker.logging.trace }} - {{- end }} - {{- if .Values.broker.logging.summaryPeriod }} - - name: {{ .Values.broker.envPrefix }}LOG_SUMMARY_PERIOD - value: {{ .Values.broker.logging.summaryPeriod | quote }} - {{- end }} - {{- if .Values.broker.logging.relogAlarms }} - - name: {{ .Values.broker.envPrefix }}RELOG_ALARMS - value: {{ .Values.broker.logging.relogAlarms | upper }} - {{- end }} - {{- if .Values.broker.logging.forHumans }} - - name: {{ .Values.broker.envPrefix }}LOG_FOR_HUMANS - value: {{ .Values.broker.logging.forHumans | upper }} - {{- end }} - {{- if .Values.broker.logging.lineMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_LINE_MAX_SIZE - value: {{ .Values.broker.logging.lineMaxSize }} - {{- end }} - {{- if .Values.broker.logging.infoPayloadMaxSize }} - - name: {{ .Values.broker.envPrefix }}LOG_INFO_PAYLOAD_MAX_SIZE - value: {{ .Values.broker.logging.infoPayloadMaxSize }} - {{- end }} - - ##TROE - {{ if .Values.broker.troe }} - {{ if eq .Values.broker.troe.enabled true }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "TRUE" - {{ else }} - - name: {{ .Values.broker.envPrefix }}TROE - value: "FALSE" - {{- end -}} - {{ if .Values.broker.troe.dbUser }} - - name: {{ .Values.broker.envPrefix }}TROE_USER - value: {{ .Values.broker.troe.dbUser }} - {{ end }} - {{ if .Values.broker.troe.dbPassword }} - - name: {{ .Values.broker.envPrefix }}TROE_PWD - value: {{ .Values.broker.troe.dbPassword }} - {{ end }} - {{ if .Values.broker.troe.dbHost }} - - name: {{ .Values.broker.envPrefix }}TROE_HOST - value: {{ .Values.broker.troe.dbHost }} - {{ end }} - {{ if .Values.broker.troe.dbPort }} - - name: {{ .Values.broker.envPrefix }}TROE_PORT - value: {{ .Values.broker.troe.dbPort | quote }} - {{ end }} - {{ if .Values.broker.troe.dbPoolsize }} - - name: {{ .Values.broker.envPrefix }}TROE_POOL_SIZE - value: {{ .Values.broker.troe.dbPoolsize | quote }} - {{ end }} - {{- end }} - resources: - {{- toYaml .Values.deployment.resources | nindent 12 }} - {{- if .Values.deployment.sidecars }} - {{- toYaml .Values.deployment.sidecars | nindent 8 }} - {{- end }} - {{- if .Values.deployment.volumes }} - volumes: - {{- toYaml .Values.deployment.volumes | nindent 8 }} - {{- end }} - {{- with .Values.deployment.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/ingress.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/ingress.yaml deleted file mode 100644 index 2ea573ab08..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.ingress.annotations }} - annotations: - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/route.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/route.yaml deleted file mode 100644 index 695e9a5208..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/route.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.route.enabled -}} -{{- $fullName := include "orion.fullname" . -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} - {{- if .Values.route.annotations }} - annotations: - {{- with .Values.route.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - host: {{ .Values.route.host}} - to: - kind: Service - name: {{ $fullName }} - {{- if .Values.route.tls }} - tls: - {{- with .Values.route.tls }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/secret.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/secret.yaml deleted file mode 100644 index a482294488..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.broker.db.auth -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "orion.fullname" . }} - labels: - {{ include "orion.labels" . | nindent 4 }} -type: Opaque -data: - dbPassword: {{ .Values.broker.db.auth.password | b64enc }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/service-mongo.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/service-mongo.yaml deleted file mode 100644 index e3842429dd..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/service-mongo.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.mongo.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }}-mongo - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - helm.sh/chart: {{ include "orion.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.mongo.port }} - targetPort: {{ .Values.mongo.port }} - protocol: TCP - name: mongo - selector: - app.kubernetes.io/name: {{ include "orion.name" . }}-mongo - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/service.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/service.yaml deleted file mode 100644 index c71e5a8354..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "orion.fullname" . }} - {{- if .Values.service.annotations }} - annotations: - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.broker.port }} - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "orion.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/serviceaccount.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/serviceaccount.yaml deleted file mode 100644 index 6c6d08f008..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "orion.fullname" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} - labels: - {{ include "orion.labels" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/orion-test.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/orion-test.yaml deleted file mode 100644 index 3ced9a257a..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/orion-test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-orion-test" - labels: - {{ include "orion.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - argocd.argoproj.io/hook: PostSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded -spec: - containers: - - name: curl - image: quay.io/opencloudio/curl:4.2.0-build.8 - command: - - /bin/sh - - /test-script/test.sh - volumeMounts: - - name: orion-test-script - mountPath: /test-script - volumes: - - name: orion-test-script - configMap: - name: {{ .Release.Name }}-orion-test - restartPolicy: Never \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/test-config.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/test-config.yaml deleted file mode 100644 index a1f681591e..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/templates/tests/test-config.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Release.Name }}-orion-test" - labels: - {{ include "orion.labels" . | nindent 4 }} - annotations: - argocd.argoproj.io/hook: PostSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded -data: - test.sh: |- - # Creates entity - curl -f -X POST {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/ngsi-ld/v1/entities/ \ - -H 'Content-Type: application/json' \ - -d '{ - "id": "urn:ngsi-ld:test:test-entity", - "type": "test" - }' - # Gets entity - curl -f -X GET {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/ngsi-ld/v1/entities/urn:ngsi-ld:test:test-entity - - # Deletes entity - curl -f -X DELETE {{ include "orion.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/ngsi-ld/v1/entities/urn:ngsi-ld:test:test-entity diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/values.schema.json b/charts/partners/fiware/orion-ld/1.0.3/src/values.schema.json deleted file mode 100644 index 2a9740e334..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/values.schema.json +++ /dev/null @@ -1,1231 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "The root schema", - "description": "The root schema comprises the entire JSON document.", - "default": {}, - "examples": [ - { - "nameOverride": "", - "fullnameOverride": "", - "service": { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - }, - "serviceAccount": { - "create": false - }, - "deployment": { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - }, - "autoscaling": { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - }, - "route": { - "enabled": false, - "annotations": {}, - "tls": {} - }, - "ingress": { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - }, - "broker": { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - }, - "mongo": { - "enabled": true, - "image": { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - }, - "port": 27017 - } - } - ], - "required": [ - "nameOverride", - "fullnameOverride", - "service", - "serviceAccount", - "deployment", - "autoscaling", - "route", - "ingress", - "broker", - "mongo" - ], - "properties": { - "nameOverride": { - "$id": "#/properties/nameOverride", - "type": "string", - "title": "The nameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "fullnameOverride": { - "$id": "#/properties/fullnameOverride", - "type": "string", - "title": "The fullnameOverride schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "" - ] - }, - "service": { - "$id": "#/properties/service", - "type": "object", - "title": "The service schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "ClusterIP", - "port": 1026, - "annotations": {} - } - ], - "required": [ - "type", - "port", - "annotations" - ], - "properties": { - "type": { - "$id": "#/properties/service/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ClusterIP" - ] - }, - "port": { - "$id": "#/properties/service/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "annotations": { - "$id": "#/properties/service/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "serviceAccount": { - "$id": "#/properties/serviceAccount", - "type": "object", - "title": "The serviceAccount schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "create": false - } - ], - "required": [ - "create" - ], - "properties": { - "create": { - "$id": "#/properties/serviceAccount/properties/create", - "type": "boolean", - "title": "The create schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - } - }, - "additionalProperties": true - }, - "deployment": { - "$id": "#/properties/deployment", - "type": "object", - "title": "The deployment schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "replicaCount": 1, - "revisionHistoryLimit": 3, - "updateStrategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - }, - "image": { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - }, - "additionalLabels": {}, - "additionalAnnotations": {}, - "nodeSelector": {}, - "tolerations": [], - "affinity": {}, - "livenessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "readinessProbe": { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "sidecars": [], - "volumes": [] - } - ], - "required": [ - "replicaCount", - "revisionHistoryLimit", - "updateStrategy", - "image", - "additionalLabels", - "additionalAnnotations", - "nodeSelector", - "tolerations", - "affinity", - "livenessProbe", - "readinessProbe", - "sidecars", - "volumes" - ], - "properties": { - "replicaCount": { - "$id": "#/properties/deployment/properties/replicaCount", - "type": "integer", - "title": "The replicaCount schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "revisionHistoryLimit": { - "$id": "#/properties/deployment/properties/revisionHistoryLimit", - "type": "integer", - "title": "The revisionHistoryLimit schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 3 - ] - }, - "updateStrategy": { - "$id": "#/properties/deployment/properties/updateStrategy", - "type": "object", - "title": "The updateStrategy schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "type": "RollingUpdate", - "rollingUpdate": { - "maxSurge": 1, - "maxUnavailable": 0 - } - } - ], - "required": [ - "type", - "rollingUpdate" - ], - "properties": { - "type": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/type", - "type": "string", - "title": "The type schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "RollingUpdate" - ] - }, - "rollingUpdate": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate", - "type": "object", - "title": "The rollingUpdate schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "maxSurge": 1, - "maxUnavailable": 0 - } - ], - "required": [ - "maxSurge", - "maxUnavailable" - ], - "properties": { - "maxSurge": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxSurge", - "type": "integer", - "title": "The maxSurge schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxUnavailable": { - "$id": "#/properties/deployment/properties/updateStrategy/properties/rollingUpdate/properties/maxUnavailable", - "type": "integer", - "title": "The maxUnavailable schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 0 - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "image": { - "$id": "#/properties/deployment/properties/image", - "type": "object", - "title": "The image schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "repository": "quay.io/fiware/orion-ld", - "tag": "1.0.1", - "pullPolicy": "IfNotPresent" - } - ], - "required": [ - "repository", - "tag", - "pullPolicy" - ], - "properties": { - "repository": { - "$id": "#/properties/deployment/properties/image/properties/repository", - "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "quay.io/fiware/orion-ld" - ] - }, - "tag": { - "$id": "#/properties/deployment/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "1.0.1" - ] - }, - "pullPolicy": { - "$id": "#/properties/deployment/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "IfNotPresent" - ] - } - }, - "additionalProperties": true - }, - "additionalLabels": { - "$id": "#/properties/deployment/properties/additionalLabels", - "type": "object", - "title": "The additionalLabels schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "additionalAnnotations": { - "$id": "#/properties/deployment/properties/additionalAnnotations", - "type": "object", - "title": "The additionalAnnotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "nodeSelector": { - "$id": "#/properties/deployment/properties/nodeSelector", - "type": "object", - "title": "The nodeSelector schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tolerations": { - "$id": "#/properties/deployment/properties/tolerations", - "type": "array", - "title": "The tolerations schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/tolerations/items" - } - }, - "affinity": { - "$id": "#/properties/deployment/properties/affinity", - "type": "object", - "title": "The affinity schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "livenessProbe": { - "$id": "#/properties/deployment/properties/livenessProbe", - "type": "object", - "title": "The livenessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/livenessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "readinessProbe": { - "$id": "#/properties/deployment/properties/readinessProbe", - "type": "object", - "title": "The readinessProbe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - } - ], - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "properties": { - "initialDelaySeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/initialDelaySeconds", - "type": "integer", - "title": "The initialDelaySeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - }, - "periodSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/periodSeconds", - "type": "integer", - "title": "The periodSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "successThreshold": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/successThreshold", - "type": "integer", - "title": "The successThreshold schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "timeoutSeconds": { - "$id": "#/properties/deployment/properties/readinessProbe/properties/timeoutSeconds", - "type": "integer", - "title": "The timeoutSeconds schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 30 - ] - } - }, - "additionalProperties": true - }, - "sidecars": { - "$id": "#/properties/deployment/properties/sidecars", - "type": "array", - "title": "The sidecars schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/sidecars/items" - } - }, - "volumes": { - "$id": "#/properties/deployment/properties/volumes", - "type": "array", - "title": "The volumes schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/deployment/properties/volumes/items" - } - } - }, - "additionalProperties": true - }, - "autoscaling": { - "$id": "#/properties/autoscaling", - "type": "object", - "title": "The autoscaling schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "minReplicas": 1, - "maxReplicas": 10, - "metrics": [] - } - ], - "required": [ - "enabled", - "minReplicas", - "maxReplicas", - "metrics" - ], - "properties": { - "enabled": { - "$id": "#/properties/autoscaling/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "minReplicas": { - "$id": "#/properties/autoscaling/properties/minReplicas", - "type": "integer", - "title": "The minReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1 - ] - }, - "maxReplicas": { - "$id": "#/properties/autoscaling/properties/maxReplicas", - "type": "integer", - "title": "The maxReplicas schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 10 - ] - }, - "metrics": { - "$id": "#/properties/autoscaling/properties/metrics", - "type": "array", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/autoscaling/properties/metrics/items" - } - } - }, - "additionalProperties": true - }, - "route": { - "$id": "#/properties/route", - "type": "object", - "title": "The route schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "tls": {} - } - ], - "required": [ - "enabled", - "annotations", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/route/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/route/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "tls": { - "$id": "#/properties/route/properties/tls", - "type": "object", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "ingress": { - "$id": "#/properties/ingress", - "type": "object", - "title": "The ingress schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "annotations": {}, - "hosts": [], - "tls": [] - } - ], - "required": [ - "enabled", - "annotations", - "hosts", - "tls" - ], - "properties": { - "enabled": { - "$id": "#/properties/ingress/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "annotations": { - "$id": "#/properties/ingress/properties/annotations", - "type": "object", - "title": "The annotations schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - {} - ], - "required": [], - "additionalProperties": true - }, - "hosts": { - "$id": "#/properties/ingress/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/hosts/items" - } - }, - "tls": { - "$id": "#/properties/ingress/properties/tls", - "type": "array", - "title": "The tls schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/ingress/properties/tls/items" - } - } - }, - "additionalProperties": true - }, - "broker": { - "$id": "#/properties/broker", - "type": "object", - "title": "The broker schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "envPrefix": "ORIONLD_", - "port": 1026, - "ipv6enabled": false, - "ipv4enabled": false, - "noDevTrace": true, - "troe": { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - }, - "cachedContextFolder": "/opt/orion/ldcontexts", - "logging": { - "level": "WARN" - }, - "db": { - "hosts": [], - "name": "orion" - }, - "metrics": { - "enabled": "false" - } - } - ], - "required": [ - "envPrefix", - "port", - "ipv6enabled", - "ipv4enabled", - "noDevTrace", - "troe", - "cachedContextFolder", - "logging", - "db", - "metrics" - ], - "properties": { - "envPrefix": { - "$id": "#/properties/broker/properties/envPrefix", - "type": "string", - "title": "The envPrefix schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "ORIONLD_" - ] - }, - "port": { - "$id": "#/properties/broker/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 1026 - ] - }, - "ipv6enabled": { - "$id": "#/properties/broker/properties/ipv6enabled", - "type": "boolean", - "title": "The ipv6enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "ipv4enabled": { - "$id": "#/properties/broker/properties/ipv4enabled", - "type": "boolean", - "title": "The ipv4enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "noDevTrace": { - "$id": "#/properties/broker/properties/noDevTrace", - "type": "boolean", - "title": "The noDevTrace schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - true - ] - }, - "troe": { - "$id": "#/properties/broker/properties/troe", - "type": "object", - "title": "The troe schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": false, - "dbHost": "postgres", - "dbPort": 5432, - "dbUser": "user", - "dbPassword": "password" - } - ], - "required": [ - "enabled", - "dbHost", - "dbPort", - "dbUser", - "dbPassword" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/troe/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - false - ] - }, - "dbHost": { - "$id": "#/properties/broker/properties/troe/properties/dbHost", - "type": "string", - "title": "The dbHost schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "postgres" - ] - }, - "dbPort": { - "$id": "#/properties/broker/properties/troe/properties/dbPort", - "type": "integer", - "title": "The dbPort schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 5432 - ] - }, - "dbUser": { - "$id": "#/properties/broker/properties/troe/properties/dbUser", - "type": "string", - "title": "The dbUser schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "user" - ] - }, - "dbPassword": { - "$id": "#/properties/broker/properties/troe/properties/dbPassword", - "type": "string", - "title": "The dbPassword schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "password" - ] - } - }, - "additionalProperties": true - }, - "cachedContextFolder": { - "$id": "#/properties/broker/properties/cachedContextFolder", - "type": "string", - "title": "The cachedContextFolder schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "/opt/orion/ldcontexts" - ] - }, - "logging": { - "$id": "#/properties/broker/properties/logging", - "type": "object", - "title": "The logging schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "level": "WARN" - } - ], - "required": [ - "level" - ], - "properties": { - "level": { - "$id": "#/properties/broker/properties/logging/properties/level", - "type": "string", - "title": "The level schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "WARN" - ] - } - }, - "additionalProperties": true - }, - "db": { - "$id": "#/properties/broker/properties/db", - "type": "object", - "title": "The db schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "hosts": [], - "name": "orion" - } - ], - "required": [ - "hosts", - "name" - ], - "properties": { - "hosts": { - "$id": "#/properties/broker/properties/db/properties/hosts", - "type": "array", - "title": "The hosts schema", - "description": "An explanation about the purpose of this instance.", - "default": [], - "examples": [ - [] - ], - "additionalItems": true, - "items": { - "$id": "#/properties/broker/properties/db/properties/hosts/items" - } - }, - "name": { - "$id": "#/properties/broker/properties/db/properties/name", - "type": "string", - "title": "The name schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "orion" - ] - } - }, - "additionalProperties": true - }, - "metrics": { - "$id": "#/properties/broker/properties/metrics", - "type": "object", - "title": "The metrics schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": "false" - } - ], - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "$id": "#/properties/broker/properties/metrics/properties/enabled", - "type": "string", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "false" - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true - }, - "mongo": { - "$id": "#/properties/mongo", - "type": "object", - "title": "The mongo schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "enabled": true, - "image": { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - }, - "port": 27017 - } - ], - "required": [ - "enabled", - "image", - "port" - ], - "properties": { - "enabled": { - "$id": "#/properties/mongo/properties/enabled", - "type": "boolean", - "title": "The enabled schema", - "description": "An explanation about the purpose of this instance.", - "default": false, - "examples": [ - true - ] - }, - "image": { - "$id": "#/properties/mongo/properties/image", - "type": "object", - "title": "The image schema", - "description": "An explanation about the purpose of this instance.", - "default": {}, - "examples": [ - { - "pullPolicy": "IfNotPresent", - "repository": "quay.io/opencloudio/ibm-mongodb", - "tag": "4.0.24" - } - ], - "required": [ - "pullPolicy", - "repository", - "tag" - ], - "properties": { - "pullPolicy": { - "$id": "#/properties/mongo/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "IfNotPresent" - ] - }, - "repository": { - "$id": "#/properties/mongo/properties/image/properties/repository", - "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "quay.io/opencloudio/ibm-mongodb" - ] - }, - "tag": { - "$id": "#/properties/mongo/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", - "description": "An explanation about the purpose of this instance.", - "default": "", - "examples": [ - "4.0.24" - ] - } - }, - "additionalProperties": true - }, - "port": { - "$id": "#/properties/mongo/properties/port", - "type": "integer", - "title": "The port schema", - "description": "An explanation about the purpose of this instance.", - "default": 0, - "examples": [ - 27017 - ] - } - }, - "additionalProperties": true - } - }, - "additionalProperties": true -} \ No newline at end of file diff --git a/charts/partners/fiware/orion-ld/1.0.3/src/values.yaml b/charts/partners/fiware/orion-ld/1.0.3/src/values.yaml deleted file mode 100644 index db2b0e0c89..0000000000 --- a/charts/partners/fiware/orion-ld/1.0.3/src/values.yaml +++ /dev/null @@ -1,302 +0,0 @@ -## Default values for orion. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -# -- option to override the name config in the _helpers.tpl -nameOverride: "" -# -- option to override the fullname config in the _helpers.tpl -fullnameOverride: "" - -## configuration for the k8s service to access orion -service: - # -- service type - type: ClusterIP - # -- port to be used by the service - port: 1026 - # -- addtional annotations, if required - annotations: {} - -# -- if a orion specific service account should be used, it can be configured here -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - # -- specifies if the account should be created - create: false - -## deployment specific configuration -deployment: - # -- initial number of target replications, can be different if autoscaling is enabled - replicaCount: 1 - # -- number of old replicas to be retained - revisionHistoryLimit: 3 - ## configuration of the orion update strategy - updateStrategy: - # -- type of the update - type: RollingUpdate - # -- new pods will be added gradually - rollingUpdate: - # -- number of pods that can be created above the desired amount while updating - maxSurge: 1 - # -- number of pods that can be unavailable while updating - maxUnavailable: 0 - ## configuration of the image to be used - image: - # -- orion image name - # ref: https://hub.docker.com/r/fiware/orion/ - # ref: https://quay.io/repository/fiware/orion-ld - repository: quay.io/fiware/orion-ld - #repository: fiware/orion - # -- tag of the image to be used - tag: 1.0.1 - # -- specification of the image pull policy - pullPolicy: IfNotPresent - # -- additional labels for the deployment, if required - additionalLabels: {} - # -- additional annotations for the deployment, if required - additionalAnnotations: {} - # -- orion resource requests and limits, we leave the default empty to make that a concious choice by the user. - # for the autoscaling to make sense, you should configure this. - # resources: - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- selector template - # ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} - # -- tolerations template - # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # -- affinity template - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - ## liveness and readiness probes of the orion broker, they will be evaluated against the version endpoint - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - # -- additional sidepods for the deployment, if required - sidecars: [] - # -- additional volumes for the deployment, if required - volumes: [] - -## pod autoscaling configuration, use for automatic scaling of the broker pods -autoscaling: - # -- should autoscaling be enabled for the context broker - enabled: false - # -- minimum number of running pods - minReplicas: 1 - # -- maximum number of running pods - maxReplicas: 10 - # -- metrics to react on - metrics: [] - # -- List of MetricSpecs to decide whether to scale - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling - # scaler targets to hold average cpu around 80% - #- type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 80 - ## scaler targets to hold average memory around 80% - # - type: Resource - # resource: - # name: memory - # target: - # type: Utilization - # averageUtilization: 80 - -## openshift specific route definition. Will not work on plain k8s -route: - ## -- should the deployment create openshift routes - enabled: false - # -- annotations to be added to the route - annotations: {} - # -- host to be used - # host: localhost - # -- tls configuration for the route - tls: {} - # termination: edge - -## ingress configuration -ingress: - # -- should there be an ingress to connect orion with the public internet - enabled: false - # -- annotations to be added to the ingress - annotations: {} - # kubernetes.io/ingress.class: "ambassador" - ## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl. - # kubernetes.io/tls-acme: "true" - # ingress.kubernetes.io/ssl-redirect: "true" - # -- all hosts to be provided - hosts: [] - # -- provide a hosts and the paths that should be available - # - host: localhost - # paths: - # - / - # -- configure the ingress' tls - tls: [] - # - secretName: orion-tls - # hosts: - # - orion.fiware.org - - -## orion-broker specific configuration -# see defaults of the unset values at: -# ref: https://fiware-orion.readthedocs.io/en/master/admin/cli/index.html -broker: - # -- Prefix to be used for env-vars in orion. Must be ORION_ for orion and ORIONLD_ for orion-ld - envPrefix: ORIONLD_ - # -- port that the broker is listening to - port: 1026 - # -- set to true if only ipv6 should be used, do not set both options to true - ipv6enabled: false - # -- set to true if only ipv4 should be used, do not set both options to true - ipv4enabled: false - # -- should the extended development tracing be disabled? - noDevTrace: true - # -- configuration of temporal entity representation - troe: - # -- should temporal representation of entities be enabled - enabled: false - # -- host of the postgres to be used - dbHost: postgres - # -- port of the postgres to be used - dbPort: 5432 - # -- username to authenticate with at postgres - dbUser: user - # -- password to authenticate with at postgres - dbPassword: password - ## connection pool of postgres - # poolSize: 10 - ## timeout in milliseconds for forwarding messages and notifications - # httpTimeout: 5 - ## the timeout in seconds for REST connection - # reqTimeout: 0 - ## cross-Origin Resource Sharing, specifing the allowed origin (use __ALL for *). - ## ref: https://fiware-orion.readthedocs.io/en/master/user/cors/index.html - # corsOrigin: - ## maximum time (in seconds) preflight requests are allowed to be cached - # corsMaxAge: 86400 - ## internal mutex policy - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#mutex-policy-impact-on-performance - # mutexPolicy: all - ## maximum number of forwarded requests to Context Providers for a single client request - # cprForwardLimit: 0 - ## interval in seconds between calls to subscription cache refresh - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#subscription-cache - # subCacheIval: 60 - ## disables the context subscription cache, so subscriptions searches are always done in DB - # noCache: false - ## sets the size of the connection memory buffer (in kB) per connection used internally by the HTTP server library - # connectionMemory: 64 - ## maximum number of simultaneous connections - # maxConnections: 1020 - ## size of thread pool for incoming connections - # reqPoolSize: 0 - ## max allowed size for incoming requests payloads, in bytes - # inReqPayloadMaxSize: 1024 - ## max allowed total size for request outgoing message, in bytes - # outReqMsgMaxSize: 8192 - ## allows to select notification mode, either: transient, permanent or threadpool:q:n - # notificationMode: transient - ## enables flow control mechanism - ## ref: https://fiware-orion.readthedocs.io/en/master/admin/perf_tuning/index.html#updates-flow-control-mechanism - # notificationFlowControl: - ## notifications are not sent, but recorded internally and shown in the statistics operation. only for debbuging - # simulatedNotification: false - ## disabled NGSIv2 custom notifications - # disableCustomNotifications: - ## allow HTTPS notifications to peers which certificate cannot be authenticated with known CA certificates - # insecureNotifEnabled: false - ## enables multiservice/multitenant mode - ## ref: https://fiware-orion.readthedocs.io/en/master/user/multitenancy/index.html - # multiserviceEnabled: true - ## enables forwarding for the ld endpoint - # forwardingEnabled: true - ## folder holding cached context's - cachedContextFolder: "/opt/orion/ldcontexts" - - ## logging configuration of the orion broker - logging: - # -- log level of the broker - level: "WARN" - ## specifies the initial trace levels for logging - # trace: 70 - ## log summary period in seconds - # summaryPeriod: 0 - ## to see every possible alarm-provoking failure in the log-file, even when an alarm is already active - # relogAlarms: false - ## to make the traces to standard out formated for humans - # forHumans: false - ## log line maximum length - # lineMaxSize: - ## for those log traces at INFO level that print request and/or response payloads, this is the maximum allowed size for those payloads - # infoPayloadMaxSize: - - ## database configuration - db: - # -- configuration of the mongo-db hosts. if multiple hosts are inserted, its assumed that mongo is running as a replica set - hosts: [] - # - mongodb - # -- the db to use. if running in multiservice mode, its used as a prefix. - name: orion - # --user for connecting mongo - # user: - # -- Existing secret to be used for database auth - # existingSecret: - # --name of the secret - # name: - # --key to get the password from - # key: - # -- Database authentication (not needed if MongoDB doesn't use --auth) - # auth: - # -- password to be used on mongo - # password: - # -- the MongoDB authentication mechanism to use in the case user and password is set - # mech: SCRAM-SHA-1 - # -- name of the replicaset - #replicaSet: rs0 - # -- enable SSL in the connection to MongoDB. needs to correspond with the mongoDB setting - # sslEnabled: true - # -- specifies the timeout in milliseconds for connections to the replica set - # timeout: - # -- database connection pool - # poolSize: 10 - # -- write concern for MongoDB write operations: acknowledged (1) or unacknowledged (0) - # writeConcern: 1 - - ## configratuion of orion metrics - metrics: - # -- enable or disable metrics gathering - enabled: "false" - # -- see statistics documentation for the following configurations - #ref: https://fiware-orion.readthedocs.io/en/master/admin/statistics/index.html - # statCountersEnabled: true - # statSemWaitEnabled: true - # statTimingEnabled: true - # statNotifQueueEnabled: true - -## Configuration for embedding mongodb into the chart. Do not use this in production. -mongo: - # -- should mongodb be enabled - enabled: true - ## configuration for the mongo image to be used - image: - # -- pull policy to be used for mongo - pullPolicy: IfNotPresent - # -- mongo image name - repository: quay.io/opencloudio/ibm-mongodb - # -- version of mongo - tag: 4.0.24 - # -- port to make mongo accessible at - port: 27017 diff --git a/charts/partners/fiware/orion-ld/OWNERS b/charts/partners/fiware/orion-ld/OWNERS deleted file mode 100644 index 08a12590d6..0000000000 --- a/charts/partners/fiware/orion-ld/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: orion-ld - shortDescription: Context Broker and CEF building block for context data management - which supports both the NGSI-LD and the NGSI-v2 APIs. -publicPgpKey: null -users: -- githubUsername: wistefan -vendor: - label: fiware - name: FIWARE FOUNDATION E V diff --git a/charts/partners/fiware/orion/OWNERS b/charts/partners/fiware/orion/OWNERS deleted file mode 100644 index 22e8f4627f..0000000000 --- a/charts/partners/fiware/orion/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: orion - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: fiware - name: FIWARE FOUNDATION E V diff --git a/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/flomesh-console-0.70.0-30-ubi8.tgz b/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/flomesh-console-0.70.0-30-ubi8.tgz deleted file mode 100644 index daba1be6c1..0000000000 Binary files a/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/flomesh-console-0.70.0-30-ubi8.tgz and /dev/null differ diff --git a/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/report.yaml b/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/report.yaml deleted file mode 100644 index 69ba3cf199..0000000000 --- a/charts/partners/flomesh/flomesh-console/0.70.0-30-ubi8/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://flomesh-io.github.io/helm-charts/flomesh-console-0.70.0-30-ubi8.tgz - digests: - chart: sha256:285ad867162027142c056417a3c303867d3f8592c59822577af08f4cdd9b56ec - package: 5b1c8194f7c932aebcc7909b629e6d821fa5ef719ee587a233275cfcb636492b - lastCertifiedTimestamp: "2022-12-08T08:59:42.572296+08:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: flomesh-console - home: "" - sources: [] - version: 0.70.0-30-ubi8 - description: A Helm chart to install flomesh-console on Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.70.0-30-ubi8 - deprecated: false - annotations: - charts.openshift.io/name: flomesh-console - kubeversion: '>= 1.19' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/flomesh/flomesh-console-ubi8:0.70.0-30 - Image is Red Hat certified : quay.io/flomesh/pipy-repo-ubi8:0.70.0-46 - Image is Red Hat certified : quay.io/flomesh/curl-ubi8:7.84.0 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/flomesh/flomesh-console/OWNERS b/charts/partners/flomesh/flomesh-console/OWNERS deleted file mode 100644 index 7a9a2aae3a..0000000000 --- a/charts/partners/flomesh/flomesh-console/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: flomesh-console - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: nixff -vendor: - label: flomesh - name: Flomesh diff --git a/charts/partners/flomesh/fsm/0.1.8-ubi.6/fsm-0.1.8-ubi.6.tgz b/charts/partners/flomesh/fsm/0.1.8-ubi.6/fsm-0.1.8-ubi.6.tgz deleted file mode 100644 index d8e4cf06c3..0000000000 Binary files a/charts/partners/flomesh/fsm/0.1.8-ubi.6/fsm-0.1.8-ubi.6.tgz and /dev/null differ diff --git a/charts/partners/flomesh/fsm/0.1.8-ubi.6/report.yaml b/charts/partners/flomesh/fsm/0.1.8-ubi.6/report.yaml deleted file mode 100644 index d3bb6134b5..0000000000 --- a/charts/partners/flomesh/fsm/0.1.8-ubi.6/report.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://raw.githubusercontent.com/flomesh-io/fsm/gh-pages/fsm-0.1.8-ubi.6.tgz - digests: - chart: sha256:00a7e7d10e098d226b2eaac68e2e51c9468afa2f9a9de9a96991ae94a52400be - package: e39d34fafd4642cab84e127bdb0f2ac5056ed55348f5f5314a7abbcda8edd16e - lastCertifiedTimestamp: "2022-12-05T15:47:16.440983+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: fsm - home: https://flomesh.io - sources: - - https://github.com/flomesh-io/fsm - - https://github.com/flomesh-io/pipy - version: 0.1.8-ubi.6 - description: A Helm chart to install the FSM(Flomesh Service Mesh) on Kubernetes - keywords: - - kubernetes - - helm - - service mesh - - ingress - - gateway api - - olm - - traffic management - - pipy - - sidecar - - proxy - maintainers: - - name: Eric - email: reaver@flomesh.io - url: "" - icon: https://charts.flomesh.io/flomesh.png - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.8-ubi.6 - deprecated: false - annotations: - artifacthub.io/changes: "- kind: added\n description: Support SNI\n- kind: added\n description: Support per namespace TLS config for NamespacedIngress\n- kind: added\n description: Add POD annotations to NamespacedIngress CRD\n- kind: added\n description: Make the upstream SSL port of SNI is configurable \n- kind: changed\n description: Re-structure the values.yaml of fsm chart\n- kind: changed\n description: Speed up the startup time\n- kind: changed\n description: Add prefix fsm- to fsm resources\n- kind: fixed\n description: Handle empty server names in case SNI is enabled\n" - artifacthub.io/links: |- - - name: source - url: https://github.com/flomesh-io/fsm - - name: support - url: https://github.com/flomesh-io/fsm/issues - charts.openshift.io/name: fsm - kubeversion: '>= 1.19.0-0' - dependencies: - - name: tpls - version: 0.1.1 - repository: file://../tpls - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cert-manager - version: 1.7.2 - repository: https://charts.jetstack.io - condition: certManager.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/flomesh/curl-ubi8:7.84.0 - Image is Red Hat certified : quay.io/flomesh/fsm-ingress-pipy-ubi8:0.1.8-ubi.6 - Image is Red Hat certified : quay.io/flomesh/fsm-manager-ubi8:0.1.8-ubi.6 - Image is Red Hat certified : quay.io/flomesh/pipy-ubi8:0.50.0-88 - Image is Red Hat certified : quay.io/flomesh/toolbox-ubi8:1.2.0 - Image is Red Hat certified : quay.io/flomesh/fsm-bootstrap-ubi8:0.1.8-ubi.6 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/flomesh/fsm/OWNERS b/charts/partners/flomesh/fsm/OWNERS deleted file mode 100644 index bfa19f0db1..0000000000 --- a/charts/partners/flomesh/fsm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: fsm - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: reaver-flomesh -vendor: - label: flomesh - name: Flomesh diff --git a/charts/partners/flomesh/osm-edge/1.2.1-ubi8/osm-edge-1.2.1-ubi8.tgz b/charts/partners/flomesh/osm-edge/1.2.1-ubi8/osm-edge-1.2.1-ubi8.tgz deleted file mode 100644 index e9dcf11653..0000000000 Binary files a/charts/partners/flomesh/osm-edge/1.2.1-ubi8/osm-edge-1.2.1-ubi8.tgz and /dev/null differ diff --git a/charts/partners/flomesh/osm-edge/1.2.1-ubi8/report.yaml b/charts/partners/flomesh/osm-edge/1.2.1-ubi8/report.yaml deleted file mode 100644 index d203b57568..0000000000 --- a/charts/partners/flomesh/osm-edge/1.2.1-ubi8/report.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:4656182607880618141 - chart-uri: https://flomesh-io.github.io/osm-edge/osm-edge-1.2.1-ubi8.tgz - digests: - chart: sha256:d83f822d56f8c4d745edc6b95d974956c49e597a20b9ea5467e9af2228153688 - package: a73ed31b8162fc88dc532b20ec317a8885d2a67e1378e69c22b159c62641b90e - lastCertifiedTimestamp: "2022-12-06T16:06:40.631021+08:00" - testedOpenShiftVersion: "4.7" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: osm-edge - home: https://flomesh.io - sources: - - https://github.com/flomesh-io/osm-edge - version: 1.2.1-ubi8 - description: A Helm chart to install the osm-edge control plane on Kubernetes - keywords: - - kubernetes - - helm - - service mesh - - ingress - - egress - - traffic management - - osm - - pipy - - sidecar - - proxy - maintainers: - - name: Cybwan - email: baili@flomesh.io - url: "" - icon: https://charts.flomesh.io/flomesh.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.2.1-ubi8 - deprecated: false - annotations: - charts.openshift.io/name: osm-edge - kubeversion: '>= 1.19.0-0' - dependencies: - - name: contour - version: 8.0.4 - repository: https://charts.bitnami.com/bitnami - condition: contour.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: fsm - version: 0.1.8-ubi.6 - repository: https://charts.flomesh.io - condition: fsm.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/flomesh/osm-edge-bootstrap-ubi8:1.2.1 - Image is Red Hat certified : quay.io/flomesh/curl-ubi8:7.84.0 - Image is Red Hat certified : quay.io/flomesh/pipy-ubi8:0.70.0-46 - Image is Red Hat certified : quay.io/flomesh/osm-edge-controller-ubi8:1.2.1 - Image is Red Hat certified : quay.io/flomesh/osm-edge-injector-ubi8:1.2.1 - Image is Red Hat certified : quay.io/flomesh/osm-edge-crds-ubi8:1.2.1 - Image is Red Hat certified : quay.io/flomesh/osm-edge-preinstall-ubi8:1.2.1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/flomesh/osm-edge/OWNERS b/charts/partners/flomesh/osm-edge/OWNERS deleted file mode 100644 index 8f8e08737b..0000000000 --- a/charts/partners/flomesh/osm-edge/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: osm-edge - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: cybwan -vendor: - label: flomesh - name: Flomesh diff --git a/charts/partners/flomesh/osm/OWNERS b/charts/partners/flomesh/osm/OWNERS deleted file mode 100644 index c6e86a9bf9..0000000000 --- a/charts/partners/flomesh/osm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: osm - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: cybwan -vendor: - label: flomesh - name: Flomesh diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/report.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/report.yaml deleted file mode 100644 index 06a80239b5..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/report.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 0.0.1 - profile: - VendorType: partner - version: v1.0 - chart-uri: /charts/src - digest: sha256:492efc99f1c44f9a854b916859732a067bb1500795856b97f890cd1e0b672ffc - digests: - chart: sha256:492efc99f1c44f9a854b916859732a067bb1500795856b97f890cd1e0b672ffc - lastCertifiedTimestamp: "2021-08-11T08:00:19.068501+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: dsm-secrets-injector-chart - home: "" - sources: [] - version: "2.0" - description: "" - keywords: [] - maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "1.0" - deprecated: false - annotations: {} - kubeversion: '>= 1.16.0 < 1.22.0' - dependencies: - - name: fortanix-cert-setup - version: "1.1" - repository: file://cert-setup - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/ubi7/ubi-minimal:7.9 - Image is Red Hat certified : registry.hub.docker.com/fortanix/k8s-sdkms-secrets-injector:ubi7-2.0 - Image is Red Hat certified : registry.hub.docker.com/fortanix/k8s-sdkms-cert-setup:ubi7-1.1 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.lock b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.lock deleted file mode 100644 index 1d9509e29c..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: fortanix-cert-setup - repository: file://cert-setup - version: "1.1" -digest: sha256:07a87ec9e979541d13257c8bb24ebdcfaf3c840c5c1f02dc5061c0ccd395461f -generated: "2021-08-11T11:23:04.320866317+05:30" diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.yaml deleted file mode 100644 index f64a9b9a23..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: dsm-secrets-injector-chart -version: "2.0" -appVersion: "1.0" -apiVersion: v2 -kubeVersion: ">= 1.16.0 < 1.22.0" -dependencies: # A list of the chart requirements - - name: fortanix-cert-setup - version: 1.1 - repository: file://cert-setup -maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/README.md b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/README.md deleted file mode 100644 index 4a093846d7..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/README.md +++ /dev/null @@ -1,60 +0,0 @@ - -# DSM Secrets Injector Helm Chart v3 - -This repository contains Helm chart for deploying and configuring secrets injection with Fortanix DSM in Kubernetes applications. - -It deploys Mutating Webhook Controller and sidecar container for injecting secrets. - -Note: This chart supports kubernetes version 1.16 and above. - -## Dependency Charts - -* **fortanix-cert-setup** - `cert-setup` folder in this repository - -## Install Chart - -* Install Dependency Chart -````console -$ helm dep up dsm-secrets-injector-chart -```` -* Install dsm-secrets-injector Chart -** Kubernetes cluster -````console -$ helm install dsm-secrets-injector-chart ./dsm-secrets-injector-chart -```` -** OpenShift Cluster -```console -$ -$ helm install dsm-secrets-injector-chart ./dsm-secrets-injector --set global. -## Uninstall chart -* Uninstall dsm-secrets-injector-chart -````console -$ helm delete dsm-secrets-injector-chart -```` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following tables lists the configurable parameters of the sdkms-secrets-injection chart and their default values. - -| Parameter | Description | Default | -|----------------------------------|-------------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `global.registry` | Global Docker image registry | `fortanix` | -| `global.namespace` | Global Namespace | `fortanix` | -| `global.service` | Global Kubernetes Service | `fortanix-secrets-injector-svc` | -| `global.serviceAccount` | Service Account for cert TLS | `fortanix-webhook-certs-sa` | -| `global.secret` | Secret containing cert TLS | `fortanix-secrets-injector-certs` | -| `global.caBundle` | Kubernetes API Server CA Certificate pem bytes as base64 string | nil -| `configmap.name` | ConfigMap for Controller configuration | `fortanix-webhook-config` | -| `configmap.authTokenType` | Authentication Type for Secrets-Injection | `api-key` (can be set as `jwt` or `api-key`) | -| `configmap.secretAgent.imageName` | Image name for Secret Agent Image | `k8s-sdkms-secret-agent` | -| `configmap.secretAgent.tag` | Image tag for Secret Agent Image | `"1.0"` -| `configmap.tokenVolumeProjection.audience` | The audience of the Service Account JWT token. This should be same as SDKMS endpoint. e.g. https://sdkms.fortanix.com. Applies only if `jwt`type of authentication is set | nil -| `configmap.tokenVolumeProjection.expirationSeconds` | The expiration period of the Service Account JWT token (in seconds). Applies only if `jwt`type of authentication is set | `3600` -| `replicas` | Number of replicas of the Secrets Injector deployment | `1` | -| `image.name` | Secrets Injector Image Name | `k8s-sdkms-secrets-injector` | -| `image.tag` | Secrets Injector Image Tag | `"1.0"` | -| `image.pullPolicy` | Secrets Injector Image Pull Policy | `IfNotPresent` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/.helmignore b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/Chart.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/Chart.yaml deleted file mode 100644 index 7282a9fe12..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: fortanix-cert-setup -version: 1.1 -appVersion: 1.0 -maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/NOTES.txt b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/NOTES.txt deleted file mode 100644 index 98e038454d..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Job to create TLS certificates using Kubernetes apiserver has been deployed successfully. - -Generated TLS certificates are stored in secret. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/_helpers.tpl b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/_helpers.tpl deleted file mode 100644 index aa8f76975f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/_helpers.tpl +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "fortanix-cert-setup.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-cert-setup.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-cert-setup.image" -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" .Values.global.registry .Values.image.name $tag -}} -{{- end -}} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role-bindings.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role-bindings.yaml deleted file mode 100644 index 0450ed44c4..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role-bindings.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.clusterRoleBindings }} - namespace: {{ .Values.global.namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.clusterRole }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role.yaml deleted file mode 100644 index f04495eb49..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/cluster-role.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Values.clusterRole }} - namespace: {{ .Values.global.namespace }} -rules: - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "certificatesigningrequests" ] - verbs: [ "get", "create", "delete", "list", "watch" ] - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "certificatesigningrequests/approval" ] - verbs: [ "update" ] - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "signers" ] - resourceNames: [ "kubernetes.io/*" ] - verbs: [ "approve" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch", "update" ] - - apiGroups: [ "" ] - resources: [ "configmaps" ] - verbs: [ "get" ] diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/job.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/job.yaml deleted file mode 100644 index 67f4e509df..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/job.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "fortanix-cert-setup.name" . }} - namespace: {{ .Values.global.namespace }} -spec: - template: - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ include "fortanix-cert-setup.name" . }} - image: {{ include "fortanix-cert-setup.image" . }} - args: - - "-n" - - {{ .Values.global.namespace }} - - "-s" - - {{ .Values.global.service }} - - "-p" - - {{ .Values.global.secret }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - restartPolicy: Never - backoffLimit: 4 - diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/namespace.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/namespace.yaml deleted file mode 100644 index 639981d450..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.global.namespace }} \ No newline at end of file diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/service-account.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/service-account.yaml deleted file mode 100644 index c9d8786495..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/templates/service-account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/values.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/values.yaml deleted file mode 100644 index 64f5b39ccc..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/cert-setup/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Default values for fortanix-cert-setup. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -clusterRole: fortanix-webhook-cert-sa-cluster-role - -clusterRoleBindings: fortanix-webhook-cert-sa-role-binding - -image: - name: k8s-sdkms-cert-setup - tag: "ubi7-1.1" - pullPolicy: IfNotPresent - -serviceAccount: fortanix-sa - - - - - diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/charts/fortanix-cert-setup-1.1.tgz b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/charts/fortanix-cert-setup-1.1.tgz deleted file mode 100644 index 02ff6a594b..0000000000 Binary files a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/charts/fortanix-cert-setup-1.1.tgz and /dev/null differ diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/NOTES.txt b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/NOTES.txt deleted file mode 100644 index ccd3c8b72f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -kubernetes Integration with Fortanix SDKMS has been deployed successfully. - -Follow the guide to setup your application and inject secrets from SDKMS into your application on Kubernetes. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/_helpers.tpl b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/_helpers.tpl deleted file mode 100644 index b7b070cd6d..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "fortanix-secrets-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-secrets-injector.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-secrets-injector.image" -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" .Values.global.registry .Values.image.name $tag -}} -{{- end -}} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/mutating-webhook.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/mutating-webhook.yaml deleted file mode 100644 index a737c4ff07..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/mutating-webhook.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "fortanix-secrets-injector.name" . }} - namespace: {{ .Values.global.namespace }} -{{ if not .Values.global.caBundle }} - annotations: - cert-manager.io/inject-apiserver-ca: "true" -{{ end }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -webhooks: - - name: secrets-injector.fortanix.com - admissionReviewVersions: ["v1"] - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: [ "CREATE" ] - resources: ["pods"] - scope: "Namespaced" - namespaceSelector: - matchLabels: - fortanix-secrets-injector: enabled - clientConfig: -{{ if .Values.global.caBundle }} - caBundle: {{ .Values.global.caBundle | quote }} -{{ end }} - service: - name: {{ .Values.global.service }} - namespace: {{ .Values.global.namespace }} - path: "/mutate-pod" - sideEffects: None diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-configmap.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-configmap.yaml deleted file mode 100644 index 4b26c3e4c1..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.configmap.name }} - namespace: {{ .Values.global.namespace }} -data: - controller-config.yaml: | - authTokenType: {{ .Values.configmap.authTokenType }} # acceptable values: `api-key`, `jwt`. - secretAgentImage: {{ .Values.global.registry }}/{{ .Values.configmap.secretAgent.imageName }}:{{ .Values.configmap.secretAgent.tag }} - proxySettings: - #httpProxy: 'http://example.com' - #httpsProxy: 'https://example.com' - #noProxy: '*.example.com,1.2.3.4' - # the following values are set only if authTokenType is set to 'jwt' -{{ if eq .Values.configmap.authTokenType "jwt" }} - tokenVolumeProjection: - addToAllPods: true - audience: {{ .Values.configmap.tokenVolumeProjection.audience }} - expirationSeconds: {{ .Values.configmap.tokenVolumeProjection.expirationSeconds | default "3600" }} -{{ end }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-injector-deployment.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-injector-deployment.yaml deleted file mode 100644 index 9547f43ba0..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/sidecar-injector-deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "fortanix-secrets-injector.name" . }} - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -spec: - selector: - matchLabels: - app: {{ include "fortanix-secrets-injector.name" . }} - replicas: {{ .Values.replicas }} - template: - metadata: - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - #automountServiceAccountToken: false - containers: - - name: {{ include "fortanix-secrets-injector.name" . }} - image: {{include "fortanix-secrets-injector.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -port=8443 - - -certFile=/opt/fortanix/certs/cert.pem - - -keyFile=/opt/fortanix/certs/key.pem - - -config=/opt/fortanix/controller-config.yaml - - 2>&1 - volumeMounts: - - name: {{ .Values.global.secret }} - mountPath: /opt/fortanix/certs - readOnly: true - - name: {{ .Values.configmap.name }} - mountPath: /opt/fortanix - volumes: - - name: {{ .Values.global.secret }} - secret: - secretName: {{ .Values.global.secret }} - - name: {{ .Values.configmap.name }} - configMap: - name: {{ .Values.configmap.name }} - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.global.service }} - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -spec: - ports: - - port: 443 - targetPort: 8443 - selector: - app: {{ include "fortanix-secrets-injector.name" . }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/tests/test-controller.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/tests/test-controller.yaml deleted file mode 100644 index 8d4002757b..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/templates/tests/test-controller.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "controller-test-connection" - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: netcat - image: registry.access.redhat.com/ubi7/ubi-minimal:7.9 - command: ['sh', '-c', 'microdnf install nc && nc -zv fortanix-secrets-injector-svc.fortanix.svc 443'] - restartPolicy: Never diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.schema.json b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.schema.json deleted file mode 100644 index 86ed2ceba3..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.schema.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "required": [ - "global", - "configmap", - "serviceAccount", - "replicas", - "image" - ], - "properties": { - "global": { - "type": "object", - "required": [ - "namespace", - "serviceAccount", - "service", - "secret", - "registry" - ], - "properties": { - "namespace": { - "type": "string" - }, - "serviceAccount": { - "type": "string" - }, - "service": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "registry": { - "type": "string" - }, - "caBundle": { - "type": "string" - } - } - }, - "configmap": { - "type": "object", - "required": [ - "name", - "authTokenType", - "secretAgent" - ], - "properties": { - "name": { - "type": "string" - }, - "authTokenType": { - "type": "string", - "pattern": "^(api-key|jwt)$" - }, - "secretAgent": { - "type": "object", - "required": [ - "imageName", - "tag" - ], - "properties": { - "imageName": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "tokenVolumeProjection": { - "type": "object", - "required": [ - "audience" - ], - "properties": { - "audience": { - "type": "string" - }, - "expirationSeconds": { - "type": "integer" - } - } - } - } - }, - "serviceAccount": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "image": { - "type": "object", - "required": [ - "name", - "tag", - "pullPolicy" - ], - "properties": { - "name": { - "type": "string" - }, - "tag": { - "type": "string" - }, - "pullPolicy": { - "type": "string", - "pattern": "^(IfNotPresent|Always|Never)+$" - } - } - } - } -} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.yaml deleted file mode 100644 index e1dd9a3b37..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.0/src/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Default values for fortanix-secrets-injector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - - -global: - namespace: fortanix - serviceAccount: fortanix-webhook-certs-sa - service: fortanix-secrets-injector-svc - secret: fortanix-secrets-injector-certs - registry: registry.hub.docker.com/fortanix -# caBundle: "LS0tLS1CRUdJ ..... VEUtLS0tLQo=" - -configmap: - name: fortanix-webhook-config - authTokenType: api-key - secretAgent: - imageName: k8s-sdkms-secret-agent - tag: "ubi7-1.1" -# (Optional) applies only if authTokenType: jwt -# tokenVolumeProjection: -# audience: https://sdkms.fortanix.com -# expirationSeconds: 3600 - -serviceAccount: fortanix -replicas: 1 -image: - name: k8s-sdkms-secrets-injector - tag: "ubi7-2.0" - pullPolicy: IfNotPresent diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/report.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/report.yaml deleted file mode 100644 index 6d4520f293..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/report.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 0.0.1 - profile: - VendorType: partner - version: v1.0 - chart-uri: /charts/src - digest: sha256:a0969bf498847f6ed19b4b35dc30a7ac4183640a105d86ac37c1c8032fb2226a - digests: - chart: sha256:a0969bf498847f6ed19b4b35dc30a7ac4183640a105d86ac37c1c8032fb2226a - lastCertifiedTimestamp: "2021-09-06T13:35:02.516167+00:00" - certifiedOpenShiftVersions: 4.6.0 - chart: - name: dsm-secrets-injector-chart - home: "" - sources: [] - version: 2.2-4.6 - description: "" - keywords: [] - maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "1.0" - deprecated: false - annotations: {} - kubeversion: '>= 1.16.0 < 1.22.0' - dependencies: - - name: fortanix-cert-setup - version: "1.1" - repository: file://cert-setup - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.hub.docker.com/fortanix/k8s-sdkms-secrets-injector:ubi7-2.2 - Image is Red Hat certified : registry.hub.docker.com/fortanix/k8s-sdkms-cert-setup:ubi7-1.1 - Image is Red Hat certified : registry.access.redhat.com/ubi7/ubi-minimal:7.9 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.lock b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.lock deleted file mode 100644 index 1d9509e29c..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: fortanix-cert-setup - repository: file://cert-setup - version: "1.1" -digest: sha256:07a87ec9e979541d13257c8bb24ebdcfaf3c840c5c1f02dc5061c0ccd395461f -generated: "2021-08-11T11:23:04.320866317+05:30" diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.yaml deleted file mode 100644 index e808482dd1..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -name: dsm-secrets-injector-chart -version: "2.2-4.6" -appVersion: "1.0" -apiVersion: v2 -kubeVersion: ">= 1.16.0 < 1.22.0" -dependencies: # A list of the chart requirements - - name: fortanix-cert-setup - version: 1.1 - repository: file://cert-setup -maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/README.md b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/README.md deleted file mode 100644 index 4a093846d7..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/README.md +++ /dev/null @@ -1,60 +0,0 @@ - -# DSM Secrets Injector Helm Chart v3 - -This repository contains Helm chart for deploying and configuring secrets injection with Fortanix DSM in Kubernetes applications. - -It deploys Mutating Webhook Controller and sidecar container for injecting secrets. - -Note: This chart supports kubernetes version 1.16 and above. - -## Dependency Charts - -* **fortanix-cert-setup** - `cert-setup` folder in this repository - -## Install Chart - -* Install Dependency Chart -````console -$ helm dep up dsm-secrets-injector-chart -```` -* Install dsm-secrets-injector Chart -** Kubernetes cluster -````console -$ helm install dsm-secrets-injector-chart ./dsm-secrets-injector-chart -```` -** OpenShift Cluster -```console -$ -$ helm install dsm-secrets-injector-chart ./dsm-secrets-injector --set global. -## Uninstall chart -* Uninstall dsm-secrets-injector-chart -````console -$ helm delete dsm-secrets-injector-chart -```` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following tables lists the configurable parameters of the sdkms-secrets-injection chart and their default values. - -| Parameter | Description | Default | -|----------------------------------|-------------------------------------------------------------------------------------------|--------------------------------------------------------------| -| `global.registry` | Global Docker image registry | `fortanix` | -| `global.namespace` | Global Namespace | `fortanix` | -| `global.service` | Global Kubernetes Service | `fortanix-secrets-injector-svc` | -| `global.serviceAccount` | Service Account for cert TLS | `fortanix-webhook-certs-sa` | -| `global.secret` | Secret containing cert TLS | `fortanix-secrets-injector-certs` | -| `global.caBundle` | Kubernetes API Server CA Certificate pem bytes as base64 string | nil -| `configmap.name` | ConfigMap for Controller configuration | `fortanix-webhook-config` | -| `configmap.authTokenType` | Authentication Type for Secrets-Injection | `api-key` (can be set as `jwt` or `api-key`) | -| `configmap.secretAgent.imageName` | Image name for Secret Agent Image | `k8s-sdkms-secret-agent` | -| `configmap.secretAgent.tag` | Image tag for Secret Agent Image | `"1.0"` -| `configmap.tokenVolumeProjection.audience` | The audience of the Service Account JWT token. This should be same as SDKMS endpoint. e.g. https://sdkms.fortanix.com. Applies only if `jwt`type of authentication is set | nil -| `configmap.tokenVolumeProjection.expirationSeconds` | The expiration period of the Service Account JWT token (in seconds). Applies only if `jwt`type of authentication is set | `3600` -| `replicas` | Number of replicas of the Secrets Injector deployment | `1` | -| `image.name` | Secrets Injector Image Name | `k8s-sdkms-secrets-injector` | -| `image.tag` | Secrets Injector Image Tag | `"1.0"` | -| `image.pullPolicy` | Secrets Injector Image Pull Policy | `IfNotPresent` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/.helmignore b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/Chart.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/Chart.yaml deleted file mode 100644 index 7282a9fe12..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: fortanix-cert-setup -version: 1.1 -appVersion: 1.0 -maintainers: - - name: Aman Ahuja - email: aman.ahuja@fortanix.com diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/NOTES.txt b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/NOTES.txt deleted file mode 100644 index 98e038454d..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -Job to create TLS certificates using Kubernetes apiserver has been deployed successfully. - -Generated TLS certificates are stored in secret. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/_helpers.tpl b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/_helpers.tpl deleted file mode 100644 index aa8f76975f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/_helpers.tpl +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "fortanix-cert-setup.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-cert-setup.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-cert-setup.image" -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" .Values.global.registry .Values.image.name $tag -}} -{{- end -}} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role-bindings.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role-bindings.yaml deleted file mode 100644 index 0450ed44c4..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role-bindings.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.clusterRoleBindings }} - namespace: {{ .Values.global.namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.clusterRole }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role.yaml deleted file mode 100644 index f04495eb49..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/cluster-role.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Values.clusterRole }} - namespace: {{ .Values.global.namespace }} -rules: - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "certificatesigningrequests" ] - verbs: [ "get", "create", "delete", "list", "watch" ] - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "certificatesigningrequests/approval" ] - verbs: [ "update" ] - - apiGroups: [ "certificates.k8s.io" ] - resources: [ "signers" ] - resourceNames: [ "kubernetes.io/*" ] - verbs: [ "approve" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "create", "get", "patch", "update" ] - - apiGroups: [ "" ] - resources: [ "configmaps" ] - verbs: [ "get" ] diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/job.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/job.yaml deleted file mode 100644 index 67f4e509df..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/job.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "fortanix-cert-setup.name" . }} - namespace: {{ .Values.global.namespace }} -spec: - template: - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ include "fortanix-cert-setup.name" . }} - image: {{ include "fortanix-cert-setup.image" . }} - args: - - "-n" - - {{ .Values.global.namespace }} - - "-s" - - {{ .Values.global.service }} - - "-p" - - {{ .Values.global.secret }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - restartPolicy: Never - backoffLimit: 4 - diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/namespace.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/namespace.yaml deleted file mode 100644 index 639981d450..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.global.namespace }} \ No newline at end of file diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/service-account.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/service-account.yaml deleted file mode 100644 index c9d8786495..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/templates/service-account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/values.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/values.yaml deleted file mode 100644 index 64f5b39ccc..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/cert-setup/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Default values for fortanix-cert-setup. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -clusterRole: fortanix-webhook-cert-sa-cluster-role - -clusterRoleBindings: fortanix-webhook-cert-sa-role-binding - -image: - name: k8s-sdkms-cert-setup - tag: "ubi7-1.1" - pullPolicy: IfNotPresent - -serviceAccount: fortanix-sa - - - - - diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/charts/fortanix-cert-setup-1.1.tgz b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/charts/fortanix-cert-setup-1.1.tgz deleted file mode 100644 index 02ff6a594b..0000000000 Binary files a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/charts/fortanix-cert-setup-1.1.tgz and /dev/null differ diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/NOTES.txt b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/NOTES.txt deleted file mode 100644 index ccd3c8b72f..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -kubernetes Integration with Fortanix SDKMS has been deployed successfully. - -Follow the guide to setup your application and inject secrets from SDKMS into your application on Kubernetes. diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/_helpers.tpl b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/_helpers.tpl deleted file mode 100644 index b7b070cd6d..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/_helpers.tpl +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "fortanix-secrets-injector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-secrets-injector.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fortanix-secrets-injector.image" -}} -{{- $tag := .Values.image.tag | toString -}} -{{- printf "%s/%s:%s" .Values.global.registry .Values.image.name $tag -}} -{{- end -}} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/mutating-webhook.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/mutating-webhook.yaml deleted file mode 100644 index a737c4ff07..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/mutating-webhook.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ include "fortanix-secrets-injector.name" . }} - namespace: {{ .Values.global.namespace }} -{{ if not .Values.global.caBundle }} - annotations: - cert-manager.io/inject-apiserver-ca: "true" -{{ end }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -webhooks: - - name: secrets-injector.fortanix.com - admissionReviewVersions: ["v1"] - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: [ "CREATE" ] - resources: ["pods"] - scope: "Namespaced" - namespaceSelector: - matchLabels: - fortanix-secrets-injector: enabled - clientConfig: -{{ if .Values.global.caBundle }} - caBundle: {{ .Values.global.caBundle | quote }} -{{ end }} - service: - name: {{ .Values.global.service }} - namespace: {{ .Values.global.namespace }} - path: "/mutate-pod" - sideEffects: None diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-configmap.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-configmap.yaml deleted file mode 100644 index 4b26c3e4c1..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.configmap.name }} - namespace: {{ .Values.global.namespace }} -data: - controller-config.yaml: | - authTokenType: {{ .Values.configmap.authTokenType }} # acceptable values: `api-key`, `jwt`. - secretAgentImage: {{ .Values.global.registry }}/{{ .Values.configmap.secretAgent.imageName }}:{{ .Values.configmap.secretAgent.tag }} - proxySettings: - #httpProxy: 'http://example.com' - #httpsProxy: 'https://example.com' - #noProxy: '*.example.com,1.2.3.4' - # the following values are set only if authTokenType is set to 'jwt' -{{ if eq .Values.configmap.authTokenType "jwt" }} - tokenVolumeProjection: - addToAllPods: true - audience: {{ .Values.configmap.tokenVolumeProjection.audience }} - expirationSeconds: {{ .Values.configmap.tokenVolumeProjection.expirationSeconds | default "3600" }} -{{ end }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-injector-deployment.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-injector-deployment.yaml deleted file mode 100644 index 9547f43ba0..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/sidecar-injector-deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Values.global.namespace }} - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "fortanix-secrets-injector.name" . }} - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -spec: - selector: - matchLabels: - app: {{ include "fortanix-secrets-injector.name" . }} - replicas: {{ .Values.replicas }} - template: - metadata: - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - #automountServiceAccountToken: false - containers: - - name: {{ include "fortanix-secrets-injector.name" . }} - image: {{include "fortanix-secrets-injector.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - -port=8443 - - -certFile=/opt/fortanix/certs/cert.pem - - -keyFile=/opt/fortanix/certs/key.pem - - -config=/opt/fortanix/controller-config.yaml - - 2>&1 - volumeMounts: - - name: {{ .Values.global.secret }} - mountPath: /opt/fortanix/certs - readOnly: true - - name: {{ .Values.configmap.name }} - mountPath: /opt/fortanix - volumes: - - name: {{ .Values.global.secret }} - secret: - secretName: {{ .Values.global.secret }} - - name: {{ .Values.configmap.name }} - configMap: - name: {{ .Values.configmap.name }} - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.global.service }} - namespace: {{ .Values.global.namespace }} - labels: - app: {{ include "fortanix-secrets-injector.name" . }} -spec: - ports: - - port: 443 - targetPort: 8443 - selector: - app: {{ include "fortanix-secrets-injector.name" . }} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/tests/test-controller.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/tests/test-controller.yaml deleted file mode 100644 index 8d4002757b..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/templates/tests/test-controller.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "controller-test-connection" - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: netcat - image: registry.access.redhat.com/ubi7/ubi-minimal:7.9 - command: ['sh', '-c', 'microdnf install nc && nc -zv fortanix-secrets-injector-svc.fortanix.svc 443'] - restartPolicy: Never diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.schema.json b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.schema.json deleted file mode 100644 index 86ed2ceba3..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.schema.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "required": [ - "global", - "configmap", - "serviceAccount", - "replicas", - "image" - ], - "properties": { - "global": { - "type": "object", - "required": [ - "namespace", - "serviceAccount", - "service", - "secret", - "registry" - ], - "properties": { - "namespace": { - "type": "string" - }, - "serviceAccount": { - "type": "string" - }, - "service": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "registry": { - "type": "string" - }, - "caBundle": { - "type": "string" - } - } - }, - "configmap": { - "type": "object", - "required": [ - "name", - "authTokenType", - "secretAgent" - ], - "properties": { - "name": { - "type": "string" - }, - "authTokenType": { - "type": "string", - "pattern": "^(api-key|jwt)$" - }, - "secretAgent": { - "type": "object", - "required": [ - "imageName", - "tag" - ], - "properties": { - "imageName": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "tokenVolumeProjection": { - "type": "object", - "required": [ - "audience" - ], - "properties": { - "audience": { - "type": "string" - }, - "expirationSeconds": { - "type": "integer" - } - } - } - } - }, - "serviceAccount": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "image": { - "type": "object", - "required": [ - "name", - "tag", - "pullPolicy" - ], - "properties": { - "name": { - "type": "string" - }, - "tag": { - "type": "string" - }, - "pullPolicy": { - "type": "string", - "pattern": "^(IfNotPresent|Always|Never)+$" - } - } - } - } -} diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.yaml b/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.yaml deleted file mode 100644 index ba819f8ce0..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/2.2-4.6/src/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Default values for fortanix-secrets-injector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - - -global: - namespace: fortanix - serviceAccount: fortanix-webhook-certs-sa - service: fortanix-secrets-injector-svc - secret: fortanix-secrets-injector-certs - registry: registry.hub.docker.com/fortanix - # caBundle: "LS0tLS1CRUdJ ..... VEUtLS0tLQo=" - -configmap: - name: fortanix-webhook-config - authTokenType: api-key - secretAgent: - imageName: k8s-sdkms-secret-agent - tag: "ubi7-2.2" -# (Optional) applies only if authTokenType: jwt -# tokenVolumeProjection: -# audience: https://sdkms.fortanix.com -# expirationSeconds: 3600 - -serviceAccount: fortanix -replicas: 1 -image: - name: k8s-sdkms-secrets-injector - tag: "ubi7-2.2" - pullPolicy: IfNotPresent diff --git a/charts/partners/fortanix/dsm-secrets-injector-chart/OWNERS b/charts/partners/fortanix/dsm-secrets-injector-chart/OWNERS deleted file mode 100644 index f180496909..0000000000 --- a/charts/partners/fortanix/dsm-secrets-injector-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: dsm-secrets-injector-chart - shortDescription: Helm Charts for Fortanix DSM Secrets Injector -publicPgpKey: null -users: -- githubUsername: frankus0512 -- githubUsername: manasag -vendor: - label: fortanix - name: Fortanix diff --git a/charts/partners/fredco/samplechart/0.1.1/report.yaml b/charts/partners/fredco/samplechart/0.1.1/report.yaml deleted file mode 100644 index 850857ec60..0000000000 --- a/charts/partners/fredco/samplechart/0.1.1/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/ansvu/samplechart/releases/download/samplechart-0.1.1/samplechart-0.1.1.tgz - digests: - chart: sha256:7eb4836e9b39d05743a44320b4b9d057269409fa0605c6c797a960221a63e214 - package: 6823ec50ab88b1cf6970bb1ce0ee696a5d78adec5ce8e7f6640b4d8d44944fb5 - lastCertifiedTimestamp: "2022-07-03T19:10:57.461508+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: samplechart - home: "" - sources: [] - version: 0.1.1 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RedHat Test - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-118:1-42' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/fredco/samplechart/0.1.1/samplechart-0.1.1.tgz b/charts/partners/fredco/samplechart/0.1.1/samplechart-0.1.1.tgz deleted file mode 100755 index 29da2dcdd8..0000000000 Binary files a/charts/partners/fredco/samplechart/0.1.1/samplechart-0.1.1.tgz and /dev/null differ diff --git a/charts/partners/fredco/samplechart/0.1.2/report.yaml b/charts/partners/fredco/samplechart/0.1.2/report.yaml deleted file mode 100644 index 50d6c7e119..0000000000 --- a/charts/partners/fredco/samplechart/0.1.2/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: http://jumpbox.partnerci.bos2.lab/charts/samplechart-0.1.2.tgz - digests: - chart: sha256:4abe3a57dcc5865e006b8165507a06b4f165b282a53afb3060a1ff0733c4f2dd - package: 83770ebbecceabdfe413e37692c89344f8e1c9951fb4be68f083834815c864f2 - lastCertifiedTimestamp: "2022-07-06T01:34:49.552863+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: samplechart - home: "" - sources: [] - version: 0.1.2 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RedHat Test - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-118:1-42' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/fredco/samplechart/0.1.2/samplechart-0.1.2.tgz b/charts/partners/fredco/samplechart/0.1.2/samplechart-0.1.2.tgz deleted file mode 100755 index 899b1221aa..0000000000 Binary files a/charts/partners/fredco/samplechart/0.1.2/samplechart-0.1.2.tgz and /dev/null differ diff --git a/charts/partners/fredco/samplechart/0.1.3/report.yaml b/charts/partners/fredco/samplechart/0.1.3/report.yaml deleted file mode 100644 index f46c57649d..0000000000 --- a/charts/partners/fredco/samplechart/0.1.3/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: http://jumpbox.partnerci.bos2.lab/charts/samplechart-0.1.3.tgz - digests: - chart: sha256:ee1cd21270b6e5d6881ae456557d4143efe3f5ddb0117c87f931489ed31a34fc - package: c147b2b7518d6631892477c881be12ccca5328837050da371317a4ba06177e65 - lastCertifiedTimestamp: "2022-08-29T07:55:59.697791+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: samplechart - home: "" - sources: [] - version: 0.1.3 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RedHat Test - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-118:1-42' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/fredco/samplechart/0.1.3/samplechart-0.1.3.tgz b/charts/partners/fredco/samplechart/0.1.3/samplechart-0.1.3.tgz deleted file mode 100755 index 5c3f1b07ad..0000000000 Binary files a/charts/partners/fredco/samplechart/0.1.3/samplechart-0.1.3.tgz and /dev/null differ diff --git a/charts/partners/fredco/samplechart/OWNERS b/charts/partners/fredco/samplechart/OWNERS deleted file mode 100644 index 5b14b6f0ab..0000000000 --- a/charts/partners/fredco/samplechart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: samplechart - shortDescription: Fredco Samplechart -publicPgpKey: null -users: -- githubUsername: dcicertbot -vendor: - label: fredco - name: Fredco diff --git a/charts/partners/fredco/valid-chart/OWNERS b/charts/partners/fredco/valid-chart/OWNERS deleted file mode 100644 index 4cc7df2e95..0000000000 --- a/charts/partners/fredco/valid-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: valid-chart - shortDescription: valid-helm-chart -publicPgpKey: null -users: -- githubUsername: dcicertbot -vendor: - label: fredco - name: Fredco diff --git a/charts/partners/gigamon/uct/OWNERS b/charts/partners/gigamon/uct/OWNERS deleted file mode 100644 index 80889a4dda..0000000000 --- a/charts/partners/gigamon/uct/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: uct - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: haroonrasheeda -vendor: - label: gigamon - name: Gigamon diff --git a/charts/partners/gitlab/gitlab/OWNERS b/charts/partners/gitlab/gitlab/OWNERS deleted file mode 100644 index a6d6b2e95d..0000000000 --- a/charts/partners/gitlab/gitlab/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: gitlab - shortDescription: null -publicPgpKey: null -users: -- githubUsername: hickey -vendor: - label: gitlab - name: GitLab diff --git a/charts/partners/granulate/sagent/1.0.0-latest/report.yaml b/charts/partners/granulate/sagent/1.0.0-latest/report.yaml deleted file mode 100644 index c3bddd0db3..0000000000 --- a/charts/partners/granulate/sagent/1.0.0-latest/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:15974487247225389833 - chart-uri: https://github.com/Granulate/sagent-helm/releases/download/1.0.0/sagent-1.0.0-latest.tgz - digests: - chart: sha256:972947be3ede8321884a9079de17815ce8ca7a1805aea0bf00c1bf661be67b1b - package: 5955e7fc11e55bbf2edafd9788b773b844fb15626c5ff8ff7a30a6d9034f3a75 - lastCertifiedTimestamp: "2022-12-06T14:51:36.962455+00:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: sagent - home: "" - sources: [] - version: 1.0.0-latest - description: granulate sAgent daemonset helm-chart - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: sagent - kubeversion: '>=1.20' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest - Image is Red Hat certified : quay.io/flomesh/osm-edge-bootstrap-ubi8:1.2.1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - diff --git a/charts/partners/granulate/sagent/1.0.0-latest/sagent-1.0.0-latest.tgz b/charts/partners/granulate/sagent/1.0.0-latest/sagent-1.0.0-latest.tgz deleted file mode 100644 index 01b002255d..0000000000 Binary files a/charts/partners/granulate/sagent/1.0.0-latest/sagent-1.0.0-latest.tgz and /dev/null differ diff --git a/charts/partners/granulate/sagent/OWNERS b/charts/partners/granulate/sagent/OWNERS deleted file mode 100644 index 01f4b80172..0000000000 --- a/charts/partners/granulate/sagent/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: sagent - shortDescription: Granulate sAgent agent -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: shaharshitrit -vendor: - label: granulate - name: Granulate diff --git a/charts/partners/hashicorp/vault/0.12.0/src/.helmignore b/charts/partners/hashicorp/vault/0.12.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.12.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.12.0/src/CHANGELOG.md deleted file mode 100644 index 5b94598358..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/CHANGELOG.md +++ /dev/null @@ -1,271 +0,0 @@ -## Unreleased - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.12.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.12.0/src/CONTRIBUTING.md deleted file mode 100644 index f83d56747a..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `master`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/master/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.12.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.12.0/src/Chart.yaml deleted file mode 100644 index cff24b0144..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.7.2 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.12.0 diff --git a/charts/partners/hashicorp/vault/0.12.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.12.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.12.0/src/Makefile b/charts/partners/hashicorp/vault/0.12.0/src/Makefile deleted file mode 100644 index 1b3020c59f..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.12.0/src/README.md b/charts/partners/hashicorp/vault/0.12.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.12.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.12.0/src/templates/_helpers.tpl deleted file mode 100644 index 505275b919..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,579 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ tpl .Values.server.affinity . | nindent 8 | trim }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ tpl .Values.injector.affinity . | nindent 8 | trim }} - {{ end }} -{{- end -}} - -{{/* -Set's the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{ tpl .Values.server.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{ tpl .Values.injector.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 75bde9a32c..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index aec802140d..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 5dd3553e91..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,177 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index fc4ef16080..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index abe23aabce..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-role.yaml deleted file mode 100644 index e74524ceaa..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["endpoints", "secrets"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index e06d2425ff..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ingress.yaml deleted file mode 100644 index deaa0dd555..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-route.yaml deleted file mode 100644 index 2fccf0263a..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if eq .mode "ha" }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 69232ede89..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,207 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 37819de5c9..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.12.0/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.12.0/src/values.schema.json deleted file mode 100644 index 87130e998e..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/values.schema.json +++ /dev/null @@ -1,789 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": ["null", "string"] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": "string" - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": ["null", "string"] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": "null" - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": "null" - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.12.0/src/values.yaml b/charts/partners/hashicorp/vault/0.12.0/src/values.yaml deleted file mode 100644 index a8d0e0f4d4..0000000000 --- a/charts/partners/hashicorp/vault/0.12.0/src/values.yaml +++ /dev/null @@ -1,700 +0,0 @@ -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader-elector side-car - # will be created so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.10.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.2-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the - # CA that signed the TLS certificate that the webhook serves. This must - # be set if secretName is non-null. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This should be a multi-line string matching the affinity section of a - # PodSpec. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - # nodeSelector labels for injector pod assignment, formatted as a muli-line string. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: | - # beta.kubernetes.io/arch: amd64 - nodeSelector: null - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.2-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - # nodeSelector labels for server pod assignment, formatted as a muli-line string. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: | - # beta.kubernetes.io/arch: amd64 - nodeSelector: null - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.2.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.13.0/src/.helmignore b/charts/partners/hashicorp/vault/0.13.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.13.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.13.0/src/CHANGELOG.md deleted file mode 100644 index 5c58777ac1..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/CHANGELOG.md +++ /dev/null @@ -1,283 +0,0 @@ -## Unreleased - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.13.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.13.0/src/CONTRIBUTING.md deleted file mode 100644 index f83d56747a..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `master`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/master/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.13.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.13.0/src/Chart.yaml deleted file mode 100644 index 11b53ee1d0..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.7.3 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.13.0 diff --git a/charts/partners/hashicorp/vault/0.13.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.13.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.13.0/src/Makefile b/charts/partners/hashicorp/vault/0.13.0/src/Makefile deleted file mode 100644 index 1b3020c59f..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.13.0/src/README.md b/charts/partners/hashicorp/vault/0.13.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.13.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.13.0/src/templates/_helpers.tpl deleted file mode 100644 index 63011d31ed..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,590 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ tpl .Values.server.affinity . | nindent 8 | trim }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ tpl .Values.injector.affinity . | nindent 8 | trim }} - {{ end }} -{{- end -}} - -{{/* -Set's the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{ tpl .Values.server.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{ tpl .Values.injector.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 75bde9a32c..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index aec802140d..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 4756a253d3..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,179 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index fc4ef16080..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index abe23aabce..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-role.yaml deleted file mode 100644 index e74524ceaa..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["endpoints", "secrets"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index e06d2425ff..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ingress.yaml deleted file mode 100644 index deaa0dd555..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-route.yaml deleted file mode 100644 index 2fccf0263a..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if eq .mode "ha" }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 718c9a03ee..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,211 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} - {{- end }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 37819de5c9..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.13.0/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.13.0/src/values.openshift.yaml deleted file mode 100644 index 96198fe9b5..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.10.2-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.3-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.3-ubi" diff --git a/charts/partners/hashicorp/vault/0.13.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.13.0/src/values.schema.json deleted file mode 100644 index db3b806796..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/values.schema.json +++ /dev/null @@ -1,806 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": ["null", "string"] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": "string" - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": ["null", "string"] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.13.0/src/values.yaml b/charts/partners/hashicorp/vault/0.13.0/src/values.yaml deleted file mode 100644 index 2933d49b1b..0000000000 --- a/charts/partners/hashicorp/vault/0.13.0/src/values.yaml +++ /dev/null @@ -1,711 +0,0 @@ -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader-elector side-car - # will be created so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.10.2-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.3-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the - # CA that signed the TLS certificate that the webhook serves. This must - # be set if secretName is non-null. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This should be a multi-line string matching the affinity section of a - # PodSpec. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - # nodeSelector labels for injector pod assignment, formatted as a muli-line string. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: | - # beta.kubernetes.io/arch: amd64 - nodeSelector: null - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.7.3-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - # nodeSelector labels for server pod assignment, formatted as a muli-line string. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: | - # beta.kubernetes.io/arch: amd64 - nodeSelector: null - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be a multi-line string matching the Toleration array - # in a PodSpec. - tolerations: null - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.14.0/src/.helmignore b/charts/partners/hashicorp/vault/0.14.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.14.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.14.0/src/CHANGELOG.md deleted file mode 100644 index ee06246182..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/CHANGELOG.md +++ /dev/null @@ -1,297 +0,0 @@ -## Unreleased - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.14.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.14.0/src/CONTRIBUTING.md deleted file mode 100644 index f83d56747a..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `master`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/master/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.14.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.14.0/src/Chart.yaml deleted file mode 100644 index c101e3ed20..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.0 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.14.0 diff --git a/charts/partners/hashicorp/vault/0.14.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.14.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.14.0/src/Makefile b/charts/partners/hashicorp/vault/0.14.0/src/Makefile deleted file mode 100644 index e4e9df1ed9..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/Makefile +++ /dev/null @@ -1,100 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.14.0/src/README.md b/charts/partners/hashicorp/vault/0.14.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.14.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.14.0/src/templates/_helpers.tpl deleted file mode 100644 index 29364aa339..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,642 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 66fe055deb..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index aec802140d..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 261be1c2ae..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,178 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index fc4ef16080..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index abe23aabce..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-role.yaml deleted file mode 100644 index e74524ceaa..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["endpoints", "secrets"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index e06d2425ff..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ingress.yaml deleted file mode 100644 index 9da020e1af..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 37819de5c9..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.14.0/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.14.0/src/values.openshift.yaml deleted file mode 100644 index 168cf2b7e7..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.11.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.0-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.0-ubi" diff --git a/charts/partners/hashicorp/vault/0.14.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.14.0/src/values.schema.json deleted file mode 100644 index bd07137820..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/values.schema.json +++ /dev/null @@ -1,837 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.14.0/src/values.yaml b/charts/partners/hashicorp/vault/0.14.0/src/values.yaml deleted file mode 100644 index 4dbf89910d..0000000000 --- a/charts/partners/hashicorp/vault/0.14.0/src/values.yaml +++ /dev/null @@ -1,722 +0,0 @@ -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader-elector side-car - # will be created so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.11.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.0-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the - # CA that signed the TLS certificate that the webhook serves. This must - # be set if secretName is non-null. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.0-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.15.0/src/.helmignore b/charts/partners/hashicorp/vault/0.15.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.15.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.15.0/src/CHANGELOG.md deleted file mode 100644 index 3649508808..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/CHANGELOG.md +++ /dev/null @@ -1,303 +0,0 @@ -## Unreleased - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.15.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.15.0/src/CONTRIBUTING.md deleted file mode 100644 index f83d56747a..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `master`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/master/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.15.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.15.0/src/Chart.yaml deleted file mode 100644 index 0b6b88ce2d..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.1 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.15.0 diff --git a/charts/partners/hashicorp/vault/0.15.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.15.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.15.0/src/Makefile b/charts/partners/hashicorp/vault/0.15.0/src/Makefile deleted file mode 100644 index e4e9df1ed9..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/Makefile +++ /dev/null @@ -1,100 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.15.0/src/README.md b/charts/partners/hashicorp/vault/0.15.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.15.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.15.0/src/templates/_helpers.tpl deleted file mode 100644 index 3e936f77ee..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,657 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 66fe055deb..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index aec802140d..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 261be1c2ae..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,178 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index fc4ef16080..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-role.yaml deleted file mode 100644 index e74524ceaa..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["endpoints", "secrets"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index e06d2425ff..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ingress.yaml deleted file mode 100644 index 9da020e1af..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.15.0/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.15.0/src/values.openshift.yaml deleted file mode 100644 index c724afb3fe..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.12.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.1-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.1-ubi" diff --git a/charts/partners/hashicorp/vault/0.15.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.15.0/src/values.schema.json deleted file mode 100644 index c159c0102c..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/values.schema.json +++ /dev/null @@ -1,843 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.15.0/src/values.yaml b/charts/partners/hashicorp/vault/0.15.0/src/values.yaml deleted file mode 100644 index 6715cf1afb..0000000000 --- a/charts/partners/hashicorp/vault/0.15.0/src/values.yaml +++ /dev/null @@ -1,726 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader-elector side-car - # will be created so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.12.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.1-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.1-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.16.0/src/.helmignore b/charts/partners/hashicorp/vault/0.16.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.16.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.16.0/src/CHANGELOG.md deleted file mode 100644 index a71e8fc654..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/CHANGELOG.md +++ /dev/null @@ -1,312 +0,0 @@ -## Unreleased - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.16.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.16.0/src/CONTRIBUTING.md deleted file mode 100644 index f83d56747a..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `master`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/master/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.16.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.16.0/src/Chart.yaml deleted file mode 100644 index 0444d0b014..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.2 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.16.0 diff --git a/charts/partners/hashicorp/vault/0.16.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.16.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.16.0/src/Makefile b/charts/partners/hashicorp/vault/0.16.0/src/Makefile deleted file mode 100644 index e4e9df1ed9..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/Makefile +++ /dev/null @@ -1,100 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.16.0/src/README.md b/charts/partners/hashicorp/vault/0.16.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.16.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.16.0/src/templates/_helpers.tpl deleted file mode 100644 index 3e936f77ee..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,657 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 0ab5211511..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-deployment.yaml deleted file mode 100644 index f4a796bf08..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true") }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index 42c4c0ae78..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true")}} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - annotations: - deprecated: "true" - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-role.yaml deleted file mode 100644 index 446efaf595..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "endpoints"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ingress.yaml deleted file mode 100644 index 9da020e1af..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.16.0/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.16.0/src/values.openshift.yaml deleted file mode 100644 index f02e9a93ba..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.13.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.2-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.2-ubi" diff --git a/charts/partners/hashicorp/vault/0.16.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.16.0/src/values.schema.json deleted file mode 100644 index 4c0a004982..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/values.schema.json +++ /dev/null @@ -1,852 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "providersDir": { - "type": "string" - }, - "kubeletRootDir": { - "type": "string" - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - }, - "useContainer": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.16.0/src/values.yaml b/charts/partners/hashicorp/vault/0.16.0/src/values.yaml deleted file mode 100644 index 0bec7ac804..0000000000 --- a/charts/partners/hashicorp/vault/0.16.0/src/values.yaml +++ /dev/null @@ -1,736 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # Note: The deployment of the leader-elector container will soon be removed - # from this chart since vault-k8s now uses an internal mechanism to - # determine leadership. - # To enable the deployment of the leader-elector container for use with - # vault-k8s 0.12.0 and earlier, set `useContainer=true` - useContainer: false - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.13.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.2-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.2-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.16.1/src/.helmignore b/charts/partners/hashicorp/vault/0.16.1/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.16.1/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.16.1/src/CHANGELOG.md deleted file mode 100644 index 5208330a41..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/CHANGELOG.md +++ /dev/null @@ -1,318 +0,0 @@ -## Unreleased - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.16.1/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.16.1/src/CONTRIBUTING.md deleted file mode 100644 index f1c1600008..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.16.1/src/Chart.yaml b/charts/partners/hashicorp/vault/0.16.1/src/Chart.yaml deleted file mode 100644 index 627f6da258..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.3 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.16.1 diff --git a/charts/partners/hashicorp/vault/0.16.1/src/LICENSE.md b/charts/partners/hashicorp/vault/0.16.1/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.16.1/src/Makefile b/charts/partners/hashicorp/vault/0.16.1/src/Makefile deleted file mode 100644 index e4e9df1ed9..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/Makefile +++ /dev/null @@ -1,100 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.16.1/src/README.md b/charts/partners/hashicorp/vault/0.16.1/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.16.1/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.16.1/src/templates/_helpers.tpl deleted file mode 100644 index 3e936f77ee..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,657 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-daemonset.yaml deleted file mode 100644 index 0ab5211511..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-deployment.yaml deleted file mode 100644 index f4a796bf08..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true") }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index 42c4c0ae78..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true")}} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - annotations: - deprecated: "true" - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-role.yaml deleted file mode 100644 index 446efaf595..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "endpoints"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 74fca41d7b..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 9213b74528..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ingress.yaml deleted file mode 100644 index 9da020e1af..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{ if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-service.yaml deleted file mode 100644 index 6f82e38629..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.16.1/src/templates/ui-service.yaml deleted file mode 100644 index 9e90af4bbc..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/templates/ui-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.ui.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if and (eq (.Values.ui.serviceType | toString) "LoadBalancer") (.Values.ui.loadBalancerIP) }} - loadBalancerIP: {{ .Values.ui.loadBalancerIP }} - {{- end }} -{{- end -}} - -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.16.1/src/values.openshift.yaml deleted file mode 100644 index 4739231d10..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.13.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.3-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.3-ubi" diff --git a/charts/partners/hashicorp/vault/0.16.1/src/values.schema.json b/charts/partners/hashicorp/vault/0.16.1/src/values.schema.json deleted file mode 100644 index 4c0a004982..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/values.schema.json +++ /dev/null @@ -1,852 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "providersDir": { - "type": "string" - }, - "kubeletRootDir": { - "type": "string" - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - }, - "useContainer": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.16.1/src/values.yaml b/charts/partners/hashicorp/vault/0.16.1/src/values.yaml deleted file mode 100644 index a7ce326088..0000000000 --- a/charts/partners/hashicorp/vault/0.16.1/src/values.yaml +++ /dev/null @@ -1,736 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # Note: The deployment of the leader-elector container will soon be removed - # from this chart since vault-k8s now uses an internal mechanism to - # determine leadership. - # To enable the deployment of the leader-elector container for use with - # vault-k8s 0.12.0 and earlier, set `useContainer=true` - useContainer: false - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.13.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.3-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.3-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.17.0/src/.helmignore b/charts/partners/hashicorp/vault/0.17.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.17.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.17.0/src/CHANGELOG.md deleted file mode 100644 index 63adb75f44..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/CHANGELOG.md +++ /dev/null @@ -1,332 +0,0 @@ -## Unreleased - -## 0.17.0 (October 21st, 2021) - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.17.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.17.0/src/CONTRIBUTING.md deleted file mode 100644 index f1c1600008..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.17.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.17.0/src/Chart.yaml deleted file mode 100644 index 81ad17ec41..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.4 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.17.0 diff --git a/charts/partners/hashicorp/vault/0.17.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.17.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.17.0/src/Makefile b/charts/partners/hashicorp/vault/0.17.0/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.17.0/src/README.md b/charts/partners/hashicorp/vault/0.17.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.17.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.17.0/src/templates/_helpers.tpl deleted file mode 100644 index 731119a914..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,692 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index a6461fbd22..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-deployment.yaml deleted file mode 100644 index f4a796bf08..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true") }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index 42c4c0ae78..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true")}} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - annotations: - deprecated: "true" - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-role.yaml deleted file mode 100644 index 446efaf595..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "endpoints"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index c2a4f02279..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index fef92a1b28..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ingress.yaml deleted file mode 100644 index b814a6afed..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-service.yaml deleted file mode 100644 index 00996aa254..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.17.0/src/templates/ui-service.yaml deleted file mode 100644 index ea27de282a..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.17.0/src/values.openshift.yaml deleted file mode 100644 index 4db41c2e2f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" diff --git a/charts/partners/hashicorp/vault/0.17.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.17.0/src/values.schema.json deleted file mode 100644 index 4ddbedfaf3..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/values.schema.json +++ /dev/null @@ -1,855 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "providersDir": { - "type": "string" - }, - "kubeletRootDir": { - "type": "string" - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - }, - "useContainer": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.17.0/src/values.yaml b/charts/partners/hashicorp/vault/0.17.0/src/values.yaml deleted file mode 100644 index c46872ba04..0000000000 --- a/charts/partners/hashicorp/vault/0.17.0/src/values.yaml +++ /dev/null @@ -1,751 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # Note: The deployment of the leader-elector container will soon be removed - # from this chart since vault-k8s now uses an internal mechanism to - # determine leadership. - # To enable the deployment of the leader-elector container for use with - # vault-k8s 0.12.0 and earlier, set `useContainer=true` - useContainer: false - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.circleci/config.yml b/charts/partners/hashicorp/vault/0.17.1/src/.circleci/config.yml deleted file mode 100644 index 8de4c83c16..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.circleci/config.yml +++ /dev/null @@ -1,106 +0,0 @@ -version: 2.1 -orbs: - slack: circleci/slack@3.4.2 - -jobs: - bats-unit-test: - docker: - # This image is built from test/docker/Test.dockerfile - - image: docker.mirror.hashicorp.services/hashicorpdev/vault-helm-test:0.2.0 - steps: - - checkout - - run: bats ./test/unit -t - - chart-verifier: - docker: - - image: docker.mirror.hashicorp.services/cimg/go:1.16 - environment: - BATS_VERSION: "1.3.0" - CHART_VERIFIER_VERSION: "1.2.1" - steps: - - checkout - - run: - name: install chart-verifier - command: go get github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION} - - run: - name: install bats - command: | - curl -sSL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz -o /tmp/bats.tgz - tar -zxf /tmp/bats.tgz -C /tmp - sudo /bin/bash /tmp/bats-core-${BATS_VERSION}/install.sh /usr/local - - run: - name: run chart-verifier tests - command: bats ./test/chart -t - - acceptance: - docker: - # This image is build from test/docker/Test.dockerfile - - image: docker.mirror.hashicorp.services/hashicorpdev/vault-helm-test:0.2.0 - - steps: - - checkout - - run: - name: terraform init & apply - command: | - echo -e "${GOOGLE_APP_CREDS}" | base64 -d > vault-helm-test.json - export GOOGLE_CREDENTIALS=vault-helm-test.json - make provision-cluster - - run: - name: Run acceptance tests - command: bats ./test/acceptance -t - - - run: - name: terraform destroy - command: | - export GOOGLE_CREDENTIALS=vault-helm-test.json - make destroy-cluster - when: always - update-helm-charts-index: - docker: - - image: docker.mirror.hashicorp.services/circleci/golang:1.15.3 - steps: - - checkout - - run: - name: verify Chart version matches tag version - command: | - GO111MODULE=on go get github.com/mikefarah/yq/v2 - git_tag=$(echo "${CIRCLE_TAG#v}") - chart_tag=$(yq r Chart.yaml version) - if [ "${git_tag}" != "${chart_tag}" ]; then - echo "chart version (${chart_tag}) did not match git version (${git_tag})" - exit 1 - fi - - run: - name: update helm-charts index - command: | - curl --show-error --silent --fail --user "${CIRCLE_TOKEN}:" \ - -X POST \ - -H 'Content-Type: application/json' \ - -H 'Accept: application/json' \ - -d "{\"branch\": \"master\",\"parameters\":{\"SOURCE_REPO\": \"${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}\",\"SOURCE_TAG\": \"${CIRCLE_TAG}\"}}" \ - "${CIRCLE_ENDPOINT}/${CIRCLE_PROJECT}/pipeline" - - slack/status: - fail_only: true - failure_message: "Failed to trigger an update to the helm charts index. Check the logs at: ${CIRCLE_BUILD_URL}" - -workflows: - version: 2 - build_and_test: - jobs: - - bats-unit-test - - chart-verifier - - acceptance: - requires: - - bats-unit-test - filters: - branches: - only: main - update-helm-charts-index: - jobs: - - update-helm-charts-index: - context: helm-charts-trigger-vault - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/bug_report.md b/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index cb69c51384..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -name: Bug report -about: Let us know about a bug! -title: '' -labels: bug -assignees: '' - ---- - - - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Install chart -2. Run vault command -3. See error (vault logs, etc.) - -Other useful info to include: vault pod logs, `kubectl describe statefulset vault` and `kubectl get statefulset vault -o yaml` output - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Environment** -* Kubernetes version: - * Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): - * Other configuration options or runtime services (istio, etc.): -* vault-helm version: - -Chart values: - -```yaml -# Paste your user-supplied values here (`helm get values `). -# Be sure to scrub any sensitive values! -``` - -**Additional context** -Add any other context about the problem here. diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/config.yml b/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index b24b36b2c7..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,4 +0,0 @@ -contact_links: - - name: Ask a question - url: https://discuss.hashicorp.com/c/vault - about: For increased visibility, please post questions on the discussion forum, and tag with `k8s` diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/feature_request.md b/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 11fc491ef1..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: enhancement -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.github/workflows/jira.yaml b/charts/partners/hashicorp/vault/0.17.1/src/.github/workflows/jira.yaml deleted file mode 100644 index 0c8e5bf6e3..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.github/workflows/jira.yaml +++ /dev/null @@ -1,87 +0,0 @@ -on: - issues: - types: [opened, closed, deleted, reopened] - pull_request_target: - types: [opened, closed, reopened] - issue_comment: # Also triggers when commenting on a PR from the conversation view - types: [created] - -name: Jira Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira sync - steps: - - name: Check if community user - if: github.event.action == 'opened' - id: vault-team-role - run: | - TEAM=vault - ROLE="$(hub api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')" - if [[ -n ${ROLE} ]]; then - echo "Actor ${{ github.actor }} is a ${TEAM} team member, skipping ticket creation" - else - echo "Actor ${{ github.actor }} is not a ${TEAM} team member" - fi - echo "::set-output name=role::${ROLE}" - env: - GITHUB_TOKEN: ${{ secrets.JIRA_SYNC_GITHUB_TOKEN }} - - - name: Login - uses: atlassian/gajira-login@v2.0.0 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} - - - name: Preprocess - if: github.event.action == 'opened' || github.event.action == 'created' - id: preprocess - run: | - if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then - echo "::set-output name=type::PR" - else - echo "::set-output name=type::ISS" - fi - - - name: Create ticket - if: github.event.action == 'opened' && !steps.vault-team-role.outputs.role - uses: tomhjp/gh-action-jira-create@v0.2.0 - with: - project: VAULT - issuetype: "GH Issue" - summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_" - # customfield_10089 is Issue Link custom field - # customfield_10091 is team custom field - extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "runtime"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}' - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@v0.2.1 - with: - # cf[10089] is Issue Link custom field - jql: 'project = "VAULT" and issuetype = "GH Issue" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue - uses: atlassian/gajira-transition@v2.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: Done - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@v2.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "To Do" diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.gitignore b/charts/partners/hashicorp/vault/0.17.1/src/.gitignore deleted file mode 100644 index 2e23aca275..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -.DS_Store -.terraform/ -.terraform.tfstate* -terraform.tfstate* -terraform.tfvars -values.dev.yaml -vaul-helm-dev-creds.json -./test/acceptance/vaul-helm-dev-creds.json -./test/terraform/vaul-helm-dev-creds.json -./test/unit/vaul-helm-dev-creds.json -./test/acceptance/values.yaml -./test/acceptance/values.yml -.idea diff --git a/charts/partners/hashicorp/vault/0.17.1/src/.helmignore b/charts/partners/hashicorp/vault/0.17.1/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.17.1/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.17.1/src/CHANGELOG.md deleted file mode 100644 index a20c68bd4c..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/CHANGELOG.md +++ /dev/null @@ -1,340 +0,0 @@ -## Unreleased - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure annotation for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.17.1/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.17.1/src/CONTRIBUTING.md deleted file mode 100644 index f1c1600008..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.17.1/src/Chart.yaml b/charts/partners/hashicorp/vault/0.17.1/src/Chart.yaml deleted file mode 100644 index a68762a2b9..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.4 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.17.1 diff --git a/charts/partners/hashicorp/vault/0.17.1/src/LICENSE.md b/charts/partners/hashicorp/vault/0.17.1/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.17.1/src/Makefile b/charts/partners/hashicorp/vault/0.17.1/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.17.1/src/README.md b/charts/partners/hashicorp/vault/0.17.1/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.17.1/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.17.1/src/templates/_helpers.tpl deleted file mode 100644 index 731119a914..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,692 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-daemonset.yaml deleted file mode 100644 index a6461fbd22..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-deployment.yaml deleted file mode 100644 index f4a796bf08..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true") }} - - name: leader-elector - image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} - args: - - --election={{ template "vault.fullname" . }}-agent-injector-leader - - --election-namespace={{ .Release.Namespace }} - - --http=0.0.0.0:4040 - - --ttl={{ .Values.injector.leaderElector.ttl }} - livenessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 4040 - scheme: HTTP - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - {{- end }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-leader-endpoint.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-leader-endpoint.yaml deleted file mode 100644 index 42c4c0ae78..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-leader-endpoint.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true")}} -# This is created here so it can be cleaned up easily, since if -# the endpoint is left around the leader won't expire for about a minute. -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader - annotations: - deprecated: "true" - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-role.yaml deleted file mode 100644 index 446efaf595..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "endpoints"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-active-service.yaml deleted file mode 100644 index c2a4f02279..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index fef92a1b28..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ingress.yaml deleted file mode 100644 index 48c76a8282..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-ingress.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-service.yaml deleted file mode 100644 index 00996aa254..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.17.1/src/templates/ui-service.yaml deleted file mode 100644 index ea27de282a..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.17.1/src/values.openshift.yaml deleted file mode 100644 index 4db41c2e2f..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" diff --git a/charts/partners/hashicorp/vault/0.17.1/src/values.schema.json b/charts/partners/hashicorp/vault/0.17.1/src/values.schema.json deleted file mode 100644 index 4ddbedfaf3..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/values.schema.json +++ /dev/null @@ -1,855 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "providersDir": { - "type": "string" - }, - "kubeletRootDir": { - "type": "string" - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ttl": { - "type": "string" - }, - "useContainer": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.17.1/src/values.yaml b/charts/partners/hashicorp/vault/0.17.1/src/values.yaml deleted file mode 100644 index 3d290dd761..0000000000 --- a/charts/partners/hashicorp/vault/0.17.1/src/values.yaml +++ /dev/null @@ -1,754 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # Note: The deployment of the leader-elector container will soon be removed - # from this chart since vault-k8s now uses an internal mechanism to - # determine leadership. - # To enable the deployment of the leader-elector container for use with - # vault-k8s 0.12.0 and earlier, set `useContainer=true` - useContainer: false - image: - repository: "gcr.io/google_containers/leader-elector" - tag: "0.4" - ttl: 60s - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.8.4-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.18.0/src/.helmignore b/charts/partners/hashicorp/vault/0.18.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.18.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.18.0/src/CHANGELOG.md deleted file mode 100644 index c596d51598..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/CHANGELOG.md +++ /dev/null @@ -1,350 +0,0 @@ -## Unreleased - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.18.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.18.0/src/CONTRIBUTING.md deleted file mode 100644 index f1c1600008..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,239 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool` -on Freenode, too. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. diff --git a/charts/partners/hashicorp/vault/0.18.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.18.0/src/Chart.yaml deleted file mode 100644 index aabcc4b05a..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 1.9.0 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.18.0 diff --git a/charts/partners/hashicorp/vault/0.18.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.18.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.18.0/src/Makefile b/charts/partners/hashicorp/vault/0.18.0/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.18.0/src/README.md b/charts/partners/hashicorp/vault/0.18.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.18.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.18.0/src/templates/_helpers.tpl deleted file mode 100644 index 731119a914..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,692 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index a6461fbd22..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-deployment.yaml deleted file mode 100644 index aefbf0882a..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-role.yaml deleted file mode 100644 index e7e383d16d..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index c2a4f02279..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index fef92a1b28..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ingress.yaml deleted file mode 100644 index 48c76a8282..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-route.yaml deleted file mode 100644 index 63055db39f..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-service.yaml deleted file mode 100644 index 00996aa254..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 031b179059..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 66aa178f58..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - - restartPolicy: Never -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.18.0/src/templates/ui-service.yaml deleted file mode 100644 index ea27de282a..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.18.0/src/values.openshift.yaml deleted file mode 100644 index afbe1f98a9..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.0-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.0-ubi" diff --git a/charts/partners/hashicorp/vault/0.18.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.18.0/src/values.schema.json deleted file mode 100644 index 26f1367489..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/values.schema.json +++ /dev/null @@ -1,841 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "providersDir": { - "type": "string" - }, - "kubeletRootDir": { - "type": "string" - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.18.0/src/values.yaml b/charts/partners/hashicorp/vault/0.18.0/src/values.yaml deleted file mode 100644 index 60b97719e4..0000000000 --- a/charts/partners/hashicorp/vault/0.18.0/src/values.yaml +++ /dev/null @@ -1,745 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.0-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.0-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # The created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unseal, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.19.0/src/.helmignore b/charts/partners/hashicorp/vault/0.19.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.19.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.19.0/src/CHANGELOG.md deleted file mode 100644 index ea6d36785b..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/CHANGELOG.md +++ /dev/null @@ -1,367 +0,0 @@ -## Unreleased - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.19.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.19.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.19.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.19.0/src/Chart.yaml deleted file mode 100644 index 746438db40..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.9.2 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.14.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.19.0 -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/charts/partners/hashicorp/vault/0.19.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.19.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.19.0/src/Makefile b/charts/partners/hashicorp/vault/0.19.0/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.19.0/src/README.md b/charts/partners/hashicorp/vault/0.19.0/src/README.md deleted file mode 100644 index f95b26fc37..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.19.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.19.0/src/templates/_helpers.tpl deleted file mode 100644 index 12afeab91f..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,707 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if ne (.Values.server.enabled | toString) "true" -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if .Values.injector.webhookAnnotations }} - annotations: - {{- $tp := typeOf .Values.injector.webhookAnnotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.webhookAnnotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.webhookAnnotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index a19e520f5d..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index 63d69c7b1f..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index f0bf639f38..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,84 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{ template "csi.pod.annotations" . }} - spec: - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index ee127481b0..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and (eq (.Values.csi.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 78363be55f..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 4ff25abe52..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 35d30b3935..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 95e2c2da8e..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,158 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index 59c998551c..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index de7dd5622c..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - sideEffects: None - admissionReviewVersions: - - "v1beta1" - - "v1" - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.injector.namespaceSelector }} - namespaceSelector: -{{ toYaml .Values.injector.namespaceSelector | indent 6}} -{{ end }} -{{- if .Values.injector.objectSelector }} - objectSelector: -{{ toYaml .Values.injector.objectSelector | indent 6}} -{{ end }} -{{- with .Values.injector.failurePolicy }} - failurePolicy: {{.}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 7a399a538d..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.openshift | toString) "true") }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 20c87bb2ad..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index d6d0d5e247..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp.yaml deleted file mode 100644 index c024ac1077..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-role.yaml deleted file mode 100644 index e7e383d16d..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index aa81794208..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-service.yaml deleted file mode 100644 index 3138b7a5be..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index a28d38fabb..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e5e0f5fec1..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index b8093ad030..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 4a39cec21c..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 47526650bb..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.global.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3c45cc04ea..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if and (eq (.Values.global.enabled | toString) "true") (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index c2a4f02279..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index fef92a1b28..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-headless-service.yaml deleted file mode 100644 index a37c639571..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ingress.yaml deleted file mode 100644 index 48c76a8282..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-role.yaml deleted file mode 100644 index fd12e1eb30..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index b2a43c834a..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp.yaml deleted file mode 100644 index 2d94268197..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-service.yaml deleted file mode 100644 index 00996aa254..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: true - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 925b166bba..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/server-statefulset.yaml deleted file mode 100644 index cbcda967de..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,208 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/tests/server-test.yaml deleted file mode 100644 index d983b9df6c..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.19.0/src/templates/ui-service.yaml deleted file mode 100644 index ea27de282a..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} -{{- if eq (.Values.ui.enabled | toString) "true" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.19.0/src/values.openshift.yaml deleted file mode 100644 index d24ac6e219..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.2-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.2-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.2-ubi" diff --git a/charts/partners/hashicorp/vault/0.19.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.19.0/src/values.schema.json deleted file mode 100644 index 15440431a3..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/values.schema.json +++ /dev/null @@ -1,865 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "priorityClassName": { - "type": "string" - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": "boolean" - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": "string" - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": "string" - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.19.0/src/values.yaml b/charts/partners/hashicorp/vault/0.19.0/src/values.yaml deleted file mode 100644 index ac0e45f69e..0000000000 --- a/charts/partners/hashicorp/vault/0.19.0/src/values.yaml +++ /dev/null @@ -1,769 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - enabled: true - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.14.2-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.2-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details - enabled: true - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.9.2-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "0.4.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.20.0/src/.helmignore b/charts/partners/hashicorp/vault/0.20.0/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.20.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.20.0/src/CHANGELOG.md deleted file mode 100644 index b891e27eca..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/CHANGELOG.md +++ /dev/null @@ -1,387 +0,0 @@ -## Unreleased - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.20.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.20.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.20.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.20.0/src/Chart.yaml deleted file mode 100644 index 051329bb32..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.10.3 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.16.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.20.0 -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/charts/partners/hashicorp/vault/0.20.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.20.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.20.0/src/Makefile b/charts/partners/hashicorp/vault/0.20.0/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.20.0/src/README.md b/charts/partners/hashicorp/vault/0.20.0/src/README.md deleted file mode 100644 index 637f68b63c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible - it works with earlier versions but this chart is untested for those versions. - * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.20.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.20.0/src/templates/_helpers.tpl deleted file mode 100644 index 846bfc3df0..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,783 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index ec6a3d2b9f..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5b62a5f09..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 5c21752d6d..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 8d6fa5329c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index e88685b5eb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 6a0d6be1ae..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 4c193f8a2e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-deployment.yaml deleted file mode 100644 index d46cefc5b5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index b44fd7300b..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index f873f61c91..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- if or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) }} - objectSelector: -{{ toYaml (((.Values.injector.webhook)).objectSelector | default .Values.injector.objectSelector) | indent 6}} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 68892d23b2..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 5d23c7556e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 4f6b0a851c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp.yaml deleted file mode 100644 index 1eee2fcd04..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-role.yaml deleted file mode 100644 index 08c8264ccb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index ea0db11b94..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-service.yaml deleted file mode 100644 index 5e747d6f10..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index ebc57b56ff..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index e045b9ec37..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.server.authDelegator.enabled | toString) "true") }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index f40c69608e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 9ca23dd4c6..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 6e22e4c2b7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index d940fa4dac..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 90761a468e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 03260ffaf8..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-headless-service.yaml deleted file mode 100644 index fffaaacbbb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ingress.yaml deleted file mode 100644 index c81e5f5cee..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-role.yaml deleted file mode 100644 index b8eb897e5e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index fded9fbc62..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp.yaml deleted file mode 100644 index d210af3513..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-service.yaml deleted file mode 100644 index 3a9b0e7e52..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index 2d1a104bf9..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 518a19336a..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,215 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 56dbee78cd..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.20.0/src/templates/ui-service.yaml deleted file mode 100644 index d45afdda4f..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.20.0/src/values.openshift.yaml deleted file mode 100644 index e59bb86771..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.16.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" diff --git a/charts/partners/hashicorp/vault/0.20.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.20.0/src/values.schema.json deleted file mode 100644 index 87a02f803d..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/values.schema.json +++ /dev/null @@ -1,931 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "priorityClassName": { - "type": "string" - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": "object" - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": "object" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.20.0/src/values.yaml b/charts/partners/hashicorp/vault/0.20.0/src/values.yaml deleted file mode 100644 index 0775d40f4d..0000000000 --- a/charts/partners/hashicorp/vault/0.20.0/src/values.yaml +++ /dev/null @@ -1,840 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.16.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.1.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.circleci/config.yml b/charts/partners/hashicorp/vault/0.20.1/src/.circleci/config.yml deleted file mode 100644 index 7582bdc216..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.circleci/config.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: 2.1 -orbs: - slack: circleci/slack@3.4.2 - -jobs: - bats-unit-test: - docker: - # This image is built from test/docker/Test.dockerfile - - image: docker.mirror.hashicorp.services/hashicorpdev/vault-helm-test:0.2.0 - steps: - - checkout - - run: bats ./test/unit -t - - chart-verifier: - docker: - - image: docker.mirror.hashicorp.services/cimg/go:1.16 - environment: - BATS_VERSION: "1.3.0" - CHART_VERIFIER_VERSION: "1.2.1" - steps: - - checkout - - run: - name: install chart-verifier - command: go get github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION} - - run: - name: install bats - command: | - curl -sSL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz -o /tmp/bats.tgz - tar -zxf /tmp/bats.tgz -C /tmp - sudo /bin/bash /tmp/bats-core-${BATS_VERSION}/install.sh /usr/local - - run: - name: run chart-verifier tests - command: bats ./test/chart -t - - acceptance: - docker: - # This image is build from test/docker/Test.dockerfile - - image: docker.mirror.hashicorp.services/hashicorpdev/vault-helm-test:0.2.0 - - steps: - - checkout - - run: - name: terraform init & apply - command: | - echo -e "${GOOGLE_APP_CREDS}" | base64 -d > vault-helm-test.json - export GOOGLE_CREDENTIALS=vault-helm-test.json - make provision-cluster - - run: - name: Run acceptance tests - command: bats ./test/acceptance -t - - - run: - name: terraform destroy - command: | - export GOOGLE_CREDENTIALS=vault-helm-test.json - make destroy-cluster - when: always - update-helm-charts-index: - docker: - - image: docker.mirror.hashicorp.services/circleci/golang:1.15.3 - steps: - - checkout - - run: - name: verify Chart version matches tag version - command: | - GO111MODULE=on go get github.com/mikefarah/yq/v2 - git_tag=$(echo "${CIRCLE_TAG#v}") - chart_tag=$(yq r Chart.yaml version) - if [ "${git_tag}" != "${chart_tag}" ]; then - echo "chart version (${chart_tag}) did not match git version (${git_tag})" - exit 1 - fi - - run: - name: update helm-charts index - command: | - curl --show-error --silent --fail --user "${CIRCLE_TOKEN}:" \ - -X POST \ - -H 'Content-Type: application/json' \ - -H 'Accept: application/json' \ - -d "{\"branch\": \"main\",\"parameters\":{\"SOURCE_REPO\": \"${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}\",\"SOURCE_TAG\": \"${CIRCLE_TAG}\"}}" \ - "${CIRCLE_ENDPOINT}/${CIRCLE_PROJECT}/pipeline" - - slack/status: - fail_only: true - failure_message: "Failed to trigger an update to the helm charts index. Check the logs at: ${CIRCLE_BUILD_URL}" - -workflows: - version: 2 - # Note: unit and acceptance tests are now being run in GitHub Actions - update-helm-charts-index: - jobs: - - update-helm-charts-index: - context: helm-charts-trigger-vault - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/bug_report.md b/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index cb69c51384..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -name: Bug report -about: Let us know about a bug! -title: '' -labels: bug -assignees: '' - ---- - - - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Install chart -2. Run vault command -3. See error (vault logs, etc.) - -Other useful info to include: vault pod logs, `kubectl describe statefulset vault` and `kubectl get statefulset vault -o yaml` output - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Environment** -* Kubernetes version: - * Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): - * Other configuration options or runtime services (istio, etc.): -* vault-helm version: - -Chart values: - -```yaml -# Paste your user-supplied values here (`helm get values `). -# Be sure to scrub any sensitive values! -``` - -**Additional context** -Add any other context about the problem here. diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/config.yml b/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index b24b36b2c7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,4 +0,0 @@ -contact_links: - - name: Ask a question - url: https://discuss.hashicorp.com/c/vault - about: For increased visibility, please post questions on the discussion forum, and tag with `k8s` diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/feature_request.md b/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 11fc491ef1..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: enhancement -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/acceptance.yaml b/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/acceptance.yaml deleted file mode 100644 index 2261ea63a5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/acceptance.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Acceptance Tests - -on: - push: - branches: - - main - workflow_dispatch: {} - -jobs: - kind: - strategy: - fail-fast: false - matrix: - kind-k8s-version: [1.16.15, 1.20.15, 1.21.10, 1.22.7, 1.23.4] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Setup test tools - uses: ./.github/workflows/setup-test-tools - - - name: Create K8s Kind Cluster - uses: helm/kind-action@v1.2.0 - with: - config: test/kind/config.yaml - node_image: kindest/node:v${{ matrix.kind-k8s-version }} - - # Skip CSI tests if K8s version < 1.16.x - - run: echo K8S_MINOR=$(kubectl version -o json | jq -r .serverVersion.minor) >> $GITHUB_ENV - - if: ${{ env.K8S_MINOR < 16 }} - run: echo "SKIP_CSI=true" >> $GITHUB_ENV - - - run: bats ./test/acceptance -t - env: - VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/jira.yaml b/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/jira.yaml deleted file mode 100644 index eb369f3351..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/jira.yaml +++ /dev/null @@ -1,72 +0,0 @@ -on: - issues: - types: [opened, closed, deleted, reopened] - pull_request_target: - types: [opened, closed, reopened] - issue_comment: # Also triggers when commenting on a PR from the conversation view - types: [created] - -name: Jira Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira sync - steps: - - name: Login - uses: atlassian/gajira-login@v2.0.0 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} - - - name: Preprocess - if: github.event.action == 'opened' || github.event.action == 'created' - id: preprocess - run: | - if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then - echo "::set-output name=type::PR" - else - echo "::set-output name=type::ISS" - fi - - - name: Create ticket - if: github.event.action == 'opened' - uses: tomhjp/gh-action-jira-create@v0.2.0 - with: - project: VAULT - issuetype: "GH Issue" - summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_" - # customfield_10089 is Issue Link custom field - # customfield_10091 is team custom field - extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "runtime"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}' - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@v0.2.1 - with: - # cf[10089] is Issue Link custom field - jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue - uses: atlassian/gajira-transition@v2.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: Close - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@v2.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "Pending Triage" diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/setup-test-tools/action.yaml b/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/setup-test-tools/action.yaml deleted file mode 100644 index 3fa2854161..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/setup-test-tools/action.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: Setup common testing tools -description: Install bats and python-yq - -runs: - using: "composite" - steps: - - uses: actions/setup-node@v2 - with: - node-version: '14' - - run: npm install -g bats@${BATS_VERSION} - shell: bash - env: - BATS_VERSION: '1.5.0' - - run: bats -v - shell: bash - - uses: actions/setup-python@v2 - - run: pip install yq - shell: bash diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/tests.yaml b/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/tests.yaml deleted file mode 100644 index 0aba6ee303..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.github/workflows/tests.yaml +++ /dev/null @@ -1,25 +0,0 @@ -name: Tests - -on: [push, workflow_dispatch] - -jobs: - bats-unit-tests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: ./.github/workflows/setup-test-tools - - run: bats ./test/unit -t - - chart-verifier: - runs-on: ubuntu-latest - env: - CHART_VERIFIER_VERSION: '1.2.1' - steps: - - uses: actions/checkout@v2 - - name: Setup test tools - uses: ./.github/workflows/setup-test-tools - - uses: actions/setup-go@v2 - with: - go-version: '1.17.4' - - run: go install github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION} - - run: bats ./test/chart -t diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.gitignore b/charts/partners/hashicorp/vault/0.20.1/src/.gitignore deleted file mode 100644 index 2e23aca275..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -.DS_Store -.terraform/ -.terraform.tfstate* -terraform.tfstate* -terraform.tfvars -values.dev.yaml -vaul-helm-dev-creds.json -./test/acceptance/vaul-helm-dev-creds.json -./test/terraform/vaul-helm-dev-creds.json -./test/unit/vaul-helm-dev-creds.json -./test/acceptance/values.yaml -./test/acceptance/values.yml -.idea diff --git a/charts/partners/hashicorp/vault/0.20.1/src/.helmignore b/charts/partners/hashicorp/vault/0.20.1/src/.helmignore deleted file mode 100644 index d1180d2fb7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/.helmignore +++ /dev/null @@ -1,4 +0,0 @@ -.git/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/hashicorp/vault/0.20.1/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.20.1/src/CHANGELOG.md deleted file mode 100644 index bf72ad84aa..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/CHANGELOG.md +++ /dev/null @@ -1,397 +0,0 @@ -## Unreleased - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.20.1/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.20.1/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.20.1/src/Chart.yaml b/charts/partners/hashicorp/vault/0.20.1/src/Chart.yaml deleted file mode 100644 index 4ee3ef9e36..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.10.3 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.16.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.20.1 -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/charts/partners/hashicorp/vault/0.20.1/src/LICENSE.md b/charts/partners/hashicorp/vault/0.20.1/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.20.1/src/Makefile b/charts/partners/hashicorp/vault/0.20.1/src/Makefile deleted file mode 100644 index 0ac6850130..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.20.2 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.20.1/src/README.md b/charts/partners/hashicorp/vault/0.20.1/src/README.md deleted file mode 100644 index c9971ff41b..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.20.1/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.20.1/src/templates/_helpers.tpl deleted file mode 100644 index 8f3aa65ab5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,825 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if .Values.injector.externalVaultAddr -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrole.yaml deleted file mode 100644 index ec6a3d2b9f..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5b62a5f09..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-daemonset.yaml deleted file mode 100644 index 5c21752d6d..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 8d6fa5329c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-certs-secret.yaml deleted file mode 100644 index e88685b5eb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 6a0d6be1ae..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 4c193f8a2e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-deployment.yaml deleted file mode 100644 index d46cefc5b5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index b44fd7300b..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index 3d3fd36786..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-network-policy.yaml deleted file mode 100644 index 68892d23b2..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-role.yaml deleted file mode 100644 index 5d23c7556e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 4f6b0a851c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp.yaml deleted file mode 100644 index 1eee2fcd04..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-role.yaml deleted file mode 100644 index 08c8264ccb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-rolebinding.yaml deleted file mode 100644 index ea0db11b94..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-service.yaml deleted file mode 100644 index 5e747d6f10..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index ebc57b56ff..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index 8cdd611430..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-config-configmap.yaml deleted file mode 100644 index f40c69608e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-role.yaml deleted file mode 100644 index 9ca23dd4c6..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 6e22e4c2b7..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index d940fa4dac..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 90761a468e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index 03260ffaf8..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-headless-service.yaml deleted file mode 100644 index fffaaacbbb..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ingress.yaml deleted file mode 100644 index c81e5f5cee..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-role.yaml deleted file mode 100644 index b8eb897e5e..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index fded9fbc62..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp.yaml deleted file mode 100644 index d210af3513..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-service.yaml deleted file mode 100644 index 3a9b0e7e52..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-serviceaccount.yaml deleted file mode 100644 index c0d32d190c..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/server-statefulset.yaml deleted file mode 100644 index 518a19336a..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,215 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/tests/server-test.yaml deleted file mode 100644 index 56dbee78cd..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.20.1/src/templates/ui-service.yaml deleted file mode 100644 index d45afdda4f..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.20.1/src/values.openshift.yaml deleted file mode 100644 index 092e5ba43f..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.16.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" diff --git a/charts/partners/hashicorp/vault/0.20.1/src/values.schema.json b/charts/partners/hashicorp/vault/0.20.1/src/values.schema.json deleted file mode 100644 index ab0c602db4..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/values.schema.json +++ /dev/null @@ -1,937 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "priorityClassName": { - "type": "string" - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.20.1/src/values.yaml b/charts/partners/hashicorp/vault/0.20.1/src/values.yaml deleted file mode 100644 index 90ce7069b2..0000000000 --- a/charts/partners/hashicorp/vault/0.20.1/src/values.yaml +++ /dev/null @@ -1,845 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - # TLS for end-to-end encrypted transport - tlsDisable: true - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # External vault server address for the injector to use. Setting this will - # disable deployment of a vault server along with the injector. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.16.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.10.3-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.1.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.21.0/src/.helmignore b/charts/partners/hashicorp/vault/0.21.0/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/hashicorp/vault/0.21.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.21.0/src/CHANGELOG.md deleted file mode 100644 index 45d7168d52..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/CHANGELOG.md +++ /dev/null @@ -1,417 +0,0 @@ -## Unreleased - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.21.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.21.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.21.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.21.0/src/Chart.yaml deleted file mode 100644 index 433dfa92ab..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.11.2 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.16.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.21.0 -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/charts/partners/hashicorp/vault/0.21.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.21.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.21.0/src/Makefile b/charts/partners/hashicorp/vault/0.21.0/src/Makefile deleted file mode 100644 index 49799e919d..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.24.1 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.21.0/src/README.md b/charts/partners/hashicorp/vault/0.21.0/src/README.md deleted file mode 100644 index c9971ff41b..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.21.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.21.0/src/templates/_helpers.tpl deleted file mode 100644 index 38973910ad..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,953 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index ec6a3d2b9f..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5b62a5f09..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index d131aac5f5..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 8d6fa5329c..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index e88685b5eb..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 6a0d6be1ae..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 4c193f8a2e..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-deployment.yaml deleted file mode 100644 index f0605599ed..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index b44fd7300b..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index 3d3fd36786..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 68892d23b2..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 5d23c7556e..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 4f6b0a851c..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp.yaml deleted file mode 100644 index 1eee2fcd04..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-role.yaml deleted file mode 100644 index 08c8264ccb..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index ea0db11b94..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-service.yaml deleted file mode 100644 index 5e747d6f10..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index d1919b9366..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index 8cdd611430..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index f40c69608e..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 9ca23dd4c6..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 6e22e4c2b7..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index d940fa4dac..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index e15d40ab0b..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index e6d66af847..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-headless-service.yaml deleted file mode 100644 index fffaaacbbb..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ingress.yaml deleted file mode 100644 index c81e5f5cee..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-role.yaml deleted file mode 100644 index b8eb897e5e..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index fded9fbc62..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp.yaml deleted file mode 100644 index d210af3513..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-service.yaml deleted file mode 100644 index 3a9b0e7e52..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index c0d32d190c..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/server-statefulset.yaml deleted file mode 100644 index afc48d695d..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,206 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 56dbee78cd..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.21.0/src/templates/ui-service.yaml deleted file mode 100644 index d45afdda4f..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.21.0/src/values.openshift.yaml deleted file mode 100644 index a1c48f02f2..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.17.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" diff --git a/charts/partners/hashicorp/vault/0.21.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.21.0/src/values.schema.json deleted file mode 100644 index aad7ee7fcc..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/values.schema.json +++ /dev/null @@ -1,1027 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.21.0/src/values.yaml b/charts/partners/hashicorp/vault/0.21.0/src/values.yaml deleted file mode 100644 index b7721cdac5..0000000000 --- a/charts/partners/hashicorp/vault/0.21.0/src/values.yaml +++ /dev/null @@ -1,898 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.17.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: {} - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: - # allowPrivilegeEscalation: false - securityContext: - pod: {} - container: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.2.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] diff --git a/charts/partners/hashicorp/vault/0.22.0/src/.helmignore b/charts/partners/hashicorp/vault/0.22.0/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/hashicorp/vault/0.22.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.22.0/src/CHANGELOG.md deleted file mode 100644 index bdc728be40..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/CHANGELOG.md +++ /dev/null @@ -1,427 +0,0 @@ -## Unreleased - -## 0.22.0 (September 8th, 2022) - -Features: -* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772) - -Changes: -* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785) - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.22.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.22.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.22.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.22.0/src/Chart.yaml deleted file mode 100644 index 3f9c796226..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.11.3 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.16.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.22.0 -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/charts/partners/hashicorp/vault/0.22.0/src/LICENSE.md b/charts/partners/hashicorp/vault/0.22.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.22.0/src/Makefile b/charts/partners/hashicorp/vault/0.22.0/src/Makefile deleted file mode 100644 index e423f3529d..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.25.0 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats --tap --timing test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.22.0/src/README.md b/charts/partners/hashicorp/vault/0.22.0/src/README.md deleted file mode 100644 index c9971ff41b..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.22.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.22.0/src/templates/_helpers.tpl deleted file mode 100644 index 38973910ad..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,953 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index ec6a3d2b9f..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5b62a5f09..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index d131aac5f5..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 8d6fa5329c..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index e88685b5eb..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 6a0d6be1ae..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 4c193f8a2e..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-deployment.yaml deleted file mode 100644 index f0605599ed..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index b44fd7300b..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index 3d3fd36786..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 68892d23b2..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 5d23c7556e..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 4f6b0a851c..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp.yaml deleted file mode 100644 index 1eee2fcd04..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-role.yaml deleted file mode 100644 index 08c8264ccb..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index ea0db11b94..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-service.yaml deleted file mode 100644 index 5e747d6f10..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index d1919b9366..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-prometheusrules.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-prometheusrules.yaml deleted file mode 100644 index 572f1a05a1..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-prometheusrules.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (.Values.serverTelemetry.prometheusRules.rules) - (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) ) -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - groups: - - name: {{ include "vault.fullname" . }} - rules: - {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-servicemonitor.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-servicemonitor.yaml deleted file mode 100644 index 323e51fb90..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/prometheus-servicemonitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if eq .mode "ha" }} - vault-active: "true" - {{- else }} - vault-internal: "true" - {{- end }} - endpoints: - - port: {{ include "vault.scheme" . }} - interval: {{ .Values.serverTelemetry.serviceMonitor.interval }} - scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }} - scheme: {{ include "vault.scheme" . | lower }} - path: /v1/sys/metrics - params: - format: - - prometheus - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index 8cdd611430..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index f40c69608e..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 9ca23dd4c6..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 6e22e4c2b7..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index d940fa4dac..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index ef212376d9..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-active: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index e6d66af847..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-headless-service.yaml deleted file mode 100644 index b03f491e37..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-internal: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ingress.yaml deleted file mode 100644 index c81e5f5cee..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-role.yaml deleted file mode 100644 index b8eb897e5e..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index fded9fbc62..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp.yaml deleted file mode 100644 index d210af3513..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-service.yaml deleted file mode 100644 index 3a9b0e7e52..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index c0d32d190c..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/server-statefulset.yaml deleted file mode 100644 index afc48d695d..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,206 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 56dbee78cd..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.22.0/src/templates/ui-service.yaml deleted file mode 100644 index d45afdda4f..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.22.0/src/values.openshift.yaml deleted file mode 100644 index c932a68971..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.0.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.3-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.3-ubi" diff --git a/charts/partners/hashicorp/vault/0.22.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.22.0/src/values.schema.json deleted file mode 100644 index aad7ee7fcc..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/values.schema.json +++ /dev/null @@ -1,1027 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.22.0/src/values.yaml b/charts/partners/hashicorp/vault/0.22.0/src/values.yaml deleted file mode 100644 index 698f5776a5..0000000000 --- a/charts/partners/hashicorp/vault/0.22.0/src/values.yaml +++ /dev/null @@ -1,999 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - serverTelemetry: - # Enable integration with the Prometheus Operator - # See the top level serverTelemetry section below before enabling this feature. - prometheusOperator: false -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.0.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.3-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while the webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be a multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.3-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default, the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round-robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized, and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics in your config. - #telemetry { - # prometheus_retention_time = "30s", - # disable_hostname = true - #} - # Run Vault in "HA" mode. There are no storage requirements unless the audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics. - # If you are using Prometheus Operator you can enable a ServiceMonitor resource below. - # You may wish to enable unauthenticated metrics in the listener block above. - #telemetry { - # prometheus_retention_time = "30s", - # disable_hostname = true - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: - # allowPrivilegeEscalation: false - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: {} - securityContext: - pod: {} - container: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.2.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] -# Vault is able to collect and publish various runtime metrics. -# Enabling this feature requires setting adding `telemetry{}` stanza to -# the Vault configuration. There are a few examples included in the `config` sections above. -# -# For more information see: -# https://www.vaultproject.io/docs/configuration/telemetry -# https://www.vaultproject.io/docs/internals/telemetry -serverTelemetry: - # Enable support for the Prometheus Operator. Currently, this chart does not support - # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included - # in the `listener "tcp"{}` stanza - # telemetry { - # unauthenticated_metrics_access = "true" - # } - # - # See the `standalone.config` for a more complete example of this. - # - # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration: - # - # example: - # telemetry { - # prometheus_retention_time = "30s", - # disable_hostname = true - # } - # - # Configuration for monitoring the Vault server. - serviceMonitor: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - # - # Instructions on how to install the Helm chart can be found here: - # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - # More information can be found here: - # https://github.com/prometheus-operator/prometheus-operator - # https://github.com/prometheus-operator/kube-prometheus - - # Enable deployment of the Vault Server ServiceMonitor CustomResource. - enabled: false - # Selector labels to add to the ServiceMonitor. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Interval at which Prometheus scrapes metrics - interval: 30s - # Timeout for Prometheus scrapes - scrapeTimeout: 10s - prometheusRules: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - - # Deploy the PrometheusRule custom resource for AlertManager based alerts. - # Requires that AlertManager is properly deployed. - enabled: false - # Selector labels to add to the PrometheusRules. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Some example rules. - rules: {} - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 500ms on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 - # for: 5m - # labels: - # severity: warning - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 1s on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 - # for: 5m - # labels: - # severity: critical diff --git a/charts/partners/hashicorp/vault/0.24.0/src/.helmignore b/charts/partners/hashicorp/vault/0.24.0/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/hashicorp/vault/0.24.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.24.0/src/CHANGELOG.md deleted file mode 100644 index d1c2f32b19..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/CHANGELOG.md +++ /dev/null @@ -1,461 +0,0 @@ -## Unreleased - -## 0.24.0 (April 6, 2023) - -Changes: -* Earliest Kubernetes version tested is now 1.22 -* `vault` updated to 1.13.1 - -Features: -* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841) -* server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](https://github.com/hashicorp/vault-helm/pull/831) -* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852) -* csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](https://github.com/hashicorp/vault-helm/pull/749) - -## 0.23.0 (November 28th, 2022) - -Changes: -* `vault` updated to 1.12.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-k8s` updated to 1.1.0 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-csi-provider` updated to 1.2.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) - -Features: -* server: Add `extraLabels` for Vault server serviceAccount [GH-806](https://github.com/hashicorp/vault-helm/pull/806) -* server: Add `server.service.active.enabled` and `server.service.standby.enabled` options to selectively disable additional services [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.serviceAccount.serviceDiscovery.enabled` option to selectively disable a Vault service discovery role and role binding [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.service.instanceSelector.enabled` option to allow selecting pods outside the helm chart deployment [GH-813](https://github.com/hashicorp/vault-helm/pull/813) - -Bugs: -* server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810) - -## 0.22.1 (October 26th, 2022) - -Changes: -* `vault` updated to 1.12.0 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) -* `vault-k8s` updated to 1.0.1 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) - -## 0.22.0 (September 8th, 2022) - -Features: -* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772) - -Changes: -* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785) - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.24.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.24.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.24.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.24.0/src/Chart.yaml deleted file mode 100644 index fdb7552528..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - charts.openshift.io/name: HashiCorp Vault -apiVersion: v2 -appVersion: 1.13.1 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.22.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.24.0 diff --git a/charts/partners/hashicorp/vault/0.24.0/src/LICENSE b/charts/partners/hashicorp/vault/0.24.0/src/LICENSE deleted file mode 100644 index 74f38c0103..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/LICENSE +++ /dev/null @@ -1,355 +0,0 @@ -Copyright (c) 2018 HashiCorp, Inc. - -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.24.0/src/Makefile b/charts/partners/hashicorp/vault/0.24.0/src/Makefile deleted file mode 100644 index 5600220645..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.26.3 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats --tap --timing test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.24.0/src/README.md b/charts/partners/hashicorp/vault/0.24.0/src/README.md deleted file mode 100644 index 6e7014360f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.24.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.24.0/src/templates/_helpers.tpl deleted file mode 100644 index 4b6baf10e2..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,968 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources for CSI's Agent sidecar if the user has set any. -*/}} -{{- define "csi.agent.resources" -}} - {{- if .Values.csi.agent.resources -}} - resources: -{{ toYaml .Values.csi.agent.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-agent-configmap.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-agent-configmap.yaml deleted file mode 100644 index cb373f8337..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-agent-configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if and (.csiEnabled) (eq (.Values.csi.agent.enabled | toString) "true") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - config.hcl: | - vault { - {{- if .Values.global.externalVaultAddr }} - "address" = "{{ .Values.global.externalVaultAddr }}" - {{- else }} - "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}" - {{- end }} - } - - cache {} - - listener "unix" { - address = "/var/run/vault/agent.sock" - tls_disable = true - } -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index 6d979ea40c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5a9346885..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 0285a0cbb5..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,150 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - value: "unix:///var/run/vault/agent.sock" - {{- else if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-unix-socket - mountPath: /var/run/vault - {{- end }} - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: {{ include "vault.name" . }}-agent - image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}" - imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }} - {{ template "csi.agent.resources" . }} - command: - - vault - args: - - agent - - -config=/etc/vault/config.hcl - {{- if .Values.csi.agent.extraArgs }} - {{- toYaml .Values.csi.agent.extraArgs | nindent 12 }} - {{- end }} - ports: - - containerPort: 8200 - env: - - name: VAULT_LOG_LEVEL - value: "{{ .Values.csi.agent.logLevel }}" - - name: VAULT_LOG_FORMAT - value: "{{ .Values.csi.agent.logFormat }}" - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 100 - runAsGroup: 1000 - volumeMounts: - - name: agent-config - mountPath: /etc/vault/config.hcl - subPath: config.hcl - readOnly: true - - name: agent-unix-socket - mountPath: /var/run/vault - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12 }} - {{- end }} - {{- end }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-config - configMap: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - - name: agent-unix-socket - emptyDir: - medium: Memory - {{- end }} - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 25e123ee9f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 3e5ddb7b94..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index d5682dd76a..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 9253e4f0a8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-deployment.yaml deleted file mode 100644 index 7e0101a413..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,171 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.readinessProbe.timeoutSeconds }} - startupProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.startupProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.startupProbe.periodSeconds }} - successThreshold: {{ .Values.injector.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.startupProbe.timeoutSeconds }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index 6ae714bae8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index d03cd136d7..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 4c3b087828..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 65d8e9ba96..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 48a3a26a25..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp.yaml deleted file mode 100644 index 0eca9a87c6..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-role.yaml deleted file mode 100644 index df7b0ed747..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index 0848e43d81..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-service.yaml deleted file mode 100644 index 5b2069286b..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index 9b5c2f6ed1..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-prometheusrules.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-prometheusrules.yaml deleted file mode 100644 index 7e58a0e522..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-prometheusrules.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ if and (.Values.serverTelemetry.prometheusRules.rules) - (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) ) -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - groups: - - name: {{ include "vault.fullname" . }} - rules: - {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-servicemonitor.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-servicemonitor.yaml deleted file mode 100644 index 60f2729a0d..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/prometheus-servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if eq .mode "ha" }} - vault-active: "true" - {{- else }} - vault-internal: "true" - {{- end }} - endpoints: - - port: {{ include "vault.scheme" . }} - interval: {{ .Values.serverTelemetry.serviceMonitor.interval }} - scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }} - scheme: {{ include "vault.scheme" . | lower }} - path: /v1/sys/metrics - params: - format: - - prometheus - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index b694129b5f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index 5d29e98d66..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index adae42a2bb..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 853ee870c8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3ff11099bf..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 58d540fd5c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.active.enabled | toString) "true" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-active: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index b9f6435861..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.standby.enabled | toString) "true" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-headless-service.yaml deleted file mode 100644 index c4eca7af72..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-internal: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ingress.yaml deleted file mode 100644 index 3aba66885a..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - pathType: {{ $pathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 62d4ae1ac5..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-role.yaml deleted file mode 100644 index 0c8c983ea6..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index 9b975d5565..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp.yaml deleted file mode 100644 index 567e66245e..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-route.yaml deleted file mode 100644 index 3f35aefe28..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-route.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-service.yaml deleted file mode 100644 index 8e34c88c59..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index e154f8dc27..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.server.serviceAccount.extraLabels -}} - {{- toYaml .Values.server.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 7ab7de8e2f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.server.hostNetwork }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr | quote }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.extraPorts -}} - {{ toYaml .Values.server.extraPorts | nindent 12}} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: {{ .Values.server.readinessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: {{ .Values.server.livenessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 59b1501096..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.24.0/src/templates/ui-service.yaml deleted file mode 100644 index 4b2e8f7e40..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.24.0/src/values.openshift.yaml deleted file mode 100644 index da71dcfb91..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/values.openshift.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" diff --git a/charts/partners/hashicorp/vault/0.24.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.24.0/src/values.schema.json deleted file mode 100644 index 44980e169c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/values.schema.json +++ /dev/null @@ -1,1105 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "agent": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "resources": { - "type": "object" - } - } - }, - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraPorts": { - "type": [ - "null", - "array" - ] - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "active": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "instanceSelector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "standby": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "extraLabels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "serviceDiscovery": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - }, - "hostNetwork": { - "type": "boolean" - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.24.0/src/values.yaml b/charts/partners/hashicorp/vault/0.24.0/src/values.yaml deleted file mode 100644 index e9806555e8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.0/src/values.yaml +++ /dev/null @@ -1,1089 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# Available parameters and their default values for the Vault chart. - -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - serverTelemetry: - # Enable integration with the Prometheus Operator - # See the top level serverTelemetry section below before enabling this feature. - prometheusOperator: false -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Used to define custom livenessProbe settings - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom readinessProbe settings - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom startupProbe settings - startupProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 12 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while the webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be a multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # extraPorts is a list of extra ports. Specified as a YAML list. - # This is useful if you need to add additional ports to the statefulset in dynamic way. - extraPorts: null - # - containerPort: 8300 - # name: http-monitoring - - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # Port number on which readinessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # Port nuumber on which livenessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # Enable or disable the vault-active service, which selects Vault pods that - # have labelled themselves as the cluster leader with `vault-active: "true"` - active: - enabled: true - # Enable or disable the vault-standby service, which selects Vault pods that - # have labelled themselves as a cluster follower with `vault-active: "false"` - standby: - enabled: true - # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}` - # When disabled, services may select Vault pods not deployed from the chart. - # Does not affect the headless vault-internal service with `ClusterIP: None` - instanceSelector: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default, the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round-robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized, and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics in your config. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # Run Vault in "HA" mode. There are no storage requirements unless the audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics. - # If you are using Prometheus Operator you can enable a ServiceMonitor resource below. - # You may wish to enable unauthenticated metrics in the listener block above. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the serviceAccount - # This should be a YAML map of the labels to apply to the serviceAccount - extraLabels: {} - # Enable or disable a service account role binding with the permissions required for - # Vault's Kubernetes service_registration config option. - # See https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes - serviceDiscovery: - enabled: true - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: - # allowPrivilegeEscalation: false - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: {} - securityContext: - pod: {} - container: {} - # Should the server pods run on the host network - hostNetwork: false -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - agent: - enabled: true - extraArgs: [] - image: - repository: "hashicorp/vault" - tag: "1.13.1" - pullPolicy: IfNotPresent - logFormat: standard - logLevel: info - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] -# Vault is able to collect and publish various runtime metrics. -# Enabling this feature requires setting adding `telemetry{}` stanza to -# the Vault configuration. There are a few examples included in the `config` sections above. -# -# For more information see: -# https://www.vaultproject.io/docs/configuration/telemetry -# https://www.vaultproject.io/docs/internals/telemetry -serverTelemetry: - # Enable support for the Prometheus Operator. Currently, this chart does not support - # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included - # in the `listener "tcp"{}` stanza - # telemetry { - # unauthenticated_metrics_access = "true" - # } - # - # See the `standalone.config` for a more complete example of this. - # - # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration: - # - # example: - # telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - # } - # - # Configuration for monitoring the Vault server. - serviceMonitor: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - # - # Instructions on how to install the Helm chart can be found here: - # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - # More information can be found here: - # https://github.com/prometheus-operator/prometheus-operator - # https://github.com/prometheus-operator/kube-prometheus - - # Enable deployment of the Vault Server ServiceMonitor CustomResource. - enabled: false - # Selector labels to add to the ServiceMonitor. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Interval at which Prometheus scrapes metrics - interval: 30s - # Timeout for Prometheus scrapes - scrapeTimeout: 10s - prometheusRules: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - - # Deploy the PrometheusRule custom resource for AlertManager based alerts. - # Requires that AlertManager is properly deployed. - enabled: false - # Selector labels to add to the PrometheusRules. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Some example rules. - rules: {} - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 500ms on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 - # for: 5m - # labels: - # severity: warning - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 1s on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 - # for: 5m - # labels: - # severity: critical diff --git a/charts/partners/hashicorp/vault/0.24.1/src/.helmignore b/charts/partners/hashicorp/vault/0.24.1/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/hashicorp/vault/0.24.1/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.24.1/src/CHANGELOG.md deleted file mode 100644 index 741c5ab812..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/CHANGELOG.md +++ /dev/null @@ -1,468 +0,0 @@ -## Unreleased - -## 0.24.1 (April 17, 2023) - -Bugs: -* csi: Add RBAC required by v1.3.0 to create secret for HMAC key used to generate secret versions [GH-872](https://github.com/hashicorp/vault-helm/pull/872) - -## 0.24.0 (April 6, 2023) - -Changes: -* Earliest Kubernetes version tested is now 1.22 -* `vault` updated to 1.13.1 [GH-863](https://github.com/hashicorp/vault-helm/pull/863) -* `vault-k8s` updated to 1.2.1 [GH-868](https://github.com/hashicorp/vault-helm/pull/868) -* `vault-csi-provider` updated to 1.3.0 [GH-749](https://github.com/hashicorp/vault-helm/pull/749) - -Features: -* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841) -* server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](https://github.com/hashicorp/vault-helm/pull/831) -* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852) -* csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](https://github.com/hashicorp/vault-helm/pull/749) - -## 0.23.0 (November 28th, 2022) - -Changes: -* `vault` updated to 1.12.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-k8s` updated to 1.1.0 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-csi-provider` updated to 1.2.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) - -Features: -* server: Add `extraLabels` for Vault server serviceAccount [GH-806](https://github.com/hashicorp/vault-helm/pull/806) -* server: Add `server.service.active.enabled` and `server.service.standby.enabled` options to selectively disable additional services [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.serviceAccount.serviceDiscovery.enabled` option to selectively disable a Vault service discovery role and role binding [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.service.instanceSelector.enabled` option to allow selecting pods outside the helm chart deployment [GH-813](https://github.com/hashicorp/vault-helm/pull/813) - -Bugs: -* server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810) - -## 0.22.1 (October 26th, 2022) - -Changes: -* `vault` updated to 1.12.0 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) -* `vault-k8s` updated to 1.0.1 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) - -## 0.22.0 (September 8th, 2022) - -Features: -* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772) - -Changes: -* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785) - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.24.1/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.24.1/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.24.1/src/Chart.yaml b/charts/partners/hashicorp/vault/0.24.1/src/Chart.yaml deleted file mode 100644 index 8882245cbd..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - charts.openshift.io/name: HashiCorp Vault -apiVersion: v2 -appVersion: 1.13.1 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.22.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.24.1 diff --git a/charts/partners/hashicorp/vault/0.24.1/src/LICENSE b/charts/partners/hashicorp/vault/0.24.1/src/LICENSE deleted file mode 100644 index 74f38c0103..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/LICENSE +++ /dev/null @@ -1,355 +0,0 @@ -Copyright (c) 2018 HashiCorp, Inc. - -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.24.1/src/Makefile b/charts/partners/hashicorp/vault/0.24.1/src/Makefile deleted file mode 100644 index 5600220645..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.26.3 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats --tap --timing test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.24.1/src/README.md b/charts/partners/hashicorp/vault/0.24.1/src/README.md deleted file mode 100644 index 6e7014360f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.24.1/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.24.1/src/templates/_helpers.tpl deleted file mode 100644 index 4b6baf10e2..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,968 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources for CSI's Agent sidecar if the user has set any. -*/}} -{{- define "csi.agent.resources" -}} - {{- if .Values.csi.agent.resources -}} - resources: -{{ toYaml .Values.csi.agent.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-agent-configmap.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-agent-configmap.yaml deleted file mode 100644 index 7af08e8f9b..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-agent-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if and (.csiEnabled) (eq (.Values.csi.agent.enabled | toString) "true") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - config.hcl: | - vault { - {{- if .Values.global.externalVaultAddr }} - "address" = "{{ .Values.global.externalVaultAddr }}" - {{- else }} - "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}" - {{- end }} - } - - cache {} - - listener "unix" { - address = "/var/run/vault/agent.sock" - tls_disable = true - } -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrole.yaml deleted file mode 100644 index 6d979ea40c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5a9346885..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-daemonset.yaml deleted file mode 100644 index a32ef7c707..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,155 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.hmacSecretName }} - - --hmac-secret-name={{ .Values.csi.hmacSecretName }} - {{- else }} - - --hmac-secret-name={{- include "vault.name" . }}-csi-provider-hmac-key - {{- end }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - value: "unix:///var/run/vault/agent.sock" - {{- else if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-unix-socket - mountPath: /var/run/vault - {{- end }} - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: {{ include "vault.name" . }}-agent - image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}" - imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }} - {{ template "csi.agent.resources" . }} - command: - - vault - args: - - agent - - -config=/etc/vault/config.hcl - {{- if .Values.csi.agent.extraArgs }} - {{- toYaml .Values.csi.agent.extraArgs | nindent 12 }} - {{- end }} - ports: - - containerPort: 8200 - env: - - name: VAULT_LOG_LEVEL - value: "{{ .Values.csi.agent.logLevel }}" - - name: VAULT_LOG_FORMAT - value: "{{ .Values.csi.agent.logFormat }}" - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 100 - runAsGroup: 1000 - volumeMounts: - - name: agent-config - mountPath: /etc/vault/config.hcl - subPath: config.hcl - readOnly: true - - name: agent-unix-socket - mountPath: /var/run/vault - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12 }} - {{- end }} - {{- end }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-config - configMap: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - - name: agent-unix-socket - emptyDir: - medium: Memory - {{- end }} - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-role.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-role.yaml deleted file mode 100644 index dd23af6551..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - resourceNames: - {{- if .Values.csi.hmacSecretName }} - - {{ .Values.csi.hmacSecretName }} - {{- else }} - - {{ include "vault.name" . }}-csi-provider-hmac-key - {{- end }} -# 'create' permissions cannot be restricted by resource name: -# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-rolebinding.yaml deleted file mode 100644 index e61f2dc2de..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-rolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-csi-provider-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 25e123ee9f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 3e5ddb7b94..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrole.yaml deleted file mode 100644 index d5682dd76a..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 9253e4f0a8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-deployment.yaml deleted file mode 100644 index 7e0101a413..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,171 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.readinessProbe.timeoutSeconds }} - startupProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.startupProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.startupProbe.periodSeconds }} - successThreshold: {{ .Values.injector.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.startupProbe.timeoutSeconds }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index 6ae714bae8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index d03cd136d7..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-network-policy.yaml deleted file mode 100644 index 4c3b087828..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-role.yaml deleted file mode 100644 index 65d8e9ba96..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 48a3a26a25..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp.yaml deleted file mode 100644 index 0eca9a87c6..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-role.yaml deleted file mode 100644 index df7b0ed747..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-role.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-rolebinding.yaml deleted file mode 100644 index 0848e43d81..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-service.yaml deleted file mode 100644 index 5b2069286b..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index 9b5c2f6ed1..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-prometheusrules.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-prometheusrules.yaml deleted file mode 100644 index 7e58a0e522..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-prometheusrules.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ if and (.Values.serverTelemetry.prometheusRules.rules) - (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) ) -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - groups: - - name: {{ include "vault.fullname" . }} - rules: - {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-servicemonitor.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-servicemonitor.yaml deleted file mode 100644 index 60f2729a0d..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/prometheus-servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if eq .mode "ha" }} - vault-active: "true" - {{- else }} - vault-internal: "true" - {{- end }} - endpoints: - - port: {{ include "vault.scheme" . }} - interval: {{ .Values.serverTelemetry.serviceMonitor.interval }} - scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }} - scheme: {{ include "vault.scheme" . | lower }} - path: /v1/sys/metrics - params: - format: - - prometheus - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index b694129b5f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-config-configmap.yaml deleted file mode 100644 index 5d29e98d66..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-role.yaml deleted file mode 100644 index adae42a2bb..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 853ee870c8..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3ff11099bf..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 58d540fd5c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.active.enabled | toString) "true" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-active: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index b9f6435861..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.standby.enabled | toString) "true" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-headless-service.yaml deleted file mode 100644 index c4eca7af72..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-internal: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ingress.yaml deleted file mode 100644 index 3aba66885a..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-ingress.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - pathType: {{ $pathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-network-policy.yaml deleted file mode 100644 index 62d4ae1ac5..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-role.yaml deleted file mode 100644 index 0c8c983ea6..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index 9b975d5565..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp.yaml deleted file mode 100644 index 567e66245e..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-psp.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-route.yaml deleted file mode 100644 index 3f35aefe28..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-route.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-service.yaml deleted file mode 100644 index 8e34c88c59..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-serviceaccount.yaml deleted file mode 100644 index e154f8dc27..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.server.serviceAccount.extraLabels -}} - {{- toYaml .Values.server.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/server-statefulset.yaml deleted file mode 100644 index 7ab7de8e2f..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.server.hostNetwork }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr | quote }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.extraPorts -}} - {{ toYaml .Values.server.extraPorts | nindent 12}} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: {{ .Values.server.readinessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: {{ .Values.server.livenessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/tests/server-test.yaml deleted file mode 100644 index 59b1501096..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.24.1/src/templates/ui-service.yaml deleted file mode 100644 index 4b2e8f7e40..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/templates/ui-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.24.1/src/values.openshift.yaml deleted file mode 100644 index da71dcfb91..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/values.openshift.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" diff --git a/charts/partners/hashicorp/vault/0.24.1/src/values.schema.json b/charts/partners/hashicorp/vault/0.24.1/src/values.schema.json deleted file mode 100644 index 44980e169c..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/values.schema.json +++ /dev/null @@ -1,1105 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "agent": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "resources": { - "type": "object" - } - } - }, - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraPorts": { - "type": [ - "null", - "array" - ] - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "active": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "instanceSelector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "standby": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "extraLabels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "serviceDiscovery": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - }, - "hostNetwork": { - "type": "boolean" - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.24.1/src/values.yaml b/charts/partners/hashicorp/vault/0.24.1/src/values.yaml deleted file mode 100644 index 815e5d64e0..0000000000 --- a/charts/partners/hashicorp/vault/0.24.1/src/values.yaml +++ /dev/null @@ -1,1092 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# Available parameters and their default values for the Vault chart. - -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - serverTelemetry: - # Enable integration with the Prometheus Operator - # See the top level serverTelemetry section below before enabling this feature. - prometheusOperator: false -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Used to define custom livenessProbe settings - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom readinessProbe settings - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom startupProbe settings - startupProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 12 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while the webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be a multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # extraPorts is a list of extra ports. Specified as a YAML list. - # This is useful if you need to add additional ports to the statefulset in dynamic way. - extraPorts: null - # - containerPort: 8300 - # name: http-monitoring - - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # Port number on which readinessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # Port nuumber on which livenessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # Enable or disable the vault-active service, which selects Vault pods that - # have labelled themselves as the cluster leader with `vault-active: "true"` - active: - enabled: true - # Enable or disable the vault-standby service, which selects Vault pods that - # have labelled themselves as a cluster follower with `vault-active: "false"` - standby: - enabled: true - # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}` - # When disabled, services may select Vault pods not deployed from the chart. - # Does not affect the headless vault-internal service with `ClusterIP: None` - instanceSelector: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default, the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round-robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized, and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics in your config. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # Run Vault in "HA" mode. There are no storage requirements unless the audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics. - # If you are using Prometheus Operator you can enable a ServiceMonitor resource below. - # You may wish to enable unauthenticated metrics in the listener block above. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the serviceAccount - # This should be a YAML map of the labels to apply to the serviceAccount - extraLabels: {} - # Enable or disable a service account role binding with the permissions required for - # Vault's Kubernetes service_registration config option. - # See https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes - serviceDiscovery: - enabled: true - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: - # allowPrivilegeEscalation: false - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: {} - securityContext: - pod: {} - container: {} - # Should the server pods run on the host network - hostNetwork: false -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.3.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Override the default secret name for the CSI Provider's HMAC key used for - # generating secret versions. - hmacSecretName: "" - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - agent: - enabled: true - extraArgs: [] - image: - repository: "hashicorp/vault" - tag: "1.13.1" - pullPolicy: IfNotPresent - logFormat: standard - logLevel: info - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] -# Vault is able to collect and publish various runtime metrics. -# Enabling this feature requires setting adding `telemetry{}` stanza to -# the Vault configuration. There are a few examples included in the `config` sections above. -# -# For more information see: -# https://www.vaultproject.io/docs/configuration/telemetry -# https://www.vaultproject.io/docs/internals/telemetry -serverTelemetry: - # Enable support for the Prometheus Operator. Currently, this chart does not support - # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included - # in the `listener "tcp"{}` stanza - # telemetry { - # unauthenticated_metrics_access = "true" - # } - # - # See the `standalone.config` for a more complete example of this. - # - # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration: - # - # example: - # telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - # } - # - # Configuration for monitoring the Vault server. - serviceMonitor: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - # - # Instructions on how to install the Helm chart can be found here: - # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - # More information can be found here: - # https://github.com/prometheus-operator/prometheus-operator - # https://github.com/prometheus-operator/kube-prometheus - - # Enable deployment of the Vault Server ServiceMonitor CustomResource. - enabled: false - # Selector labels to add to the ServiceMonitor. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Interval at which Prometheus scrapes metrics - interval: 30s - # Timeout for Prometheus scrapes - scrapeTimeout: 10s - prometheusRules: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - - # Deploy the PrometheusRule custom resource for AlertManager based alerts. - # Requires that AlertManager is properly deployed. - enabled: false - # Selector labels to add to the PrometheusRules. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Some example rules. - rules: {} - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 500ms on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 - # for: 5m - # labels: - # severity: warning - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 1s on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 - # for: 5m - # labels: - # severity: critical diff --git a/charts/partners/hashicorp/vault/0.25.0/src/.helmignore b/charts/partners/hashicorp/vault/0.25.0/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/hashicorp/vault/0.25.0/src/CHANGELOG.md b/charts/partners/hashicorp/vault/0.25.0/src/CHANGELOG.md deleted file mode 100644 index f3c466f2c4..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/CHANGELOG.md +++ /dev/null @@ -1,484 +0,0 @@ -## Unreleased - -## 0.25.0 (June 26, 2023) - -Changes: -* Latest Kubernetes version tested is now 1.27 -* server: Headless service ignores `server.service.publishNotReadyAddresses` setting and always sets it as `true` [GH-902](https://github.com/hashicorp/vault-helm/pull/902) -* `vault` updated to 1.14.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916) -* `vault-csi-provider` updated to 1.4.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916) - -Improvements: -* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862) -* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798) -* Minimum kubernetes version for chart reverted to 1.20.0 to allow installation on clusters older than the oldest tested version [GH-916](https://github.com/hashicorp/vault-helm/pull/916) - -Bugs: -* server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886) - -## 0.24.1 (April 17, 2023) - -Bugs: -* csi: Add RBAC required by v1.3.0 to create secret for HMAC key used to generate secret versions [GH-872](https://github.com/hashicorp/vault-helm/pull/872) - -## 0.24.0 (April 6, 2023) - -Changes: -* Earliest Kubernetes version tested is now 1.22 -* `vault` updated to 1.13.1 [GH-863](https://github.com/hashicorp/vault-helm/pull/863) -* `vault-k8s` updated to 1.2.1 [GH-868](https://github.com/hashicorp/vault-helm/pull/868) -* `vault-csi-provider` updated to 1.3.0 [GH-749](https://github.com/hashicorp/vault-helm/pull/749) - -Features: -* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841) -* server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](https://github.com/hashicorp/vault-helm/pull/831) -* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852) -* csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](https://github.com/hashicorp/vault-helm/pull/749) - -## 0.23.0 (November 28th, 2022) - -Changes: -* `vault` updated to 1.12.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-k8s` updated to 1.1.0 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) -* `vault-csi-provider` updated to 1.2.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814) - -Features: -* server: Add `extraLabels` for Vault server serviceAccount [GH-806](https://github.com/hashicorp/vault-helm/pull/806) -* server: Add `server.service.active.enabled` and `server.service.standby.enabled` options to selectively disable additional services [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.serviceAccount.serviceDiscovery.enabled` option to selectively disable a Vault service discovery role and role binding [GH-811](https://github.com/hashicorp/vault-helm/pull/811) -* server: Add `server.service.instanceSelector.enabled` option to allow selecting pods outside the helm chart deployment [GH-813](https://github.com/hashicorp/vault-helm/pull/813) - -Bugs: -* server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810) - -## 0.22.1 (October 26th, 2022) - -Changes: -* `vault` updated to 1.12.0 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) -* `vault-k8s` updated to 1.0.1 [GH-803](https://github.com/hashicorp/vault-helm/pull/803) - -## 0.22.0 (September 8th, 2022) - -Features: -* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772) - -Changes: -* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784) -* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785) - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/hashicorp/vault/0.25.0/src/CODEOWNERS b/charts/partners/hashicorp/vault/0.25.0/src/CODEOWNERS deleted file mode 100644 index af6a3500f5..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @hashicorp/vault-ecosystem-foundations diff --git a/charts/partners/hashicorp/vault/0.25.0/src/CONTRIBUTING.md b/charts/partners/hashicorp/vault/0.25.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/hashicorp/vault/0.25.0/src/Chart.yaml b/charts/partners/hashicorp/vault/0.25.0/src/Chart.yaml deleted file mode 100644 index 1211b3564c..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - charts.openshift.io/name: HashiCorp Vault -apiVersion: v2 -appVersion: 1.14.0 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.20.0-0' -name: vault -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.25.0 diff --git a/charts/partners/hashicorp/vault/0.25.0/src/LICENSE b/charts/partners/hashicorp/vault/0.25.0/src/LICENSE deleted file mode 100644 index 74f38c0103..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/LICENSE +++ /dev/null @@ -1,355 +0,0 @@ -Copyright (c) 2018 HashiCorp, Inc. - -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/hashicorp/vault/0.25.0/src/Makefile b/charts/partners/hashicorp/vault/0.25.0/src/Makefile deleted file mode 100644 index 5600220645..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.26.3 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats --tap --timing test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/hashicorp/vault/0.25.0/src/README.md b/charts/partners/hashicorp/vault/0.25.0/src/README.md deleted file mode 100644 index 6e7014360f..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/NOTES.txt b/charts/partners/hashicorp/vault/0.25.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/_helpers.tpl b/charts/partners/hashicorp/vault/0.25.0/src/templates/_helpers.tpl deleted file mode 100644 index dafac3787b..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,996 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources for CSI's Agent sidecar if the user has set any. -*/}} -{{- define "csi.agent.resources" -}} - {{- if .Values.csi.agent.resources -}} - resources: -{{ toYaml .Values.csi.agent.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the CSI provider nodeSelector for pod placement -*/}} -{{- define "csi.pod.nodeselector" -}} - {{- if .Values.csi.pod.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.csi.pod.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} -{{/* -Sets the CSI provider affinity for pod placement. -*/}} -{{- define "csi.pod.affinity" -}} - {{- if .Values.csi.pod.affinity }} - affinity: - {{ $tp := typeOf .Values.csi.pod.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-agent-configmap.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-agent-configmap.yaml deleted file mode 100644 index 7af08e8f9b..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-agent-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if and (.csiEnabled) (eq (.Values.csi.agent.enabled | toString) "true") -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - config.hcl: | - vault { - {{- if .Values.global.externalVaultAddr }} - "address" = "{{ .Values.global.externalVaultAddr }}" - {{- else }} - "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}" - {{- end }} - } - - cache {} - - listener "unix" { - address = "/var/run/vault/agent.sock" - tls_disable = true - } -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrole.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index 6d979ea40c..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5a9346885..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-daemonset.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index 28e7cd0705..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - {{- template "csi.pod.nodeselector" . }} - {{- template "csi.pod.affinity" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.hmacSecretName }} - - --hmac-secret-name={{ .Values.csi.hmacSecretName }} - {{- else }} - - --hmac-secret-name={{- include "vault.name" . }}-csi-provider-hmac-key - {{- end }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - value: "unix:///var/run/vault/agent.sock" - {{- else if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-unix-socket - mountPath: /var/run/vault - {{- end }} - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: {{ include "vault.name" . }}-agent - image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}" - imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }} - {{ template "csi.agent.resources" . }} - command: - - vault - args: - - agent - - -config=/etc/vault/config.hcl - {{- if .Values.csi.agent.extraArgs }} - {{- toYaml .Values.csi.agent.extraArgs | nindent 12 }} - {{- end }} - ports: - - containerPort: 8200 - env: - - name: VAULT_LOG_LEVEL - value: "{{ .Values.csi.agent.logLevel }}" - - name: VAULT_LOG_FORMAT - value: "{{ .Values.csi.agent.logFormat }}" - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 100 - runAsGroup: 1000 - volumeMounts: - - name: agent-config - mountPath: /etc/vault/config.hcl - subPath: config.hcl - readOnly: true - - name: agent-unix-socket - mountPath: /var/run/vault - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12 }} - {{- end }} - {{- end }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - - name: agent-config - configMap: - name: {{ template "vault.fullname" . }}-csi-provider-agent-config - - name: agent-unix-socket - emptyDir: - medium: Memory - {{- end }} - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-role.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-role.yaml deleted file mode 100644 index dd23af6551..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-role - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - resourceNames: - {{- if .Values.csi.hmacSecretName }} - - {{ .Values.csi.hmacSecretName }} - {{- else }} - - {{ include "vault.name" . }}-csi-provider-hmac-key - {{- end }} -# 'create' permissions cannot be restricted by resource name: -# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-rolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-rolebinding.yaml deleted file mode 100644 index e61f2dc2de..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-rolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-csi-provider-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 25e123ee9f..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-certs-secret.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index 3e5ddb7b94..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrole.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index d5682dd76a..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 9253e4f0a8..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-deployment.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-deployment.yaml deleted file mode 100644 index fbf32c0939..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,179 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - {{- if .Values.injector.agentDefaults.ephemeralRequest }} - - name: AGENT_INJECT_EPHEMERAL_REQUEST - value: "{{ .Values.injector.agentDefaults.ephemeralRequest }}" - {{- end }} - {{- if .Values.injector.agentDefaults.ephemeralLimit }} - - name: AGENT_INJECT_EPHEMERAL_LIMIT - value: "{{ .Values.injector.agentDefaults.ephemeralLimit }}" - {{- end }} - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.injector.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.readinessProbe.timeoutSeconds }} - startupProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: {{ .Values.injector.startupProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.injector.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.injector.startupProbe.periodSeconds }} - successThreshold: {{ .Values.injector.startupProbe.successThreshold }} - timeoutSeconds: {{ .Values.injector.startupProbe.timeoutSeconds }} -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index 6ae714bae8..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index d03cd136d7..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-network-policy.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 4c3b087828..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-role.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 65d8e9ba96..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 48a3a26a25..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp.yaml deleted file mode 100644 index 0eca9a87c6..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-role.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-role.yaml deleted file mode 100644 index df7b0ed747..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-rolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index 0848e43d81..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-service.yaml deleted file mode 100644 index 5b2069286b..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index 9b5c2f6ed1..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-prometheusrules.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-prometheusrules.yaml deleted file mode 100644 index 7e58a0e522..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-prometheusrules.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ if and (.Values.serverTelemetry.prometheusRules.rules) - (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) ) -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - groups: - - name: {{ include "vault.fullname" . }} - rules: - {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-servicemonitor.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-servicemonitor.yaml deleted file mode 100644 index 60f2729a0d..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/prometheus-servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}} - {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }} - {{- if $selectors }} - {{- toYaml $selectors | nindent 4 }} - {{- else }} - release: prometheus - {{- end }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if eq .mode "ha" }} - vault-active: "true" - {{- else }} - vault-internal: "true" - {{- end }} - endpoints: - - port: {{ include "vault.scheme" . }} - interval: {{ .Values.serverTelemetry.serviceMonitor.interval }} - scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }} - scheme: {{ include "vault.scheme" . | lower }} - path: /v1/sys/metrics - params: - format: - - prometheus - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index b694129b5f..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-config-configmap.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index 5d29e98d66..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-role.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index adae42a2bb..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 853ee870c8..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-disruptionbudget.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index 3ff11099bf..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-active-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index 58d540fd5c..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.active.enabled | toString) "true" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-active: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-standby-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index b9f6435861..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -{{- if eq (.Values.server.service.standby.enabled | toString) "true" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-headless-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-headless-service.yaml deleted file mode 100644 index 42e1aa0004..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - vault-internal: "true" - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ingress.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ingress.yaml deleted file mode 100644 index 3aba66885a..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - pathType: {{ $pathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-network-policy.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 62d4ae1ac5..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-role.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-role.yaml deleted file mode 100644 index 0c8c983ea6..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index 9b975d5565..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp.yaml deleted file mode 100644 index 567e66245e..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-route.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-route.yaml deleted file mode 100644 index 3f35aefe28..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-route.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-service.yaml deleted file mode 100644 index 8e34c88c59..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- end }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-serviceaccount.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index e154f8dc27..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.server.serviceAccount.extraLabels -}} - {{- toYaml .Values.server.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-statefulset.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/server-statefulset.yaml deleted file mode 100644 index 7ab7de8e2f..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.server.hostNetwork }} - {{- end }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr | quote }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.extraPorts -}} - {{ toYaml .Values.server.extraPorts | nindent 12}} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: {{ .Values.server.readinessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: {{ .Values.server.livenessProbe.port }} - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/tests/server-test.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 59b1501096..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/templates/ui-service.yaml b/charts/partners/hashicorp/vault/0.25.0/src/templates/ui-service.yaml deleted file mode 100644 index 4b2e8f7e40..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -Copyright (c) HashiCorp, Inc. -SPDX-License-Identifier: MPL-2.0 -*/}} - -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/values.openshift.yaml b/charts/partners/hashicorp/vault/0.25.0/src/values.openshift.yaml deleted file mode 100644 index 6e575e4d4f..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/values.openshift.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" diff --git a/charts/partners/hashicorp/vault/0.25.0/src/values.schema.json b/charts/partners/hashicorp/vault/0.25.0/src/values.schema.json deleted file mode 100644 index ecb97dece3..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/values.schema.json +++ /dev/null @@ -1,1144 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "agent": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "resources": { - "type": "object" - } - } - }, - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "null", - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "ephemeralLimit": { - "type": "string" - }, - "ephemeralRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraPorts": { - "type": [ - "null", - "array" - ] - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "active": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "instanceSelector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "standby": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "extraLabels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "serviceDiscovery": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - }, - "hostNetwork": { - "type": "boolean" - } - } - }, - "serverTelemetry": { - "type": "object", - "properties": { - "prometheusRules": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "rules": { - "type": "array" - }, - "selectors": { - "type": "object" - } - } - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/hashicorp/vault/0.25.0/src/values.yaml b/charts/partners/hashicorp/vault/0.25.0/src/values.yaml deleted file mode 100644 index 3756ed970e..0000000000 --- a/charts/partners/hashicorp/vault/0.25.0/src/values.yaml +++ /dev/null @@ -1,1106 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# Available parameters and their default values for the Vault chart. - -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - serverTelemetry: - # Enable integration with the Prometheus Operator - # See the top level serverTelemetry section below before enabling this feature. - prometheusOperator: false -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # ephemeralLimit: "128Mi" - # ephemeralRequest: "64Mi" - - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Used to define custom livenessProbe settings - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom readinessProbe settings - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 2 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Used to define custom startupProbe settings - startupProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 12 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 5 - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while the webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be a multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # extraPorts is a list of extra ports. Specified as a YAML list. - # This is useful if you need to add additional ports to the statefulset in dynamic way. - extraPorts: null - # - containerPort: 8300 - # name: http-monitoring - - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # Port number on which readinessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # Port number on which livenessProbe will be checked. - port: 8200 - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # Enable or disable the vault-active service, which selects Vault pods that - # have labelled themselves as the cluster leader with `vault-active: "true"` - active: - enabled: true - # Enable or disable the vault-standby service, which selects Vault pods that - # have labelled themselves as a cluster follower with `vault-active: "false"` - standby: - enabled: true - # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}` - # When disabled, services may select Vault pods not deployed from the chart. - # Does not affect the headless vault-internal service with `ClusterIP: None` - instanceSelector: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default, the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round-robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready before including them in the services' - # targets. Does not apply to the headless service, which is used for - # cluster-internal communication. - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized, and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics in your config. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # Run Vault in "HA" mode. There are no storage requirements unless the audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - # Enable unauthenticated metrics access (necessary for Prometheus Operator) - #telemetry { - # unauthenticated_metrics_access = "true" - #} - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - - # Example configuration for enabling Prometheus metrics. - # If you are using Prometheus Operator you can enable a ServiceMonitor resource below. - # You may wish to enable unauthenticated metrics in the listener block above. - #telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the serviceAccount - # This should be a YAML map of the labels to apply to the serviceAccount - extraLabels: {} - # Enable or disable a service account role binding with the permissions required for - # Vault's Kubernetes service_registration config option. - # See https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes - serviceDiscovery: - enabled: true - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: - # allowPrivilegeEscalation: false - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: {} - securityContext: - pod: {} - container: {} - # Should the server pods run on the host network - hostNetwork: false -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.4.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Override the default secret name for the CSI Provider's HMAC key used for - # generating secret versions. - hmacSecretName: "" - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Affinity Settings - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: {} - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - agent: - enabled: true - extraArgs: [] - image: - repository: "hashicorp/vault" - tag: "1.14.0" - pullPolicy: IfNotPresent - logFormat: standard - logLevel: info - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] -# Vault is able to collect and publish various runtime metrics. -# Enabling this feature requires setting adding `telemetry{}` stanza to -# the Vault configuration. There are a few examples included in the `config` sections above. -# -# For more information see: -# https://www.vaultproject.io/docs/configuration/telemetry -# https://www.vaultproject.io/docs/internals/telemetry -serverTelemetry: - # Enable support for the Prometheus Operator. Currently, this chart does not support - # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included - # in the `listener "tcp"{}` stanza - # telemetry { - # unauthenticated_metrics_access = "true" - # } - # - # See the `standalone.config` for a more complete example of this. - # - # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration: - # - # example: - # telemetry { - # prometheus_retention_time = "30s" - # disable_hostname = true - # } - # - # Configuration for monitoring the Vault server. - serviceMonitor: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - # - # Instructions on how to install the Helm chart can be found here: - # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - # More information can be found here: - # https://github.com/prometheus-operator/prometheus-operator - # https://github.com/prometheus-operator/kube-prometheus - - # Enable deployment of the Vault Server ServiceMonitor CustomResource. - enabled: false - # Selector labels to add to the ServiceMonitor. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Interval at which Prometheus scrapes metrics - interval: 30s - # Timeout for Prometheus scrapes - scrapeTimeout: 10s - prometheusRules: - # The Prometheus operator *must* be installed before enabling this feature, - # if not the chart will fail to install due to missing CustomResourceDefinitions - # provided by the operator. - - # Deploy the PrometheusRule custom resource for AlertManager based alerts. - # Requires that AlertManager is properly deployed. - enabled: false - # Selector labels to add to the PrometheusRules. - # When empty, defaults to: - # release: prometheus - selectors: {} - # Some example rules. - rules: [] - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 500ms on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500 - # for: 5m - # labels: - # severity: warning - # - alert: vault-HighResponseTime - # annotations: - # message: The response time of Vault is over 1s on average over the last 5 minutes. - # expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000 - # for: 5m - # labels: - # severity: critical diff --git a/charts/partners/hashicorp/vault/OWNERS b/charts/partners/hashicorp/vault/OWNERS deleted file mode 100644 index 0cd0a167da..0000000000 --- a/charts/partners/hashicorp/vault/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -chart: - name: vault - shortDescription: The official HashiCorp Helm chart for installing and configuring - Vault on OpenShift. -publicPgpKey: null -users: -- githubUsername: tvoran -- githubUsername: jasonodonnell -- githubUsername: tomhjp -- githubUsername: calvn -- githubUsername: swenson -vendor: - label: hashicorp - name: HashiCorp diff --git a/charts/partners/hcl/hcl-helm-oc/OWNERS b/charts/partners/hcl/hcl-helm-oc/OWNERS deleted file mode 100644 index cce45b77b5..0000000000 --- a/charts/partners/hcl/hcl-helm-oc/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: hcl-helm-oc - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: pulkitkumar0 -vendor: - label: hcl - name: HCL America Inc diff --git a/charts/partners/hcl/hcl-launch-server-prod/OWNERS b/charts/partners/hcl/hcl-launch-server-prod/OWNERS deleted file mode 100644 index d2e2aff787..0000000000 --- a/charts/partners/hcl/hcl-launch-server-prod/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: hcl-launch-server-prod - shortDescription: HCL Launch Helm Chart Repository -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: james.carmichael@hcl.com -vendor: - label: hcl - name: HCL America Inc diff --git a/charts/partners/hcl/oc-helm-devops-app/OWNERS b/charts/partners/hcl/oc-helm-devops-app/OWNERS deleted file mode 100644 index 4478e4d284..0000000000 --- a/charts/partners/hcl/oc-helm-devops-app/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: oc-helm-devops-app - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: hcl - name: HCL America Inc diff --git a/charts/partners/hclsoftware/sofy-dx/OWNERS b/charts/partners/hclsoftware/sofy-dx/OWNERS deleted file mode 100644 index 6cae14ad27..0000000000 --- a/charts/partners/hclsoftware/sofy-dx/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: sofy-dx - shortDescription: HCL Digital Experience helm repository -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ravish.rana@hcl.com -vendor: - label: hclsoftware - name: HCL America Inc diff --git a/charts/partners/hclsoftware/sofy-hcl-commerce/OWNERS b/charts/partners/hclsoftware/sofy-hcl-commerce/OWNERS deleted file mode 100644 index 61c6e49251..0000000000 --- a/charts/partners/hclsoftware/sofy-hcl-commerce/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: sofy-hcl-commerce - shortDescription: HCL commerce helm repository -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ravishranahcl -vendor: - label: hclsoftware - name: HCL America Inc diff --git a/charts/partners/hclsoftware/sofy-unica-campaign/OWNERS b/charts/partners/hclsoftware/sofy-unica-campaign/OWNERS deleted file mode 100644 index 5f79ba9c55..0000000000 --- a/charts/partners/hclsoftware/sofy-unica-campaign/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: sofy-unica-campaign - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: hclsoftware - name: HCL America Inc diff --git a/charts/partners/hms-bot/hms-chat-bot/OWNERS b/charts/partners/hms-bot/hms-chat-bot/OWNERS deleted file mode 100644 index d5372b90b4..0000000000 --- a/charts/partners/hms-bot/hms-chat-bot/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: hms-chat-bot - shortDescription: he hSenid smart chatbot empowers businesses to improve their customer - experience and engagement by utlizing the AI & ML -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: kavishan-thathsara -vendor: - label: hms-bot - name: Hsenid Mobile Solutions (Singapore) Pte. Ltd. diff --git a/charts/partners/hms/hms-chat-bot/OWNERS b/charts/partners/hms/hms-chat-bot/OWNERS deleted file mode 100644 index 472f256cb0..0000000000 --- a/charts/partners/hms/hms-chat-bot/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: hms-chat-bot - shortDescription: he hSenid smart chatbot empowers businesses to improve their customer - experience and engagement by utlizing the AI & ML -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: kavishan-thathsara -vendor: - label: hms - name: Hsenid Mobile Solutions (Singapore) Pte. Ltd. diff --git a/charts/partners/hrivero-test/hrivero-helm-chart/OWNERS b/charts/partners/hrivero-test/hrivero-helm-chart/OWNERS deleted file mode 100644 index 35a51eec37..0000000000 --- a/charts/partners/hrivero-test/hrivero-helm-chart/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: hrivero-helm-chart - shortDescription: This is a test repo -publicPgpKey: null -users: -- githubUsername: rhrivero -- githubUsername: mmulholla -- githubUsername: baijum -- githubUsername: dperaza4dustbit -vendor: - label: hrivero-test - name: Hugo Rivero Test diff --git a/charts/partners/i2i-5gcore/i2i5bcorehelm2/OWNERS b/charts/partners/i2i-5gcore/i2i5bcorehelm2/OWNERS deleted file mode 100644 index f72b231a96..0000000000 --- a/charts/partners/i2i-5gcore/i2i5bcorehelm2/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: i2i5bcorehelm2 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: i2i-5gcore - name: i2i Systems diff --git a/charts/partners/i2i-5gcore/i2i5gcorehelm/OWNERS b/charts/partners/i2i-5gcore/i2i5gcorehelm/OWNERS deleted file mode 100644 index 27cd0eabb4..0000000000 --- a/charts/partners/i2i-5gcore/i2i5gcorehelm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: i2i5gcorehelm - shortDescription: Github i2i 5G Core Repository -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ozlem.demir.tr@gmail.com -vendor: - label: i2i-5gcore - name: i2i Systems diff --git a/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz b/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz deleted file mode 100644 index 4521395040..0000000000 Binary files a/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz and /dev/null differ diff --git a/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz.prov b/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz.prov deleted file mode 100644 index 8e13d0dbfd..0000000000 --- a/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz.prov +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -annotations: - charts.openshift.io/name: i2i-5G-Core -apiVersion: v2 -appVersion: 1.0.0 -description: A Helm chart for Kubernetes -icon: https://i2i-systems.com/wp-content/uploads/2020/02/i2i_logo.png -kubeVersion: v1.25.x -name: i2i5gcorehelm -type: application -version: 1.0.0 - -... -files: - i2i5gcorehelm-1.0.0.tgz: sha256:93843f71ea216b1fc829839574485b25ecc39e537b9a24185ba71f269668ab89 ------BEGIN PGP SIGNATURE----- - -wsBcBAEBCgAQBQJkekFuCRCJfKOqRTwZSgAAuRkIACS+n75tz4ShaEB111ywU+cY -0ofTuK9eq4YxfFe4rHnKMgUoL5tDHuUhtgbM36wr+gCNt2bdR+HmQArgHFTJSDf4 -u/B04SmOZEjxskeGOh912cW2VLPtMNcX9/gZH9gDUYGcnCMQOA/FCrfje3Wg/tEs -GABzlXAkuJaC/1b5lc0oC6MagpiygvCj2m5dILn2cIZOSVkGQdq1cfH0ep7J+NtA -FhJ54YWm4AfBZKgxP11wvc7A+LXA5QI8hsFUMJUL0kOmJerTpBjS5s9xkZS4NK24 -aJAreIK0RGfFz0n+9h8KmnfeDIb9DfdW0xirIKb0Qg/hPGdlU+qTt3jJVe7DIc8= -=uknv ------END PGP SIGNATURE----- \ No newline at end of file diff --git a/charts/partners/i2i/i2i5gcorehelm/1.0.0/report.yaml b/charts/partners/i2i/i2i5gcorehelm/1.0.0/report.yaml deleted file mode 100644 index 6367e85344..0000000000 --- a/charts/partners/i2i/i2i5gcorehelm/1.0.0/report.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:9028740865610745098 - chart-uri: /charts/charts/partners/i2i/i2i5gcorehelm/1.0.0/i2i5gcorehelm-1.0.0.tgz - digests: - chart: sha256:e189b295ee18215a63d967e51320316c819a9e59cc0541df4a0eddb917034000 - package: f718cbb4d15b9fc5bcda42ddc8c457c4617e7d9c01000224907eba4018bb77b7 - publicKey: d6a5496f8b9e3ecff01efb43420f128b4d9239e8633b6686865fd16a6223c678 - lastCertifiedTimestamp: "2023-06-02T18:24:33.677172+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: "4.12" - webCatalogOnly: false - chart: - name: i2i5gcorehelm - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://i2i-systems.com/wp-content/uploads/2020/02/i2i_logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/name: i2i-5G-Core - kubeversion: v1.25.x - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/i2i/nrf-app-ubi9@sha256:a1a8bed55970bf45960514ccf73b0af97a31d9f4fe55efc6edc2abb88cfee581 - Image is Red Hat certified : quay.io/i2i/nssf-app-ubi9@sha256:51559b3c4abf1fc3a409bc2208863a8e593188592b93016400aea0d1ef76e8e3 - Image is Red Hat certified : quay.io/i2i/smf-app-ubi9@sha256:8c0838303e74632a864020aea09bc6b43dd5aac57027d038e06afc722ae1070a - Image is Red Hat certified : quay.io/i2i/udm-app-ubi9@sha256:76c4e7a77b68a2355282b405922f49420198c58a7897442ac73535f003820bb7 - Image is Red Hat certified : quay.io/i2i/upf-app-ubi8@sha256:d9dbb83e0fe6a532e5cdb2ced151b9fd088fef8fdf4b46b5e50efe4c6ac0753b - Image is Red Hat certified : quay.io/i2i/ausf-app-ubi9@sha256:a1c83f8037c8faeba63e37c090cf66e19e447ef66c900f2d752e51fcfd5f9a81 - Image is Red Hat certified : quay.io/i2i/pcf-app-ubi9@sha256:da9c7cea3163472bb54067e0cfa6c51cfa003a05d0c39558f9c0e56a4acef717 - Image is Red Hat certified : quay.io/i2i/udr-app-ubi9@sha256:9f1bcc5bbf499ec5c09f9cce0bae47cf6262aca405cba18417862b7dc7df819a - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi - Image is Red Hat certified : quay.io/i2i/amf-app-ubi9@sha256:726b6bf6f126c68c72b3d244ae587b6923504ea4195465049fb23d1515140a80 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/signature-is-valid - type: Mandatory - outcome: PASS - reason: 'Chart is signed : Signature verification passed' - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist diff --git a/charts/partners/i2i/i2i5gcorehelm/OWNERS b/charts/partners/i2i/i2i5gcorehelm/OWNERS deleted file mode 100644 index f28d1ae078..0000000000 --- a/charts/partners/i2i/i2i5gcorehelm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: i2i5gcorehelm - shortDescription: Github i2i 5G Core Repository -providerDelivery: false -publicPgpKey: LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUVOQkdSM0lsd0JDQURKMFhqalpPQjEwemcvWGNkRVZ0TFZNM3oxWlNCSDRHVlhlcFJvZkpUOStYdGFlM3ByCnFqdHNpOEJlRDJRVCswdHFTZ0tyRTNJa3p6RWcvdUYyZ0JIVzF5aFVkSVE0Ukd2L0FXanViK2RhNEdpa0JzamUKYjlQa2dpNkc0Z1B3QlE4WjlwSHYzS2lGeFhLTEF2U1N3QVRaWEh0NGxpYWwvNjdhZWN4S1NGeDhqTkw0Mlh0dwo3R0IyeG1pM2hUMXNUS2VUOVpSaEhlME1MVExxWjR3YjJLNW1LMjNBWFk5L1Q4WlZKWk1GWWd5NGxNQWtuSERFCmEvanlkSDJvbWxUMkVzalc1UmZ4dExwVE5zdUNhS1YxbFk4dlV1endTWXZrVVZsTTVZVlpnUi95QWJuRGZHb3MKWno1a1ZKT2I5UjIwcS8rd0ovL3N4OThrUFA4Wno4aVVEaWxiQUJFQkFBRzBDV2t5YVRWblkyOXlaWWtCVkFRVApBUWdBUGhZaEJERW1KeE9SdVQzY2N6STlkb2w4bzZwRlBCbEtCUUprZHlKY0Foc0RCUWtEd21jQUJRc0pDQWNDCkJoVUtDUWdMQWdRV0FnTUJBaDRCQWhlQUFBb0pFSWw4bzZwRlBCbEtKdm9IL1JjYWtIZXIrejFHVjIzMVBqWHYKeUk3aE1JSEcybW5iUzgvRnlPZFhlc3lYN3NFUW9ZRUVCOEx2WkdJSG5HYVJSQ0tBU0R1dk1nTzFQWkw0S2tTagozVU5Oc3RVSUtEODdTZlA0RWMrZFl2VmdoN2txWmttdmV3d2Y2VW94SjZRRTd4aituWFJVcEZTSUV1cFJSUy9QClM4Zko4USs2N1o3Y0hUNHpMN2ttWnAwUS9oVEVFVjZRbXlCbGlkL2pram9YejZGTEYySnB5bktrRm5uTWFYamIKTWsweFRMVWF1TVBSZXJoMTdON1ZlZlJzblJzV2JuZjZvdnl2T21hZi9HVm5YdUpOYUJyLzBwbGZ2S1p4akhPKwpxZE5SaXczZXkrS2lObzdwK1p1OEUxME1zZEVPa1pDOTVwUkQrZXdiS29nSE9yc3VvR2lkR2p3MWYvK1UyVERJCitSTzVBUTBFWkhjaVhBRUlBTzI5Tm5rd2FtZTM4NjBTV1FBd1FXcjRGVkZNOWNtd2srSDdra1VCM0NrQ3NTem8KcjdGcXdNbWt0ekVlVTlSREhHdVJtcVg3VnhEN00xRlhaQ0VwRzg5ajRYZll1eXRwZWhiYncyTXlNZURVQ1hiNgpjSTV2WGJHMlhxaWhJWnhFOG1SMEgyM0VuVFQwUHBIcEZ4RkJycGJCSTVJaHBJNVJHM2FiYUJTVXA2enRXV1JKCnVuNWUwdmRpZks0VEhLcDEyRHhsSGlSM1JpdjN4N1Qzakkvd0xYVDNMZnBrcHhzMDVhYkEzdEw4YWV6MHpoM28KT281b1p2SnBFY2ZmbTJrdlZtcU9VcmxCWDE1QXZ3TWJaK3NvWmtvV0p6OWVrbVptempwUjVvYytTQXZPTlUrNgpzdkZhUlloeFJaSW95NFV2MFRxdHBGM3ZTd2lpSFhWZnRsUVpHWVVBRVFFQUFZa0JQQVFZQVFnQUpoWWhCREVtCkp4T1J1VDNjY3pJOWRvbDhvNnBGUEJsS0JRSmtkeUpjQWhzTUJRa0R3bWNBQUFvSkVJbDhvNnBGUEJsS2xLWUgKLzNtb0I0Q0xPa1djQUFnVzQvWE0vVy9OdXI1ZlcxWkFSNXpNTFlFRzRpcDZ5MTFERFZvWXBRcm5zcVd3V2krbQp3Sk85RG02aWpPSm9qL0tFaEg0VnA0eWJWNHVaM0xkZVV5bXVUVnh6Z0NmQ3pRTkhlMFArWjlIb0VGQUJMdzZICjNPcG16bFVzcFlaMC9neU43S1lCQ3IvcXlqNG9xNytnMUIzQ1JDQ0FpUTV2SW9MSnhPWDIzdGZiTE5IVGdEU0kKdFptZ0dFSm1WZkJsQWREMW9DeDM0cWZuOGkzOFhPTFRVTWUza0VDV2wrMTlaSnc0WnlSazBpTWlGY1VMOWJTTgpGd1E4VkdtLzZmUnF6bTBCb2JDS3plcmszRnBZZHM5MmR6NG9jTzNTMEpQald6RFVPa29RUk83QVJlZWdhK1hpCnVIWVA3S1Q0SG5lcGY2MVQ4alhzR1RrPQo9Um1lSwotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg== -users: -- githubUsername: hasankose86 -vendor: - label: i2i - name: i2i Systems diff --git a/charts/partners/ibm-edge/demo-helm/OWNERS b/charts/partners/ibm-edge/demo-helm/OWNERS deleted file mode 100644 index e900bf1055..0000000000 --- a/charts/partners/ibm-edge/demo-helm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demo-helm - shortDescription: test -publicPgpKey: null -users: -- githubUsername: rhm-samples -- githubUsername: demo123 -vendor: - label: ibm-edge - name: Edge Redhat Partner Enablement diff --git a/charts/partners/ibm-edge/external-chart/OWNERS b/charts/partners/ibm-edge/external-chart/OWNERS deleted file mode 100644 index e2d3b3bc66..0000000000 --- a/charts/partners/ibm-edge/external-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: external-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: ibm-edge - name: Edge Redhat Partner Enablement diff --git a/charts/partners/ibm-edge/nodered-chart/0.0.1/report.yaml b/charts/partners/ibm-edge/nodered-chart/0.0.1/report.yaml deleted file mode 100644 index 051fbfd54c..0000000000 --- a/charts/partners/ibm-edge/nodered-chart/0.0.1/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/rhm-samples/edge-helm-charts/blob/master/nodered-chart-0.0.1.tgz?raw=true - digests: - chart: sha256:b652b9b97a00c12c2998c690d54b2b974a84093dd3b21d1dfe35fb72eca4c583 - package: 8bc2576c5c07648ea377e68cbc5151e3c7799d1563256ebe571772e86e3e3746 - lastCertifiedTimestamp: "2022-01-11T11:53:30.78766+00:00" - testedOpenShiftVersion: "4.7" - supportedOpenShiftVersions: '>=4.5' - chart: - name: nodered-chart - home: "" - sources: [] - version: 0.0.1 - description: A Helm chart for NodeRed. - keywords: [] - maintainers: [] - icon: https://raw.githubusercontent.com/rhm-samples/node-red-operator/node-red-logo/_images/nodered-logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Node Red Chart - charts.openshift.io/provider: IBM-Edge - charts.openshift.io/supportURL: https://github.com/rhm-samples/node-red-operator/issues - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/ibm-edge/node-red:v0.0.3' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified \ No newline at end of file diff --git a/charts/partners/ibm-edge/nodered-chart/0.0.2/report.yaml b/charts/partners/ibm-edge/nodered-chart/0.0.2/report.yaml deleted file mode 100644 index 6727593958..0000000000 --- a/charts/partners/ibm-edge/nodered-chart/0.0.2/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: "https://github.com/rhm-samples/edge-helm-charts/blob/master/nodered-chart-0.0.2.tgz" - digests: - chart: sha256:c37f3a107d1de21e42f59438fbb7418c3dcc16b9c9145b919a5b2b093d473f7f - package: 8289ac839da0ed0f3eee76c4543c9a3612d74bd58193bb87bd761f98915fafea - lastCertifiedTimestamp: "2022-01-12T07:08:08.731538+00:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.5' - chart: - name: nodered-chart - home: "" - sources: [] - version: 0.0.2 - description: A Helm chart for NodeRed. - keywords: [] - maintainers: [] - icon: https://raw.githubusercontent.com/rhm-samples/node-red-operator/node-red-logo/_images/nodered-logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Node Red Chart - charts.openshift.io/provider: IBM-Edge - charts.openshift.io/supportURL: https://github.com/rhm-samples/node-red-operator/issues - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/ibm-edge/node-red:v0.0.3' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified \ No newline at end of file diff --git a/charts/partners/ibm-edge/nodered-chart/0.0.3/report.yaml b/charts/partners/ibm-edge/nodered-chart/0.0.3/report.yaml deleted file mode 100644 index a1f57539fb..0000000000 --- a/charts/partners/ibm-edge/nodered-chart/0.0.3/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/rhm-samples/edge-helm-charts/blob/master/nodered-chart-0.0.3.tgz?raw=true - digests: - chart: sha256:46714455003028a6026b8f12f7bd4dbef30f06a38a79a58f3576fa5a13fa087b - package: f29558295f24ea49f87523a230b67b941180ba95775e6ea4533bcd8c2b5b40c5 - lastCertifiedTimestamp: "2022-01-14T13:27:34.56394+00:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.5' - chart: - name: nodered-chart - home: "" - sources: [] - version: 0.0.3 - description: A Helm chart for NodeRed. - keywords: [] - maintainers: [] - icon: https://raw.githubusercontent.com/rhm-samples/node-red-operator/node-red-logo/_images/nodered-logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Node Red Chart - charts.openshift.io/provider: IBM-Edge - charts.openshift.io/supportURL: https://github.com/rhm-samples/node-red-operator/issues - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/ibm-edge/node-red:v0.0.3' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs \ No newline at end of file diff --git a/charts/partners/ibm-edge/nodered-chart/OWNERS b/charts/partners/ibm-edge/nodered-chart/OWNERS deleted file mode 100644 index d77d422530..0000000000 --- a/charts/partners/ibm-edge/nodered-chart/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: nodered-chart - shortDescription: Node-RED is a flow-based programming tool. -publicPgpKey: null -users: -- githubUsername: rhm-samples -- githubUsername: prajyotnarulkar25 -- githubUsername: isha-sangrolkar -- githubUsername: prajyotNarulkar925 -vendor: - label: ibm-edge - name: Edge Redhat Partner Enablement diff --git a/charts/partners/ibm/ibm-b2bi-prod/OWNERS b/charts/partners/ibm/ibm-b2bi-prod/OWNERS deleted file mode 100644 index 84e92aad33..0000000000 --- a/charts/partners/ibm/ibm-b2bi-prod/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ibm-b2bi-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: nikeshmi -- githubUsername: imdad000 -vendor: - label: ibm - name: IBM Japan, Ltd. diff --git a/charts/partners/ibm/ibm-connect-direct/OWNERS b/charts/partners/ibm/ibm-connect-direct/OWNERS deleted file mode 100644 index 4252576415..0000000000 --- a/charts/partners/ibm/ibm-connect-direct/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: ibm-connect-direct - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: ibm - name: IBM diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.10/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.10/report.yaml deleted file mode 100644 index 1512d10731..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.10/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.10.tgz?raw=true - digest: sha256:87f5c9a00b69591a47ec6c2a633db882db7fe7b23bd2cdf400848ec7509751a2 - digests: - chart: sha256:87f5c9a00b69591a47ec6c2a633db882db7fe7b23bd2cdf400848ec7509751a2 - package: df38423719fda71ccc4bbaf569d5e2bb3d2bdece7f370dca31fde765202168fb - lastCertifiedTimestamp: "2022-02-17T07:07:11.814972+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.10 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.10 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:f4d54180ef449ca8d889c1c1b53d9ab6af3a3ebff17f0286de0e4e535d2e8495 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:9370389404a4021474171b1ab03a84f368b6376095e1c47bc28f3c4512c8a563 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.12/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.12/report.yaml deleted file mode 100644 index c46d92d7f2..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.12/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.12.tgz?raw=true - digest: sha256:80c76c8bd30cea069523dc9b87e92d319c91afd3a22230857eb336005033dfc9 - digests: - chart: sha256:80c76c8bd30cea069523dc9b87e92d319c91afd3a22230857eb336005033dfc9 - package: 4251e5d56b15f860648a17fe21726adbfe930d5ffb446d02a24fff2e8a11cd3f - lastCertifiedTimestamp: "2022-03-11T04:28:56.873761+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.12 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.12 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:5e810aafbee828891b938227ea30dd2bbafa11059f5f43c8f5bc356d0b217995 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:3a37e09d38cf6fa48b377e170094b9e88016de233f576ffa9af9041c07a6ed8d - diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.13/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.13/report.yaml deleted file mode 100644 index abad570197..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.13/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.13.tgz?raw=true - digest: sha256:806a694f109c2c0518e8f7c6eb15604cdd9bae68ce785a65c5fb6a1f9117c60b - digests: - chart: sha256:806a694f109c2c0518e8f7c6eb15604cdd9bae68ce785a65c5fb6a1f9117c60b - package: 14666fe65925048cf1ff08e61837583fd33baa1f84fba08d3d9e3a2728afebec - lastCertifiedTimestamp: "2022-03-25T04:25:02.265068+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.13 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.13 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:738c6820cc23bd0cb7cc4319054d511d6967e56db6b6a7af16e3738aaabce754 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:b60d75b8148e8651786002d5408e16039023f3c4594a6b85af88ddfa20993665 diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.14/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.14/report.yaml deleted file mode 100644 index 25b4f4822a..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.14/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.14.tgz?raw=true - digest: sha256:f716155a758362e0f4d632c231bce2b9a36d9fca416be0350098e07098d1054f - digests: - chart: sha256:f716155a758362e0f4d632c231bce2b9a36d9fca416be0350098e07098d1054f - package: 8f03acc84643650e6e1a5a50df3e3b1ba3354e5e7a70427de2c1b2a2f4bfde19 - lastCertifiedTimestamp: "2022-04-11T09:09:49.145444+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.14 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.14 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:957e665d48eaf22575eef941711130e2ce7122bfea334815fa4b3f1ef1a533ab - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:8979519492f879378111d9080506b9252cc263b56a0b5b5c20d0c2f64b82565a - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.15/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.15/report.yaml deleted file mode 100644 index 6d47a302ca..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.15/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.15.tgz?raw=true - digests: - chart: sha256:ed9b765f0f1ecdfc6e519859bd223b1f37780372c57e579cc259169bb8acc101 - package: 142c715196bee7b7216b0bdcb4c4a6541a2b25d48af984a0306f813eb1f99759 - lastCertifiedTimestamp: "2022-06-28T13:05:36.253703+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.15 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.15 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: FAIL - reason: 'Missing required annotations: [charts.openshift.io/name]' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:7c00bc76f91d456164f98375cd8932a0ec500c9dca1728368f3c1ccdbfd96e91 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:667667c5907d0ad145e8518ca0f8cf013ca778d6738b028d1cd08103b1b64667 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.16/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.16/report.yaml deleted file mode 100644 index 95b31f4251..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.16/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.16.tgz?raw=true - digests: - chart: sha256:43acd69dd1b005b4fd3ceffbde2292b14690841021e390cc2aa6341b4eec8c91 - package: 845686edc47e18a695ee67949bd17bd62eb2c0d4bd2e6448edfb2b6d49fb8459 - lastCertifiedTimestamp: "2022-06-28T13:02:09.982231+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.16 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.16 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:cb2f9c4b7c2fe8b922fb2808c1566ef42bdb751b9d4469c1cf6fbe4bb954cda1 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:6a98f94683cd203cbcc8e53904683eeeaace136a033ace38b187823d7ed28e8a - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: FAIL - reason: 'Missing required annotations: [charts.openshift.io/name]' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.17/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.17/report.yaml deleted file mode 100644 index d957bca91e..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.17/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.17.tgz?raw=true - digests: - chart: sha256:258d1d619b78fbf03100b14a8c5920bcce2f08b0d75c61f09d355f20548fa905 - package: f45d528a4eed8d42ba471a290c55b4c5072c14453b552d1811664b3a0310b852 - lastCertifiedTimestamp: "2022-06-28T12:57:40.609357+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.17 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.17 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:5e7ad920c50ba88c4df1c0154ec8a1770011b38dc3eeda52ed5088f78b49c767 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:eb099ec0aa8451be29f26637ecc934c685566c5c92ecf5d5e747275911b8af72 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.18/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.18/report.yaml deleted file mode 100644 index 5877b07de7..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.18/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.18.tgz?raw=true - digests: - chart: sha256:5f4bbada418c20f8b43705e1a1b2c35026871ced73840f67e964fdad7bc58421 - package: 34580fbea59bc2e96d4bde61ea7781d65dfc5b638ae628f0890997c16e4f60b1 - lastCertifiedTimestamp: "2022-07-14T04:46:13.106281+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.18 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.18 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:f3fe6d29ace4c40fda8e7773e8058d14c848f21dc5f2f790ec93d325bb5f691b - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:ad5aaae009a37d97bc7d0ace9167180dfeece40ad7d41e7000ea1bab5924355b - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.19/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.19/report.yaml deleted file mode 100644 index 6a239c1f0f..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.19/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.19.tgz?raw=true - digests: - chart: sha256:bb6b7af8348b555ded02edd46ae31c14e99770cf67fbf540f6c3d8898bd27958 - package: f098c169e666ffd2fd2c1217f6b2d923a3d553c68a15983e430a6819df879499 - lastCertifiedTimestamp: "2022-07-26T07:17:19.60263+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.19 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.19 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:2c605b536ec87293f4c3ea3d69ac687905b19a4b4dd7653515928f49ee12097e - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:48539aad0298623758f6ac6a711d33323c0964de4b8b23219e695fa5683dbcd9 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.2/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.2/report.yaml deleted file mode 100644 index 39e5cc5abd..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.2/report.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.2.tgz?raw=true - digest: sha256:3cda4165a30e77372332c6da2fb81f33ddfd83e1b9294090063c90f712b49ca1 - lastCertifiedTimestamp: "2021-06-23T16:56:38.235364+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.2 - description: | - Chart for deploying ibmcloud object storage plugin. - IBM Cloud Object Storage is persistent, highly available storage - that you can mount to apps that run in a Kubernetes cluster by using - the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in - that connects Cloud Object Storage buckets to pods in your cluster. - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.2 - deprecated: false - annotations: {} - kubeversion: '>=1.10.1-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : ibmcom/ibmcloud-object-storage-driver@sha256:324787a10da384bb7bb441538eb65846c9df57bfd0e8a37a2f3efaeb423c2bc9 - Image is Red Hat certified : ibmcom/ibmcloud-object-storage-plugin@sha256:4adddd3d619c056ed6fd3dc00864e4b7af140dd731557c2e64bfd6ced4232bbf - - check: has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.20/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.20/report.yaml deleted file mode 100644 index 62542d885a..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.20/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.20.tgz?raw=true - digests: - chart: sha256:cd8b673752e7a024d11a0450f854417d31ade71648fa2aba19d7a5b8123941b0 - package: 1392904f73d8a220f81179755c4ba985828f3ff2d0d50203cdee2edb22b1d83a - lastCertifiedTimestamp: "2022-08-17T05:47:10.414693+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.20 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.20 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:152662db4b476e2a2802fc79e6dcf1cd4580503d3d42083ae295c1ad7362106d - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:61dc4d11a7bc53b133ce736c99948682b685fade6ace724149bc6d40d7d64a48 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.21/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.21/report.yaml deleted file mode 100644 index 2ae6f15893..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.21/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.21.tgz?raw=true - digests: - chart: sha256:453fc6bea6d3cb7a6a6f0202c568d9d271a1120e888bda3e6b361a7afda583a6 - package: 4672d05ddf69f341ea2fdddacc2329228922e5b6b7d5ef45ad842b73b8d437d8 - lastCertifiedTimestamp: "2022-08-25T09:33:19.23309+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.21 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.21 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:50afb398239bdafcd2b5cd03ad876a25f651582021d1b4bcc4764015022ac08e - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:b1d077c4de70bdc982b0b548a536f6472543c673c2d60ce06875f5ec7a71861b - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.3/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.3/report.yaml deleted file mode 100644 index f17a27147f..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.3/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.3.tgz?raw=true - digest: sha256:ff9dea052c33bd6cdb0d668c4b1d616288c40ce50ef78b85240cb4d8e709631a - digests: - chart: sha256:ff9dea052c33bd6cdb0d668c4b1d616288c40ce50ef78b85240cb4d8e709631a - package: 4fdd882d3861f3e9ab7b2ce86bbbd14af7df6c392a3b8a1b762929c00900e618 - lastCertifiedTimestamp: "2021-08-26T00:09:57.26517+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.3 - description: | - Chart for deploying ibmcloud object storage plugin. - IBM Cloud Object Storage is persistent, highly available storage - that you can mount to apps that run in a Kubernetes cluster by using - the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in - that connects Cloud Object Storage buckets to pods in your cluster. - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.3 - deprecated: false - annotations: {} - kubeversion: '>=1.10.1-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : ibmcom/ibmcloud-object-storage-driver@sha256:c50a4ab479dafe8dd70ec9d136efac1fdf85a607dc214feafe1f27dc94fd0efb - Image is Red Hat certified : ibmcom/ibmcloud-object-storage-plugin@sha256:00e6e1a926f3b4e6500ab51bb916a734860f5d24ce5b127a0ffd71cb0bd26d20 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.4/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.4/report.yaml deleted file mode 100644 index 6fd1cfc0d2..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.4/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.4.tgz?raw=true - digest: sha256:74d6b13733744ff67f5f364ced91b41bea3588ef12b5eb1227a628d709897729 - digests: - chart: sha256:74d6b13733744ff67f5f364ced91b41bea3588ef12b5eb1227a628d709897729 - package: 31dda48d0bd6d5fea98cccaeae02515c9957a66b01a7ee10f00c3b26ab980eea - lastCertifiedTimestamp: "2021-09-24T03:31:42.046658+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.4 - description: | - Chart for deploying ibmcloud object storage plugin. - IBM Cloud Object Storage is persistent, highly available storage - that you can mount to apps that run in a Kubernetes cluster by using - the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in - that connects Cloud Object Storage buckets to pods in your cluster. - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.4 - deprecated: false - annotations: {} - kubeversion: '>=1.10.1-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:e9152b9e7dfca10cf02f8de7a8d14a4067e7fe69695699411cadaf282263f099 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:b2e7a3ced38cb9197e7d1a3bea3ffcc9dda46e7d12ca5337e5ba8d4253659309 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.5/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.5/report.yaml deleted file mode 100644 index 34a734a1ed..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.5/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.3 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.5.tgz?raw=true - digest: sha256:3a6927a864935e644e9c1abd9bd8a2fc088651bfd8d43aaba9c5f54085fd732e - digests: - chart: sha256:3a6927a864935e644e9c1abd9bd8a2fc088651bfd8d43aaba9c5f54085fd732e - package: a850db7aac421a257ff7c0d3c9432fc34e314d62484b3bd047dd22953f9fc93b - lastCertifiedTimestamp: "2021-10-05T06:33:11.266306+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.5 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.5 - deprecated: false - annotations: {} - kubeversion: '>=1.10.1-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:fc17bb3e89d00b3eb0f50b3ea83aa75c52e43d8e56cf2e0f17475e934eeeeb5f - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:cf654987c38d048bc9e654f3928e9ce9a2a4fd47ce0283bb5f339c1b99298e6e - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.6/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.6/report.yaml deleted file mode 100644 index d235799d9f..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.6/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.6.tgz?raw=true - digest: sha256:3514a95af6a83b15cb9159b2f10149cc17f83f9a2bea5c8f35b4e8dc10074c79 - digests: - chart: sha256:3514a95af6a83b15cb9159b2f10149cc17f83f9a2bea5c8f35b4e8dc10074c79 - package: 98e7b7511d6cd407af91b7dae5c3360c6d36199f00982c85078de81e3f145126 - lastCertifiedTimestamp: "2021-10-22T08:55:19.792479+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.6 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.6 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:b4ce486c2f349d1f73d986fa131c7614a53b0d5713063eec51a4b3f1ed4d5da7 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:d0711f11148dd6bf8849402d2033939241f3a2a8d2364938b08b04cbfa10dbbd - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.7/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.7/report.yaml deleted file mode 100644 index d03dd919c5..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.7/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.7.tgz?raw=true - digest: sha256:897cb7909528a3eb7a53d37bbea0fbf63a539c211308cf815139bbc78946edee - digests: - chart: sha256:897cb7909528a3eb7a53d37bbea0fbf63a539c211308cf815139bbc78946edee - package: a960d394d1768b941c8dc2c13b2113bf896dec794b305b521e94259bf05a3dca - lastCertifiedTimestamp: "2021-11-18T06:45:30.662212+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.7 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.7 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:8e9979e8b3452f0d8a7c50a0235a232ef839f4ab75fb0474d00725f09718afd1 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:170ae50611c37c997d7d5b7a6a100576ea6bac8ac8e407b46cf90914902132e3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.8/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.8/report.yaml deleted file mode 100644 index 198549f38e..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.8/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.8.tgz?raw=true - digest: sha256:40a9f67f580cc275f18de6833146e0ec855f65076958f215d76eff9f5a7064b8 - digests: - chart: sha256:40a9f67f580cc275f18de6833146e0ec855f65076958f215d76eff9f5a7064b8 - package: f662876d8268aa71e29f4930d8fd33509ce97f548376ce9246f6594b5cbce23a - lastCertifiedTimestamp: "2022-01-17T11:19:38.830395+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.8 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.8 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:33dfbb6dbfbd4ab1b5f54b9dc929a84b81e0bc7080610c2e18d3ccecadbf2862 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:9d834dde00d8e1de22078dc771dd127438585e70563f06059eeacd3fc01f5ee7 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.1.9/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.1.9/report.yaml deleted file mode 100644 index 55189f0436..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.1.9/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.1.9.tgz?raw=true - digest: sha256:5db7b6367929b523e0148fe888bbfe018a165eb8946b9b2cd11a7d7724e55309 - digests: - chart: sha256:5db7b6367929b523e0148fe888bbfe018a165eb8946b9b2cd11a7d7724e55309 - package: a251c5b9f58b71955e7c9ec5a2846fc386fa1efe6e776a244981097184d8e506 - lastCertifiedTimestamp: "2022-01-24T08:59:33.513054+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.1.9 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud - Object Storage is persistent, highly available storage that you can mount - to apps that run in a Kubernetes cluster by using the IBM Cloud Object - Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that - connects Cloud Object Storage buckets to pods in your cluster. ' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.1.9 - deprecated: false - annotations: {} - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:90abbd73323ac141780a77443235b3d6aca7073400cb3916c4a8da085f4bb58d - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:555604e2fddfd02c059ca242f1ba5e1bfcc230c6123705297bf3e9fc2f1858ec - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.0/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.0/report.yaml deleted file mode 100644 index 268feb616b..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.0/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.0.tgz?raw=true - digests: - chart: sha256:128ff67b912dba937cc0047272fe4278411c6b152ce52275ad8ffbeb0271dcb4 - package: f955ffb433dffdb292948d0566801f4c19a5c814778407d053bc23cfa1ea03e4 - lastCertifiedTimestamp: "2022-11-17T15:43:51.608213+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.0 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.0 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:6f2ad538880d5694e2678a4d0c400529dfa194ed972ec4a33e7671103cdcd093 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:c8e9b932652e960ff36c7ffdd8b80b84a0337c3a8db758b977fe3d228f223b10 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.1/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.1/report.yaml deleted file mode 100644 index 4443820aba..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.1/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.1.tgz?raw=true - digests: - chart: sha256:5b92b1c2b748ed82d6e8666dfb9367bafacecc80c2878837b9c1ff2a1eab8a46 - package: 5f6e3677a073a3c9b7a2ad2ba9fc80ef54d25fcfd6b0122d901f32037cc7d2a9 - lastCertifiedTimestamp: "2022-11-17T15:40:33.873301+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.1 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.1 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:b3c5ef3cbcdcfd507060d4f83663b66c40c775200b20f4f7941f613e21f50bb9 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:ecde5e5775d5d77b9f59dbcb386528e2e4f9a94af2c7fc2f817213aa5ab9f85b - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.11/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.11/report.yaml deleted file mode 100644 index 9c0ad8b435..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.11/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:1767831640007579129 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.11.tgz?raw=true - digests: - chart: sha256:17b4a6230bb572787b01a2d87093dc0c878f49f524209340879acb81c2f5b042 - package: 1ceb138ce02a0f4db4e2fc76d75762201990ba44bc194c330ab7f09a713aec47 - lastCertifiedTimestamp: "2023-03-03T05:29:11.955657+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.11 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.11 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:8c91974660bf98efc772f369b828b3dbcea5d6829cbd85e6321884f4c4eabe09 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:ce509caa7a47c3329cb4d854e0b3763081ac725901e40d5e57fe93b6cd125243 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.12/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.12/report.yaml deleted file mode 100644 index b05d03b100..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.12/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:17309107878791980360 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.12.tgz?raw=true - digests: - chart: sha256:b99a0ec0741f7c876b0d29b3ef05865faf0bd9b799a76843d5a140ae6880c89b - package: a8a8f4ec0991be10b79b4c93cb0bc734be7511e20934b0848aa67cbca14cca54 - lastCertifiedTimestamp: "2023-03-20T06:46:30.377943+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.12 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.12 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:312c25978d1e4623ae41a3c494774b87ba304540699a90f0013c9f4488978029 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:cd16e5d10179fdbf79527aa6a3ef45ab0880e547aaf02e13ba933c4a3082bfec - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.13/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.13/report.yaml deleted file mode 100644 index eccf6ebab6..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.13/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:8050207223378476836 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.13.tgz?raw=true - digests: - chart: sha256:09c5e42d0fefdd6cb23073ab091c035f75fd80aca7f2dbd55e917c92bda740aa - package: 6cf9572c05e919aa6786deebf45c5b2038fe8de9b1165eabd3e370ae48c916ae - lastCertifiedTimestamp: "2023-04-03T02:13:52.594933+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.13 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.13 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:e4b7e531497ac4861dff3a5cf6e9babf237fe6d1a062466d1064411b4ee10566 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:a63f64e5e345aba224800f31ec204d314be6a34a1a4f393354363a3fe3eb9262 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.14/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.14/report.yaml deleted file mode 100644 index 85d49ba667..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.14/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:6421456028177396441 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.14.tgz?raw=true - digests: - chart: sha256:50edb079e48d856be2ec14c87f7922ddd67b2a753e4344d01b547011808a82b1 - package: 6a77b838a910dfbbc876f80323999449fbe25ea6ddbcbb9f549cab9527d40595 - lastCertifiedTimestamp: "2023-05-02T07:14:27.494914+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.14 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.14 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:23626effee7f4f2ae2180bb104f7ce8efba0a776b300add6e2fbfdd3b0dd071d - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:df2f1d57e1af9f43a64ad803ba39b19b6b8dd27ac59492fed2c0f8f3b2ff28e7 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.15/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.15/report.yaml deleted file mode 100644 index 9f2f1bbbe5..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.15/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:10901298389495923501 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.15.tgz?raw=true - digests: - chart: sha256:b3da3491cb4a0b2590f415d255e5d9601f4d928dd4b281e4ab34112ca0a2495d - package: df748cb03d8dd41e3cc82aa4389a4df88a834e2af22273013b7c2342331abb9e - lastCertifiedTimestamp: "2023-07-03T06:48:10.098445+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.15 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.15 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:54ce416e25e1af81664e7580b55b75cdfc134656a30cea4e2eb6d6bda2c34253 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:0835c38847be9dfc0fcdc59a8fdc2994b2ec2155cc4932a6b340d9ec4ed4e9bf - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.16/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.16/report.yaml deleted file mode 100644 index 627f343498..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.16/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:18048867696165443960 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.16.tgz?raw=true - digests: - chart: sha256:71c682cefd271f6803819b2a01bc945af2eed3f48b66cd70f39329f1cb788abd - package: 13b6844707ea303014eb43b94d6a56fff330c15512074e3accc3ae92dea3e025 - lastCertifiedTimestamp: "2023-07-03T06:51:35.943772+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.16 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.16 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:256a24e9ebe561309750ec1d206eeb5f5c98edd8c029483d0cf1b630f49e572a - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:12fa36cc2d2fb257e43dd63a86fa7775d0784de09a7ff9444fd1edfb9969773e - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.2/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.2/report.yaml deleted file mode 100644 index 8053607f54..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.2/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.2.tgz?raw=true - digests: - chart: sha256:61b134fb29002db85aec6e24f660a92bf8075f5c36a82dfeccee500503b37e62 - package: 228274427fce3ab12e69dc696ca806c016afa26c1d93da7132c9d0d3c34f57ca - lastCertifiedTimestamp: "2022-11-17T15:35:26.825332+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.2 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.2 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:806070d3e9b4cb6817bfee5687c527d84a554ac18c104ed25f2c7943a51e66e4 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:3bfd14e61862cf174d4b2c011ec5cdc49264720cc367040182f0ac9d1876b845 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.3/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.3/report.yaml deleted file mode 100644 index c1b5828439..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.3/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.3.tgz?raw=true - digests: - chart: sha256:61dec63e1223f31ae64117f927ef571b33d3b70790e3781c651fcbfdced6aa88 - package: 697c5fe018e91e806d780937c66b1c1bb23430dae2dbfabd1718dd32ab517eb1 - lastCertifiedTimestamp: "2022-11-17T12:24:59.588595+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.3 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.3 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:9d915de996b63a8e7058da8e1a07cd098ec88567a7cae525183300deea7722f4 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:ada5bdeded7ba34f1671aaf4e2d8102baacad5b8b45423b181359ee2b6eeeeea - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.4/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.4/report.yaml deleted file mode 100644 index c9bf973a12..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.4/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.4.tgz?raw=true - digests: - chart: sha256:156bc9938675ad26729698386365d459d3e5117f453bc2e51dcd8a7d4d60c1ab - package: 427b1b1bcc4ca1d53fb7265803c131ec4b9b9d81ff7231a8a0d0c4c6a35135eb - lastCertifiedTimestamp: "2022-12-05T08:47:59.829082+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.4 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.4 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:51ae3ab8e6014f2c2bc8fb1658c53c0142177635642ece62533441c98897dac6 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:00dde758a85e9fc62a8c94e8642221ceede0625a6300ee4e1650e8633f262a38 diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.5/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.5/report.yaml deleted file mode 100644 index 9ee5a90d40..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.5/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.5.tgz?raw=true - digests: - chart: sha256:f5bee25bdf4e9f4391539912efdaeb5706dc656a86f8b00b724e0ecea81e4beb - package: f1f17f0e3bd1d15b5ecdbb5aef78e85e12cf2fe3baa344db59440ca742fc3e91 - lastCertifiedTimestamp: "2022-12-12T04:56:08.027837+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.5 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.5 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:33288d7a6d0eca2db4d918a9249b94af9748bd083764dc156d58a34283692b70 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:808da1fa5f7b275bf5f56f5933bd90e6a840345a6ee177c302c1181c7c7be7ca - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.6/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.6/report.yaml deleted file mode 100644 index 2cc3bd684c..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.6/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.6.tgz?raw=true - digests: - chart: sha256:5521f96d85411ee6fdadfeca37e4b2265dc24a63c08558986705b04ee312a0d6 - package: 26f8a166b431d7b309a75d309267977b7412ac0e86f6c372ff755326b55e5011 - lastCertifiedTimestamp: "2022-12-15T08:01:35.642774+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.6 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.6 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:33288d7a6d0eca2db4d918a9249b94af9748bd083764dc156d58a34283692b70 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:808da1fa5f7b275bf5f56f5933bd90e6a840345a6ee177c302c1181c7c7be7ca - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.7/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.7/report.yaml deleted file mode 100644 index 798d2970e0..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.7/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.7.tgz?raw=true - digests: - chart: sha256:2e11944a7ac97c96cbdcb023a310dfea7e4d778504875018498686b65318a0dd - package: 2e79874485ea11ac8f1c836cb08cfaaba7489bd8b4ed7837fb8bedb7a6663a11 - lastCertifiedTimestamp: "2023-01-05T09:13:44.538065+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.7 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.7 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:d1b9f8363ed6b899a7ee42562c940d8a188c0dfa540624afa5f6368ceae5896a - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:9901831130e05946732a8148e584547c34b5d5f125b357b4cd98132d284e8b6e - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.8/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.8/report.yaml deleted file mode 100644 index 2bac059ba7..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.8/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.8.tgz?raw=true - digests: - chart: sha256:38074c35d87200a9b4f8178aaca6302c0c19c2053bda6bd40cd8e2ceac1f5c47 - package: 9cdb8cb5d8f2a8f558ab10fa9ded4d5bc3bd2a9181a41645f21fb97ec5bfc3d2 - lastCertifiedTimestamp: "2023-01-23T07:04:24.17323+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.8 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.8 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.19.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:083e9a70ab41b2971d3c5ac86ee158c94995da79d097ea9bec56350d2396f7a6 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:b3a43023906fa391b2376bfe5aafead1c5e920d7c8935958aff690ecf694c51c - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/2.2.9/report.yaml b/charts/partners/ibm/ibm-object-storage-plugin/2.2.9/report.yaml deleted file mode 100644 index abf45284eb..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/2.2.9/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin-2.2.9.tgz?raw=true - digests: - chart: sha256:a3c8a0105ba26ce0ece17e80912115e21eb8f691094d8ba0d3aeebdbaa404911 - package: b1292d89d6ee771027066984374792568682e4a1632e7c212a08f0d9464a90a6 - lastCertifiedTimestamp: "2023-02-13T08:46:32.429299+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.8' - providerControlledDelivery: false - chart: - name: ibm-object-storage-plugin - home: "" - sources: [] - version: 2.2.9 - description: 'Chart for deploying ibmcloud object storage plugin. IBM Cloud Object Storage is persistent, highly available storage that you can mount to apps that run in a Kubernetes cluster by using the IBM Cloud Object Storage plug-in. The plug-in is a Kubernetes Flex-Volume plug-in that connects Cloud Object Storage buckets to pods in your cluster. License By installing this product you accept the following license terms: http://www.apache.org/licenses/ and https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' - keywords: - - IKS - - amd64 - - Storage - - Commercial - - Limited - - Other - - ROKS - maintainers: - - name: IBM - email: contsto2@in.ibm.com - url: "" - icon: https://cache.globalcatalog.cloud.ibm.com/static/cache/2461-acb0d10a1725d783/images/uploaded/icons/object-storage.png - apiversion: v2 - condition: "" - tags: "" - appversion: 2.2.9 - deprecated: false - annotations: - charts.openshift.io/name: ibm-object-storage-plugin Chart - kubeversion: '>=1.21.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-driver@sha256:cdd3c5d7f89a52f673a3d37031cb2629e5687333e36cc293e0a8f20aee4053e8 - Image is Red Hat certified : icr.io/cpopen/ibmcloud-object-storage-plugin@sha256:5b214e112f6109324f589a7cdb250d68a6ac432cdfbcb617bbc0ff3af4d6c90e - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-object-storage-plugin/OWNERS b/charts/partners/ibm/ibm-object-storage-plugin/OWNERS deleted file mode 100644 index cd8fad3f16..0000000000 --- a/charts/partners/ibm/ibm-object-storage-plugin/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: ibm-object-storage-plugin - shortDescription: null -publicPgpKey: null -users: -- githubUsername: ambiknai -- githubUsername: nkkashyap -- githubUsername: Bhagyashreek8 -vendor: - label: ibm - name: IBM diff --git a/charts/partners/ibm/ibm-oms-ent-prod/6.0.1/report.yaml b/charts/partners/ibm/ibm-oms-ent-prod/6.0.1/report.yaml deleted file mode 100644 index 12ad4c39e8..0000000000 --- a/charts/partners/ibm/ibm-oms-ent-prod/6.0.1/report.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-oms-ent-prod-6.0.1.tgz?raw=true - digest: sha256:fbc93dd2ebd74901669f133687c757c3559f25a454e8dbf0585f7fa449aa7ed6 - lastCertifiedTimestamp: '2021-07-06T17:39:35.891029+00:00' - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-oms-ent-prod - home: http://ibm.biz/oms-home - sources: [] - version: 6.0.1 - description: |- - IBM Order management Software Enterprise Edition v10 provides cross-channel order orchestration capabilities to enable intelligent brokering of orders across many disparate systems. It also provides a global view of inventory across the supply chain and enables business users to make changes to order process. - Documentation - For additional details regarding install parameters check http://ibm.biz/oms-helm-readme. - License - By installing this product you accept the license terms http://ibm.biz/oms-license and http://ibm.biz/oms-apps-license. - keywords: - - oms - - sterling - - yantra - - order - - fulfillment - - om - - amd64 - - ppc64le - - framework - - Commercial - - RHOCP - - Other - maintainers: - - name: IBM - email: '' - url: '' - icon: https://raw.githubusercontent.com/IBM/charts/master/logo/ibm-oms-logo.png - apiversion: v2 - condition: '' - tags: '' - appversion: 10.0.0 - deprecated: false - annotations: {} - kubeversion: '>=1.16.0-0' - dependencies: - - name: ibm-sch - version: 1.2.15 - repository: '@sch' - condition: '' - tags: [] - enabled: false - importvalues: [] - alias: sch - type: application - chart-overrides: '' -results: - - check: helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-enterprise/om-app:10.0.0.23-amd64 - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-enterprise/om-agent:10.0.0.23-amd64 - - check: chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/ibm/ibm-oms-ent-prod/6.0.2/report.yaml b/charts/partners/ibm/ibm-oms-ent-prod/6.0.2/report.yaml deleted file mode 100644 index 3a2e6761cf..0000000000 --- a/charts/partners/ibm/ibm-oms-ent-prod/6.0.2/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.3 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-oms-ent-prod-6.0.2.tgz?raw=true - digest: sha256:594ac70254271c2eb975d141c66838c69b35e6d4837b1a4b0472d9d1f2a1aa52 - digests: - chart: sha256:594ac70254271c2eb975d141c66838c69b35e6d4837b1a4b0472d9d1f2a1aa52 - lastCertifiedTimestamp: '2021-09-30T00:26:17.53459+00:00' - certifiedOpenShiftVersions: 4.8.0 - chart: - name: ibm-oms-ent-prod - home: http://ibm.biz/oms-home - sources: [] - version: 6.0.2 - description: IBM Order management Software Enterprise Edition v10 provides - cross-channel order orchestration capabilities to enable intelligent brokering - of orders across many disparate systems. It also provides a global view - of inventory across the supply chain and enables business users to make - changes to order process. Documentation For additional details regarding - install parameters check http://ibm.biz/oms-helm-readme. License By installing - this product you accept the license terms http://ibm.biz/oms-license and - http://ibm.biz/oms-apps-license. - keywords: - - oms - - sterling - - yantra - - order - - fulfillment - - om - - amd64 - - ppc64le - - framework - - Commercial - - RHOCP - - Other - maintainers: - - name: IBM - email: '' - url: '' - icon: https://raw.githubusercontent.com/IBM/charts/master/logo/ibm-oms-logo.png - apiversion: v2 - condition: '' - tags: '' - appversion: 10.0.0 - deprecated: false - annotations: {} - kubeversion: '>=1.16.0-0' - dependencies: - - name: ibm-sch - version: 1.2.15 - repository: '@sch' - condition: '' - tags: [] - enabled: false - importvalues: [] - alias: sch - type: application - chart-overrides: '' -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-enterprise/om-agent:10.0.0.23-amd64 - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-enterprise/om-app:10.0.0.23-amd64 diff --git a/charts/partners/ibm/ibm-oms-ent-prod/OWNERS b/charts/partners/ibm/ibm-oms-ent-prod/OWNERS deleted file mode 100644 index 4e484a9795..0000000000 --- a/charts/partners/ibm/ibm-oms-ent-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ibm-oms-ent-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: ntinvo -vendor: - label: ibm - name: IBM diff --git a/charts/partners/ibm/ibm-oms-pro-prod/6.0.1/report.yaml b/charts/partners/ibm/ibm-oms-pro-prod/6.0.1/report.yaml deleted file mode 100644 index 870cd3f426..0000000000 --- a/charts/partners/ibm/ibm-oms-pro-prod/6.0.1/report.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-oms-pro-prod-6.0.1.tgz?raw=true - digest: sha256:e7cacf93d397b58c64f9c113cc0671e6e920022bf4227cab291e18c6e3827954 - lastCertifiedTimestamp: '2021-07-06T17:45:15.703527+00:00' - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-oms-pro-prod - home: http://ibm.biz/oms-home - sources: [] - version: 6.0.1 - description: |- - IBM Order management Software Professional Edition v10 provides cross-channel order orchestration capabilities to enable intelligent brokering of orders across many disparate systems. It also provides a global view of inventory across the supply chain and enables business users to make changes to order process. - Documentation - For additional details regarding install parameters check http://ibm.biz/oms-helm-readme. - License - By installing this product you accept the license terms http://ibm.biz/oms-license and http://ibm.biz/oms-apps-license. - keywords: - - oms - - sterling - - yantra - - order - - fulfillment - - om - - amd64 - - ppc64le - - framework - - Commercial - - RHOCP - - IKS - - Other - maintainers: - - name: IBM - email: '' - url: '' - icon: https://raw.githubusercontent.com/IBM/charts/master/logo/ibm-oms-logo.png - apiversion: v2 - condition: '' - tags: '' - appversion: 10.0.0 - deprecated: false - annotations: {} - kubeversion: '>=1.16.0-0' - dependencies: - - name: ibm-sch - version: 1.2.15 - repository: '@sch' - condition: '' - tags: [] - enabled: false - importvalues: [] - alias: sch - type: application - chart-overrides: '' -results: - - check: helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-professional/om-app:10.0.0.23-amd64 - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-professional/om-agent:10.0.0.23-amd64 - - check: chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/ibm/ibm-oms-pro-prod/6.0.2/report.yaml b/charts/partners/ibm/ibm-oms-pro-prod/6.0.2/report.yaml deleted file mode 100644 index 0f4f5b4276..0000000000 --- a/charts/partners/ibm/ibm-oms-pro-prod/6.0.2/report.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.3 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-oms-pro-prod-6.0.2.tgz?raw=true - digest: sha256:5ef57b10f8b72f04f1a38b7e07c657687342f50db75ef812d720986bc14c9b97 - digests: - chart: sha256:5ef57b10f8b72f04f1a38b7e07c657687342f50db75ef812d720986bc14c9b97 - lastCertifiedTimestamp: '2021-09-30T00:20:11.381803+00:00' - certifiedOpenShiftVersions: 4.8.0 - chart: - name: ibm-oms-pro-prod - home: http://ibm.biz/oms-home - sources: [] - version: 6.0.2 - description: IBM Order management Software Professional Edition v10 provides - cross-channel order orchestration capabilities to enable intelligent brokering - of orders across many disparate systems. It also provides a global view - of inventory across the supply chain and enables business users to make - changes to order process. Documentation For additional details regarding - install parameters check http://ibm.biz/oms-helm-readme. License By installing - this product you accept the license terms http://ibm.biz/oms-license and - http://ibm.biz/oms-apps-license. - keywords: - - oms - - sterling - - yantra - - order - - fulfillment - - om - - amd64 - - ppc64le - - framework - - Commercial - - RHOCP - - IKS - - Other - maintainers: - - name: IBM - email: '' - url: '' - icon: https://raw.githubusercontent.com/IBM/charts/master/logo/ibm-oms-logo.png - apiversion: v2 - condition: '' - tags: '' - appversion: 10.0.0 - deprecated: false - annotations: {} - kubeversion: '>=1.16.0-0' - dependencies: - - name: ibm-sch - version: 1.2.15 - repository: '@sch' - condition: '' - tags: [] - enabled: false - importvalues: [] - alias: sch - type: application - chart-overrides: '' -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-professional/om-app:10.0.0.23-amd64 - Image is Red Hat certified : cp.icr.io/cp/ibm-oms-professional/om-agent:10.0.0.23-amd64 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/ibm/ibm-oms-pro-prod/OWNERS b/charts/partners/ibm/ibm-oms-pro-prod/OWNERS deleted file mode 100644 index e1e6d20aea..0000000000 --- a/charts/partners/ibm/ibm-oms-pro-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ibm-oms-pro-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: ntinvo -vendor: - label: ibm - name: IBM diff --git a/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.1/report.yaml b/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.1/report.yaml deleted file mode 100644 index bb050662de..0000000000 --- a/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.1/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-operator-catalog-enablement-1.2.1.tgz?raw=true - digest: sha256:ef0b29d3bec01688837bf100eaff492ab153babed118cf96eba3af96a50597b7 - lastCertifiedTimestamp: "2021-07-09T15:42:56.073039+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-operator-catalog-enablement - home: http://ibm.biz/oprcatalog - sources: [] - version: 1.2.1 - description: "IBM Operator Catalog enablement deploys custom CatalogSources - and ImageContentSourcePolicy \nresources to enable consistent Catalog - experience to deploy and maintain IBM products. The operators are publically\navailable, - but products they install may require purchase and entitlement keys.\n\n\nDocumentation\nFor - additional details regarding installation see https://ibm.biz/operator-catalog-readme\n\nLicense\nBy - installing this catalog you accept the license terms https://www.apache.org/licenses/LICENSE-2.0\n" - keywords: - - amd64 - - ppc64le - - s390x - - deploy - - Catalog - - Commercial - - Limited - - Tools - - Other - - RHOCP - maintainers: - - name: IBM - email: "" - url: "" - icon: data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxITEhUQEhAVEhEVFRUQFxgVGBUQEBgSFREXFhcXFxUYHiggGBolHRUWITEhJSkrLi4uFx8zODMsNygtLisBCgoKDg0OGxAQGi0mHyYtLS0wLy4tKy8tMistLS0tLS8vLS0tLS0rLS0uLS0tLS0tLS0vLS0tLS0tLS0tLS0tLf/AABEIANMA7wMBEQACEQEDEQH/xAAbAAEAAgMBAQAAAAAAAAAAAAAABQYCAwQBB//EAEYQAAIBAQQFBwgHBgUFAAAAAAABAgMEBREhBhIxQVEiYXGBkaGxEyMyUlSjwdIzQmJygsLRFBaisuHwB0NTc5IVJDREs//EABoBAQACAwEAAAAAAAAAAAAAAAAEBQECAwb/xAA5EQACAQICBwYFAwMFAQEAAAAAAQIDBBEhBRIxQVGh0RMVUnGBsSIyYeHwQpHBFCMzNENygvHCYv/aAAwDAQACEQMRAD8A+4gAAAAAAAAAAAAAAAAAAAArmk1eWvGnjhHV1sOLcms+Ow70lliea03Wn2ipp5YY830OjRmvKSnFvFR1Wsc8MccujIxVSWDJGhK05xnCTxSww9cehNnEvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVbSh+eX+2v5pEqj8p5XTf+oX/Fe7OnRR/Sfg/OaV9xJ0Dtqf8AX+SwHA9CAAAAAAAAAAAAAAAAAAAAAAAAAAAACD0sttSnTioNx1pNOSyeSxwT3Y/AlWsIyk8Sp0tcVKVNKDwxe0jdGb5lr+SqTcoyyi5NyaluWLzwf6HW4orV1oog6Mv5qp2VSWKezHj5/UtxAPSAAAAAAAAqmlT88v8Abj/PMl0Pl9Ty2m/9Qv8AivdnTok/pfwfnNbjcSNA7an/AF/+ixEY9CAAAAAAACs3neUpTahNxgslqtrHnxR2jHBHkr/SNSpVapyaitmDwx+pMXPXlOmnLN4tY8UjnNYMvdGV51rdSntzWPE7jUsAAAAAAAAAAAAAAAAAct5WJVqcqb3rJ8JLYzenNwkpI4XNBV6Tpvf7nzqpCUJOMspReD4pplwmpLFHipwlCTi8mi/XDePlqSk/TjyZdK39e0qq9Ps5Ybj19hdf1FFSe1ZPz+5InEmgAAAAAFU0sXnovc6aXWpSx8V2ky3+U8vptPt4v/8AP8s6dEF9K93IXWtbHxRpcbiRoJP+4/L+SxEY9AAAAAAARd/W3UhqJ8qeXRHe/gdKccXiVOlrvsaWpH5pe2/p/wCEBZKLnJQW19y3s6vJYnmbehKtUVOO8uFGkoxUVsSwI7eJ7mnTjTgoR2IzMG4AAAAAAAAAAAAAAAAABVNMrt2WiK4Rn4Rl8Own2dX9D9Cg0xa/78fJ/wAP+P2IjR+8vI1U2+RLkz6N0urwxJFelrxy2ldYXX9PVxfyvJ9fQ+hIqD2AAAAAABptVlhUWE4qS59q6HuNoycdhxrUKdZYVFiZUKEYLVhFRjwRhybeLNqdKFOOrBYI2GDoAAAADGpNRTk3gksX0IyliazmoRcpbEUu22p1Jub37FwjuRKjHBYHiLq4dxVdR+nkT+j1j1Y+Ua5UtnNH+u3sONSWeB6DQ9p2dPtZbZe332/sS5yLkAAAAAAAAAAAAAAAAAAAGFekpxcJLGMk4tczMxbi8UazgpxcZbGfPbbctaFR01SnNY8mUYtxa3PFZJ8cdhcQrwlHHFI8hWsa1Oo4KLfBpbfzeXu7KMoUqcJvGUYRi9+aWzHeVNSSlNtHqraEqdGMZbUkdRodwAAAAAAAAAAAAAcN9UJToyjDN5PDik8cDpTaUsyDpGjOrbyjDbl65leuy7JzmlKEowWcnJOPUsTvOaSyPO2Wj6lWqlOLUVtxWHpmW5IiHsD0AAAAAAAAAAAAAAAAAAAAAAAAA8bAIm26R2enlr+Ulwhyl/y2d5Iha1JbsPMrq2lLenlji/pnz2EPaNLpv0KcYrjJuT7FgSI2cVtZW1NNVH8kUvPPocFXSC0y/wA3D7qivhidVbU1uIc9J3Uv14eSRhTvavj9NPtDow4Gsb24b+dnbQvGt/qy7TnKlDgSY3dfxskaF51d8selI4ulHgTKd5WW8kKN5v60V1ZdxydLgTIXj/UjtpWqMt+D58jm4tEuFaEjcanUAAAAAAAAAAAAAAAAHPZ7fSm3GFWE5LaoyjJrpSZ0lSnFYyi16HKFanNtRkm1wZ0HM6gAAAAAAAAELfGkdKjjBecqr6qeSf2nu6NpKo2s6mbyRXXekqdD4VnLhw82U68b4rVny58n1VyYdm/rLKnQhT2I87cXlav87y4bvzzNdisVWq8KdOU92K9FdMnkjM5xh8zOdKhUqvCnFv8AOOwnbJojUedSpGHNFOb7cku8iTvY/pRZ0tC1H/kkl5Z9P5JSjopQXpSnLpaS7kR3dzezAnQ0NQXzNv16HVDR6zL/AC+2U38TR3NR7zvHRltH9PN9TZ/0Whuhh0OX6mvbz4m3d9Dw82Yu54bnJdjRntnvMOwp7mzB3bJbGn3Mz2iZo7SUdjxMVTayawGOJjUayZ1UajXQaNJkiEmjqhUTNGsCRGSZmYNgAAAAAAAADU7TBS1HOOtwxWt2GcHtOTr0lPUclrcMVj+xtMHUjtIaFSdmqwpem4tLDJvil0rFdZ3tpRjVi5bMSNdwnOhKMNuB8njKUJfWhOL54Ti/FM9M0pLimeQWtCXBr0aLbcumso4QtC147NeK5a+9H63Vn0lZcaNTzp5fQuLbS0o/DWzXFbfVdP2LrY7XTqxU6c1OL3rwfB8zKidOUHqyWDLynVhUjrQeKN5odAAADyTSWLeCWfNgA3gUrSHSlyxpWd4Q2Oayk+aPBc/9u1t7LV+Kpt4Hnb7SjnjCi8uPHy6/sV2yWedSShTi5Se5eLe5c7Js5RgsZPIqadKdSWrBYsuV0aJwjhKu/KS9VfRr4y8OYq617KWUMlzL+10RCPxVs3w3ff8AMiyQgkkkkksklkl1EJtvNlxGKisEsjIwZAAAAAAAB41jtBhpPaaZ0OBspcTm6fAwijYwkb4SNGjomZmDYAAAAGi12uFNa05JcOL6FvNoxcthwr3FOhHWqPAr1vv2c8qfIjx+u/0O8aSW087d6YqVPhpfCuf2/MyMpwcnhFOUnwzZu8tpUwhOpLVisWy8UU1GKk8ZJJN8+GZEe095TUlBKW3BY+ZmYNyNvi46NoXnI8rYpxymuveuZ5EihdVKL+F5cNxFuLSlXXxrPjvKFfei1ehjJLytL1orlJfajtXSsV0F1b31Ork8n+bGefudHVaOazjxX8oi7Bb6lGWvSm4S5tjXBrY0SalKNRas1iRKVadKWtTeB9E0V0g/aVKM4qNSCTeHoyT3pbtmwoby07Bpp5M9JYX39QmpLCSJ8hFiACg6WaReVboUn5pPCUl9drcvsrv6NtzZ2motee32+55vSV/2rdKn8u98ft7+W2Jua66lonqQySzlJ+jFfF8ESa9aNKOLINrazuJ6sfV8D6PdV2U6ENSmumT9KT4t/AoqtaVWWMj1VtbU7eOrBeu9naciQAAAAAAAAAAAAADyUcTOJhoxwBgyRgyegyACFvy+XSfk4LlYYtvNLHgt7O9KlrZsp9I6SlQl2dNZ4beBWataUnrSk5Se95slKKWw8zUqTqS1pvFkrd1xznyp+bj/ABvq3dZxnVS2FnaaJq1fiqfCuf29f2LJZLHCmsIRw4vbJ9LI0pOW09Jb21KhHCmsPc3mp3AAAABXr60SoV25x8zUeeMVjFv7UN/SsCdQv6lLJ5r83ldc6NpVviXwv6fyjo0c0fjZVLluc5YYyw1VgtiSzw28TS6u3XaywSOlnZRtk88W95MkQmlV03vvycf2em/OTWMmtsYPd0vwx5iysLbXfaS2L3+xUaUvOzj2UNr2/Rfcpl12GdepGlDa9r3Ritsn/fAta1SNKDlIoaFCVaahD/xcT6ldl3woU1Sgslte+Ut8nznnKtWVWWtI9fb0IUIKEDrOZ2AAAAAAAAAAAAAAAAB45LiDDaPNdcUZwGsuJkYMgAir2uVVpKanqSwweWsmujFZnanWcFgVl9o2NzJTUsH5Y9Dbd10U6WaWtP1nt6luNZ1ZSOlro6jb5pYy4v8AjgSBzJ4AAAAAAAAAAOe32uNKnKrL0Ypy6eCXO3l1m9Om6klFbznVqKnBzlsR8kttolUnKrN4yk3J/BdCWC6j1FOChFRjsR46rOVSbnLaz6Nojc/kKOtJedqYSlxS+rDq387ZQ3tx2s8FsX5iel0da9hTxl8z29PzeTpCLAAAAAAAAAAAAAAGMppGUsTDeBplWe7I21TnKb3GmcnxNkcZNs0yNjkzVIyjmzHWa2NroyM4Gus1sNkLdNb8en9TV00zeNzOP1OyheEJZPkvn2dppKm0Sqd1CWTyZ1nMkgAAAAAAAAAAAFS08tb1YUFv85LoWUV24vqRaaNp5uo/IqdKVMlTXm/4IPRS6/K2hOS5FPzj4Np8ldufUyZe1uzpZbXkQLC37Ssm9iz6H0k8+elAAAAAAAAAAAAABjJmTDZqaNjQKjxDkNQ2KkuBrizKhEyUVwMYm2CDiuAxGCNU7NB7Yrqy8DZSaNJUYPajlrXb6sup/qbqrxI07PwsjLRSlF4SWHgdotPYQKkJQeEkbLJeMoZPlR4b10GJU1I3o3UqeTzRN0K0ZrWi8URmmngy2p1IzjrRNhg3AAAAAAAAAKDfkvKVpy3Y6q6I5fDHrLy3WpTSKC5evVb/ADIsOiFk1KLnvnJv8Mcl349pAvqmtUw4FjYU9WnjxJ0hE4AAAAAAAAAAAA8ZkwzzAGD1IwbHoAAAAAAAAMalNSWDWKMptbDWUVJYNEDeV3uHKjnDvXTzc5Jp1NbJ7SourV0/ijs9jksdtdOWKzW9cV+pvOCkiNQuJUZYrZvRZ6FVTipReKZDaaeDL+nOM4qUdhsMG4AAB42DGITMgxrTwi5cE32IRWLSEngsSjypF1iUrgXWx0dSEYerFLrwzKepLWk2XFOOrFI3GhuAAAAAAAAAAAAAAAAAAAAAAAAAAAeNbgGsSsXxYfJyxXoS2cz4E2lPWWe0oL227GWK+V/mBlcVv1J6knyZPDolu7dnYYrU8VijNhc9nPUex+5ZiGXwANVWrhlvNlHE1lLAxhIyzVM3JGhvgarb9HL7r8Den8yNanysr1Oz4tLnXiT3PIhKOZZytLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA02uzqpBwexrse5m0ZOLxRzrUlVg4PeUivFxk4vJptPpRZRzWKPKTi4ScXtRcLntflaUZP0lyZdK/XJ9ZX1YaksD0tnX7akpPbsfmdNeqoxcnu8TWMdZ4EiUtVYkUq7bxe1kpxwI+tiSlCGCz2kWTxZIisDaamxrtK5Mug2h8yNZbGRlKnmuleJJlLIjpZkuRCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqaV2fVqRqLZNYP70f6NdhPtZYxw4Hn9K0tWoprf7oz0RtPLnT4rXXSng/Fdhi6jkpG+iauE5Q45nbftq5Spp7FrPpez++cxbU8nIsbieeqeXNHXlrPZHPrewXD1VhxFBazxJwhEwAGM1kzK2mHsOdQN8TngdRzOoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAITS6njQUvVmn1PFfFEq0fx4FZpaONDHg10K5cNfVrwe7lJ9Go/6EyvHGmynsZuFeL8/Zi9LbrVqjx+u49UeSvAk0KWFKK+haVZ4zbLVo5DChGW+Tcu/BdyKq8f91rgT7ZYU8eJKEUkAAAGvVNsTXAzRqbHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFaUf+NU/B/8ASJItf8q9fYg6S/00vT3RRaVRpprb/QtWsUeXi2nijjqV223xbfa8SxUElgWzli8T6dci/wC3o/7UH2wTPL3P+afm/cu6P+OPkjtOJ1AAAPMAYPQZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCaX1cLM160ox79b8pKs1jVK7SssLdri11/gqNz0tetCGGOOt3Qk/gWVZ6sGygtIa9aMfP2ZFWxatScfVnKPZJr4FnT+KCfFInzyk0fTdHaqlZqLX+nGPXFar8DzF3HVrzX1fMu7d40o+RIkc7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqGnVrzp0VuxqP+WP5iysIZOXoUWmKucafr/C/k5tCaGtXc90IfxSyXcpHS+lhTS4nHRNPWrOXBe/4yE0vs3k7XUW6bVVfjzf8WsWmj6mvbx+mX7fbA73UNWq/rmWn/D23a1CVJvOnLFfcnmu/WKrS1LVqqfFc1+InWFTGDjwLUVROAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMatRRTlJ4RScm3sSSxbMpNvBGJSUVi9h8uvS3+Wqzq7pPJcIrJLsPQUqXZwUTx9xWdao58fbcXbQ+xeToKT9Ko9f8OyPdn1lTe1Napgt2R6DRlHs6Os9ss/TcRv+Id261ONois6fJl9yT29T8WTdEV9Wbpvfs8zN/Sxiprd7FQ0bvf8AZq8aj9B8if3Hvw4p4Pq5y4vLbt6Tjv2rzK+3rdlNS3bz65CaaTTTTWKazTT2NM8g008GX6eOaMjBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFL03vv/1ab56jXdD4vqXEtrC2/wB2Xp1KLSt5/sw9enUgtHrtdorKH1FypvhBbul7O17iZc1lShjv3FdZ27r1VHdtfl9z6hFYZLJLI86euSwMa1KM4uEljGScWnsaawaMxk4tSW1GGk1gz5BpHdErLWdN4uD5VOXGH6rY+3eexs7mNxT1lt3r6/mw8/cUXSnqvZuJ3QjSpU8LNXlhT2U5vZHH6sn6vB7ujZA0lo9z/u01nvXH6+ZKs7vV/tz2bmfRTzhbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS0p0rVPGjQknV2Sms4w5lxl4FnZ2Ln8dTZw4/Yp7/SKp406T+Le+H39ij2WjOpNQgnOcngltbbzbb72y4nKMI60skihhCVSSjHNs+pXBdEbNSUFnN8qcuMubmW485c13Wnju3HrLO1VvT1d+9/UkyOSgAR9+XRTtVJ0qmW+Ml6UZbmv03ki2uZ289ePquKOVajGrHVkfIb6umrZqjp1Y/dkvQmuMX8NqPYW1zTuIa0H6b0efrUZUpasiV0b0zq2ZKnUTrUFklj5yC+y3tX2X1NES80XTr/ABRylyfn19zvb3s6XwvNcz6LdOkFmtC81VTl6j5NRfhefWsjzlxZVqHzxy47v3LelcU6vyvqShFO4AAAAAAAAAAAAAAAAAAAAAAAAAABE3npHZqGU6qcvUhy59i2deBKo2dar8scuLyRFr3tGj80s+CzZSL80xrV8YU/M0nlk/OSXPLcuZdrLi30dTpZyzfIo7rSdSr8MPhXP9+n7kLd1hqVpqnSg5S7Elxk9yJdWpCnHWmyBRozqy1ILFn03RzR+Fljj6daS5U/yx4Lx8PO3V3Ku+C4HqLOyjbx4ye19PoTREJoAAAAOW8bvpV4OlVgpwe57U+Ke1PnR1o1p0Za8HgzSpTjUjqyWKPnV/aAVqeM7O/LQ26rwjWS8Jdz5j0drpmnP4avwvju+xT19HzjnDNc/uUu00pQlqzjKE1uknGS6nmXcJRmsYvFFdJOLweTO2y6SWyllC1VEuDl5Rdk8ThOxtqnzQXt7HWNzWjsk/zzOp6dXj7T7uj8hy7os/Bzl1N/6+48XJdB+/l4+0+7o/IO57Pwc5dTHeFx4uS6D9/Lx9p93R+Qd0Wfg5y6jvC48XJdB+/l4+0+7o/IY7os/Bzl1Md4XHi5LoFp3eHtPu6PyDuiz8HOXUx3hc+LkuhktOrw9p93R+Qx3RZ+DnLqO8Lnxcl0Pf36vD2n3dH5DHdNp4Ocuo7wufFyXQ9WnN4e0+7pfKY7ptPBzfUx3hc+LkuhktOLw9o93S+Ux3TaeDm+o7xufFyXQ9/fi3+0e7pfKY7qtPBzfUd43Pi5LoerTe3+0e7pfKY7qtfBzfUd43Pi5LoZLTa3+0e7pfKY7rtfBzfUd43Pi5LoerTW3+0e7pfKY7rtfBzfUd43Pi5LoZLTW3+0e7pfKY7rtfBzfUx3jc+Lkuh6tNLd7R7ul8pjuy18PN9R3jc+Lkuh6tM7d7R/BS+Ux3ZbeHm+o7xufFyXQS0wtzy/aH1Qpr8oWjbZfo5vqYekbl/r5LocNqve0VPpK9SS4OTUf+KyO0LalD5YpehwncVZ/NJv1NFks06j1acJTlwinJ9eGw2nOMFjN4eZyhTlN4QWPkW65tBas8JWiXko+rHCVR9fox7yrr6UhHKmsXx3dXyLW30TOWdV4LgtvRcy9Xdd1KhDUpQUI78NrfFva30lJVrTqy1pvEvKNGFKOrBYI6jmdQAAAAAAAADntlipVVq1aUKkeE4qa7zpTqzpvGEmvJms4RmsJLEp+kWiVigtaFDVbx2TqJZLhrYIuLPSVzJ4Slj6LoV9ezorNR9z5fb6ajNpLBJvn8T1NKTlFNlJUSUsEczOpzBgwegwAD1GGDJGpg9RgGaMMHqMGDJGoPUYBkjBgyRhgyRqDJGATFwWKFSSU44rPe1sx4Mh3VWUFjFkq1pRqSwkj6BdGi1j1FN2eMpfac5r/jJtFDXv7jWw1v2wXsXlGwt8MdX98X7lhoUIwWrCMYRW6KUV2IgSlKTxk8SdGKisIrA2GpsAAAAAAf/Z - apiversion: v2 - condition: "" - tags: "" - appversion: 1.1.0 - deprecated: false - annotations: {} - kubeversion: '>=1.17.1-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : icr.io/cpopen/ibm-operator-catalog:latest : No images found for Registry/Repository: icr.io/cpopen/ibm-operator-catalog - Image is not Red Hat certified : icr.io/cpopen/ibm-catalog-helm-test@sha256:aab960c2d208028581240c74ec6218b2ab09297f4ab9deb6016d84ce8001e737 : No images found for Registry/Repository: icr.io/cpopen/ibm-catalog-helm-test - - check: has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - diff --git a/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.2/report.yaml b/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.2/report.yaml deleted file mode 100644 index 7cc31f2b0b..0000000000 --- a/charts/partners/ibm/ibm-operator-catalog-enablement/1.2.2/report.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.3 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-operator-catalog-enablement-1.2.2.tgz?raw=true - digest: sha256:e2ac016fcad031ed7c577d6be83cfc46d3f61d46cba44dcec00026ba4b283ac8 - digests: - chart: sha256:e2ac016fcad031ed7c577d6be83cfc46d3f61d46cba44dcec00026ba4b283ac8 - package: 645f40e44eb14882ecf1d13c8f589f6e03f95703290b1af6ccb627746e6b5712 - lastCertifiedTimestamp: "2021-10-19T04:53:29.320557+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-operator-catalog-enablement - home: http://ibm.biz/oprcatalog - sources: [] - version: 1.2.2 - description: 'IBM Operator Catalog enablement deploys custom CatalogSources - and ImageContentSourcePolicy resources to enable consistent Catalog experience - to deploy and maintain IBM products. The operators are publically available, - but products they install may require purchase and entitlement keys. Documentation - For additional details regarding installation see https://ibm.biz/operator-catalog-readme License - By installing this catalog you accept the license terms https://www.apache.org/licenses/LICENSE-2.0 ' - keywords: - - amd64 - - ppc64le - - s390x - - deploy - - Catalog - - Commercial - - Limited - - Tools - - Other - - RHOCP - maintainers: - - name: IBM - email: "" - url: "" - icon: data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxITEhUQEhAVEhEVFRUQFxgVGBUQEBgSFREXFhcXFxUYHiggGBolHRUWITEhJSkrLi4uFx8zODMsNygtLisBCgoKDg0OGxAQGi0mHyYtLS0wLy4tKy8tMistLS0tLS8vLS0tLS0rLS0uLS0tLS0tLS0vLS0tLS0tLS0tLS0tLf/AABEIANMA7wMBEQACEQEDEQH/xAAbAAEAAgMBAQAAAAAAAAAAAAAABQYCAwQBB//EAEYQAAIBAQQFBwgHBgUFAAAAAAABAgMEBREhBhIxQVEiYXGBkaGxEyMyUlSjwdIzQmJygsLRFBaisuHwB0NTc5IVJDREs//EABoBAQACAwEAAAAAAAAAAAAAAAAEBQECAwb/xAA5EQACAQICBwYFAwMFAQEAAAAAAQIDBBEhBRIxQVGh0RMVUnGBsSIyYeHwQpHBFCMzNENygvHCYv/aAAwDAQACEQMRAD8A+4gAAAAAAAAAAAAAAAAAAAArmk1eWvGnjhHV1sOLcms+Ow70lliea03Wn2ipp5YY830OjRmvKSnFvFR1Wsc8MccujIxVSWDJGhK05xnCTxSww9cehNnEvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVbSh+eX+2v5pEqj8p5XTf+oX/Fe7OnRR/Sfg/OaV9xJ0Dtqf8AX+SwHA9CAAAAAAAAAAAAAAAAAAAAAAAAAAAACD0sttSnTioNx1pNOSyeSxwT3Y/AlWsIyk8Sp0tcVKVNKDwxe0jdGb5lr+SqTcoyyi5NyaluWLzwf6HW4orV1oog6Mv5qp2VSWKezHj5/UtxAPSAAAAAAAAqmlT88v8Abj/PMl0Pl9Ty2m/9Qv8AivdnTok/pfwfnNbjcSNA7an/AF/+ixEY9CAAAAAAACs3neUpTahNxgslqtrHnxR2jHBHkr/SNSpVapyaitmDwx+pMXPXlOmnLN4tY8UjnNYMvdGV51rdSntzWPE7jUsAAAAAAAAAAAAAAAAAct5WJVqcqb3rJ8JLYzenNwkpI4XNBV6Tpvf7nzqpCUJOMspReD4pplwmpLFHipwlCTi8mi/XDePlqSk/TjyZdK39e0qq9Ps5Ybj19hdf1FFSe1ZPz+5InEmgAAAAAFU0sXnovc6aXWpSx8V2ky3+U8vptPt4v/8AP8s6dEF9K93IXWtbHxRpcbiRoJP+4/L+SxEY9AAAAAAARd/W3UhqJ8qeXRHe/gdKccXiVOlrvsaWpH5pe2/p/wCEBZKLnJQW19y3s6vJYnmbehKtUVOO8uFGkoxUVsSwI7eJ7mnTjTgoR2IzMG4AAAAAAAAAAAAAAAAABVNMrt2WiK4Rn4Rl8Own2dX9D9Cg0xa/78fJ/wAP+P2IjR+8vI1U2+RLkz6N0urwxJFelrxy2ldYXX9PVxfyvJ9fQ+hIqD2AAAAAABptVlhUWE4qS59q6HuNoycdhxrUKdZYVFiZUKEYLVhFRjwRhybeLNqdKFOOrBYI2GDoAAAADGpNRTk3gksX0IyliazmoRcpbEUu22p1Jub37FwjuRKjHBYHiLq4dxVdR+nkT+j1j1Y+Ua5UtnNH+u3sONSWeB6DQ9p2dPtZbZe332/sS5yLkAAAAAAAAAAAAAAAAAAAGFekpxcJLGMk4tczMxbi8UazgpxcZbGfPbbctaFR01SnNY8mUYtxa3PFZJ8cdhcQrwlHHFI8hWsa1Oo4KLfBpbfzeXu7KMoUqcJvGUYRi9+aWzHeVNSSlNtHqraEqdGMZbUkdRodwAAAAAAAAAAAAAcN9UJToyjDN5PDik8cDpTaUsyDpGjOrbyjDbl65leuy7JzmlKEowWcnJOPUsTvOaSyPO2Wj6lWqlOLUVtxWHpmW5IiHsD0AAAAAAAAAAAAAAAAAAAAAAAAA8bAIm26R2enlr+Ulwhyl/y2d5Iha1JbsPMrq2lLenlji/pnz2EPaNLpv0KcYrjJuT7FgSI2cVtZW1NNVH8kUvPPocFXSC0y/wA3D7qivhidVbU1uIc9J3Uv14eSRhTvavj9NPtDow4Gsb24b+dnbQvGt/qy7TnKlDgSY3dfxskaF51d8selI4ulHgTKd5WW8kKN5v60V1ZdxydLgTIXj/UjtpWqMt+D58jm4tEuFaEjcanUAAAAAAAAAAAAAAAAHPZ7fSm3GFWE5LaoyjJrpSZ0lSnFYyi16HKFanNtRkm1wZ0HM6gAAAAAAAAELfGkdKjjBecqr6qeSf2nu6NpKo2s6mbyRXXekqdD4VnLhw82U68b4rVny58n1VyYdm/rLKnQhT2I87cXlav87y4bvzzNdisVWq8KdOU92K9FdMnkjM5xh8zOdKhUqvCnFv8AOOwnbJojUedSpGHNFOb7cku8iTvY/pRZ0tC1H/kkl5Z9P5JSjopQXpSnLpaS7kR3dzezAnQ0NQXzNv16HVDR6zL/AC+2U38TR3NR7zvHRltH9PN9TZ/0Whuhh0OX6mvbz4m3d9Dw82Yu54bnJdjRntnvMOwp7mzB3bJbGn3Mz2iZo7SUdjxMVTayawGOJjUayZ1UajXQaNJkiEmjqhUTNGsCRGSZmYNgAAAAAAAADU7TBS1HOOtwxWt2GcHtOTr0lPUclrcMVj+xtMHUjtIaFSdmqwpem4tLDJvil0rFdZ3tpRjVi5bMSNdwnOhKMNuB8njKUJfWhOL54Ti/FM9M0pLimeQWtCXBr0aLbcumso4QtC147NeK5a+9H63Vn0lZcaNTzp5fQuLbS0o/DWzXFbfVdP2LrY7XTqxU6c1OL3rwfB8zKidOUHqyWDLynVhUjrQeKN5odAAADyTSWLeCWfNgA3gUrSHSlyxpWd4Q2Oayk+aPBc/9u1t7LV+Kpt4Hnb7SjnjCi8uPHy6/sV2yWedSShTi5Se5eLe5c7Js5RgsZPIqadKdSWrBYsuV0aJwjhKu/KS9VfRr4y8OYq617KWUMlzL+10RCPxVs3w3ff8AMiyQgkkkkksklkl1EJtvNlxGKisEsjIwZAAAAAAAB41jtBhpPaaZ0OBspcTm6fAwijYwkb4SNGjomZmDYAAAAGi12uFNa05JcOL6FvNoxcthwr3FOhHWqPAr1vv2c8qfIjx+u/0O8aSW087d6YqVPhpfCuf2/MyMpwcnhFOUnwzZu8tpUwhOpLVisWy8UU1GKk8ZJJN8+GZEe095TUlBKW3BY+ZmYNyNvi46NoXnI8rYpxymuveuZ5EihdVKL+F5cNxFuLSlXXxrPjvKFfei1ehjJLytL1orlJfajtXSsV0F1b31Ork8n+bGefudHVaOazjxX8oi7Bb6lGWvSm4S5tjXBrY0SalKNRas1iRKVadKWtTeB9E0V0g/aVKM4qNSCTeHoyT3pbtmwoby07Bpp5M9JYX39QmpLCSJ8hFiACg6WaReVboUn5pPCUl9drcvsrv6NtzZ2motee32+55vSV/2rdKn8u98ft7+W2Jua66lonqQySzlJ+jFfF8ESa9aNKOLINrazuJ6sfV8D6PdV2U6ENSmumT9KT4t/AoqtaVWWMj1VtbU7eOrBeu9naciQAAAAAAAAAAAAADyUcTOJhoxwBgyRgyegyACFvy+XSfk4LlYYtvNLHgt7O9KlrZsp9I6SlQl2dNZ4beBWataUnrSk5Se95slKKWw8zUqTqS1pvFkrd1xznyp+bj/ABvq3dZxnVS2FnaaJq1fiqfCuf29f2LJZLHCmsIRw4vbJ9LI0pOW09Jb21KhHCmsPc3mp3AAAABXr60SoV25x8zUeeMVjFv7UN/SsCdQv6lLJ5r83ldc6NpVviXwv6fyjo0c0fjZVLluc5YYyw1VgtiSzw28TS6u3XaywSOlnZRtk88W95MkQmlV03vvycf2em/OTWMmtsYPd0vwx5iysLbXfaS2L3+xUaUvOzj2UNr2/Rfcpl12GdepGlDa9r3Ritsn/fAta1SNKDlIoaFCVaahD/xcT6ldl3woU1Sgslte+Ut8nznnKtWVWWtI9fb0IUIKEDrOZ2AAAAAAAAAAAAAAAAB45LiDDaPNdcUZwGsuJkYMgAir2uVVpKanqSwweWsmujFZnanWcFgVl9o2NzJTUsH5Y9Dbd10U6WaWtP1nt6luNZ1ZSOlro6jb5pYy4v8AjgSBzJ4AAAAAAAAAAOe32uNKnKrL0Ypy6eCXO3l1m9Om6klFbznVqKnBzlsR8kttolUnKrN4yk3J/BdCWC6j1FOChFRjsR46rOVSbnLaz6Nojc/kKOtJedqYSlxS+rDq387ZQ3tx2s8FsX5iel0da9hTxl8z29PzeTpCLAAAAAAAAAAAAAAGMppGUsTDeBplWe7I21TnKb3GmcnxNkcZNs0yNjkzVIyjmzHWa2NroyM4Gus1sNkLdNb8en9TV00zeNzOP1OyheEJZPkvn2dppKm0Sqd1CWTyZ1nMkgAAAAAAAAAAAFS08tb1YUFv85LoWUV24vqRaaNp5uo/IqdKVMlTXm/4IPRS6/K2hOS5FPzj4Np8ldufUyZe1uzpZbXkQLC37Ssm9iz6H0k8+elAAAAAAAAAAAAABjJmTDZqaNjQKjxDkNQ2KkuBrizKhEyUVwMYm2CDiuAxGCNU7NB7Yrqy8DZSaNJUYPajlrXb6sup/qbqrxI07PwsjLRSlF4SWHgdotPYQKkJQeEkbLJeMoZPlR4b10GJU1I3o3UqeTzRN0K0ZrWi8URmmngy2p1IzjrRNhg3AAAAAAAAAKDfkvKVpy3Y6q6I5fDHrLy3WpTSKC5evVb/ADIsOiFk1KLnvnJv8Mcl349pAvqmtUw4FjYU9WnjxJ0hE4AAAAAAAAAAAA8ZkwzzAGD1IwbHoAAAAAAAAMalNSWDWKMptbDWUVJYNEDeV3uHKjnDvXTzc5Jp1NbJ7SourV0/ijs9jksdtdOWKzW9cV+pvOCkiNQuJUZYrZvRZ6FVTipReKZDaaeDL+nOM4qUdhsMG4AAB42DGITMgxrTwi5cE32IRWLSEngsSjypF1iUrgXWx0dSEYerFLrwzKepLWk2XFOOrFI3GhuAAAAAAAAAAAAAAAAAAAAAAAAAAAeNbgGsSsXxYfJyxXoS2cz4E2lPWWe0oL227GWK+V/mBlcVv1J6knyZPDolu7dnYYrU8VijNhc9nPUex+5ZiGXwANVWrhlvNlHE1lLAxhIyzVM3JGhvgarb9HL7r8Den8yNanysr1Oz4tLnXiT3PIhKOZZytLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA02uzqpBwexrse5m0ZOLxRzrUlVg4PeUivFxk4vJptPpRZRzWKPKTi4ScXtRcLntflaUZP0lyZdK/XJ9ZX1YaksD0tnX7akpPbsfmdNeqoxcnu8TWMdZ4EiUtVYkUq7bxe1kpxwI+tiSlCGCz2kWTxZIisDaamxrtK5Mug2h8yNZbGRlKnmuleJJlLIjpZkuRCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqaV2fVqRqLZNYP70f6NdhPtZYxw4Hn9K0tWoprf7oz0RtPLnT4rXXSng/Fdhi6jkpG+iauE5Q45nbftq5Spp7FrPpez++cxbU8nIsbieeqeXNHXlrPZHPrewXD1VhxFBazxJwhEwAGM1kzK2mHsOdQN8TngdRzOoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAITS6njQUvVmn1PFfFEq0fx4FZpaONDHg10K5cNfVrwe7lJ9Go/6EyvHGmynsZuFeL8/Zi9LbrVqjx+u49UeSvAk0KWFKK+haVZ4zbLVo5DChGW+Tcu/BdyKq8f91rgT7ZYU8eJKEUkAAAGvVNsTXAzRqbHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFaUf+NU/B/8ASJItf8q9fYg6S/00vT3RRaVRpprb/QtWsUeXi2nijjqV223xbfa8SxUElgWzli8T6dci/wC3o/7UH2wTPL3P+afm/cu6P+OPkjtOJ1AAAPMAYPQZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCaX1cLM160ox79b8pKs1jVK7SssLdri11/gqNz0tetCGGOOt3Qk/gWVZ6sGygtIa9aMfP2ZFWxatScfVnKPZJr4FnT+KCfFInzyk0fTdHaqlZqLX+nGPXFar8DzF3HVrzX1fMu7d40o+RIkc7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqGnVrzp0VuxqP+WP5iysIZOXoUWmKucafr/C/k5tCaGtXc90IfxSyXcpHS+lhTS4nHRNPWrOXBe/4yE0vs3k7XUW6bVVfjzf8WsWmj6mvbx+mX7fbA73UNWq/rmWn/D23a1CVJvOnLFfcnmu/WKrS1LVqqfFc1+InWFTGDjwLUVROAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMatRRTlJ4RScm3sSSxbMpNvBGJSUVi9h8uvS3+Wqzq7pPJcIrJLsPQUqXZwUTx9xWdao58fbcXbQ+xeToKT9Ko9f8OyPdn1lTe1Napgt2R6DRlHs6Os9ss/TcRv+Id261ONois6fJl9yT29T8WTdEV9Wbpvfs8zN/Sxiprd7FQ0bvf8AZq8aj9B8if3Hvw4p4Pq5y4vLbt6Tjv2rzK+3rdlNS3bz65CaaTTTTWKazTT2NM8g008GX6eOaMjBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFL03vv/1ab56jXdD4vqXEtrC2/wB2Xp1KLSt5/sw9enUgtHrtdorKH1FypvhBbul7O17iZc1lShjv3FdZ27r1VHdtfl9z6hFYZLJLI86euSwMa1KM4uEljGScWnsaawaMxk4tSW1GGk1gz5BpHdErLWdN4uD5VOXGH6rY+3eexs7mNxT1lt3r6/mw8/cUXSnqvZuJ3QjSpU8LNXlhT2U5vZHH6sn6vB7ujZA0lo9z/u01nvXH6+ZKs7vV/tz2bmfRTzhbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS0p0rVPGjQknV2Sms4w5lxl4FnZ2Ln8dTZw4/Yp7/SKp406T+Le+H39ij2WjOpNQgnOcngltbbzbb72y4nKMI60skihhCVSSjHNs+pXBdEbNSUFnN8qcuMubmW485c13Wnju3HrLO1VvT1d+9/UkyOSgAR9+XRTtVJ0qmW+Ml6UZbmv03ki2uZ289ePquKOVajGrHVkfIb6umrZqjp1Y/dkvQmuMX8NqPYW1zTuIa0H6b0efrUZUpasiV0b0zq2ZKnUTrUFklj5yC+y3tX2X1NES80XTr/ABRylyfn19zvb3s6XwvNcz6LdOkFmtC81VTl6j5NRfhefWsjzlxZVqHzxy47v3LelcU6vyvqShFO4AAAAAAAAAAAAAAAAAAAAAAAAAABE3npHZqGU6qcvUhy59i2deBKo2dar8scuLyRFr3tGj80s+CzZSL80xrV8YU/M0nlk/OSXPLcuZdrLi30dTpZyzfIo7rSdSr8MPhXP9+n7kLd1hqVpqnSg5S7Elxk9yJdWpCnHWmyBRozqy1ILFn03RzR+Fljj6daS5U/yx4Lx8PO3V3Ku+C4HqLOyjbx4ye19PoTREJoAAAAOW8bvpV4OlVgpwe57U+Ke1PnR1o1p0Za8HgzSpTjUjqyWKPnV/aAVqeM7O/LQ26rwjWS8Jdz5j0drpmnP4avwvju+xT19HzjnDNc/uUu00pQlqzjKE1uknGS6nmXcJRmsYvFFdJOLweTO2y6SWyllC1VEuDl5Rdk8ThOxtqnzQXt7HWNzWjsk/zzOp6dXj7T7uj8hy7os/Bzl1N/6+48XJdB+/l4+0+7o/IO57Pwc5dTHeFx4uS6D9/Lx9p93R+Qd0Wfg5y6jvC48XJdB+/l4+0+7o/IY7os/Bzl1Md4XHi5LoFp3eHtPu6PyDuiz8HOXUx3hc+LkuhktOrw9p93R+Qx3RZ+DnLqO8Lnxcl0Pf36vD2n3dH5DHdNp4Ocuo7wufFyXQ9WnN4e0+7pfKY7ptPBzfUx3hc+LkuhktOLw9o93S+Ux3TaeDm+o7xufFyXQ9/fi3+0e7pfKY7qtPBzfUd43Pi5LoerTe3+0e7pfKY7qtfBzfUd43Pi5LoZLTa3+0e7pfKY7rtfBzfUd43Pi5LoerTW3+0e7pfKY7rtfBzfUd43Pi5LoZLTW3+0e7pfKY7rtfBzfUx3jc+Lkuh6tNLd7R7ul8pjuy18PN9R3jc+Lkuh6tM7d7R/BS+Ux3ZbeHm+o7xufFyXQS0wtzy/aH1Qpr8oWjbZfo5vqYekbl/r5LocNqve0VPpK9SS4OTUf+KyO0LalD5YpehwncVZ/NJv1NFks06j1acJTlwinJ9eGw2nOMFjN4eZyhTlN4QWPkW65tBas8JWiXko+rHCVR9fox7yrr6UhHKmsXx3dXyLW30TOWdV4LgtvRcy9Xdd1KhDUpQUI78NrfFva30lJVrTqy1pvEvKNGFKOrBYI6jmdQAAAAAAAADntlipVVq1aUKkeE4qa7zpTqzpvGEmvJms4RmsJLEp+kWiVigtaFDVbx2TqJZLhrYIuLPSVzJ4Slj6LoV9ezorNR9z5fb6ajNpLBJvn8T1NKTlFNlJUSUsEczOpzBgwegwAD1GGDJGpg9RgGaMMHqMGDJGoPUYBkjBgyRhgyRqDJGATFwWKFSSU44rPe1sx4Mh3VWUFjFkq1pRqSwkj6BdGi1j1FN2eMpfac5r/jJtFDXv7jWw1v2wXsXlGwt8MdX98X7lhoUIwWrCMYRW6KUV2IgSlKTxk8SdGKisIrA2GpsAAAAAAf/Z - apiversion: v2 - condition: "" - tags: "" - appversion: 1.1.0 - deprecated: false - annotations: {} - kubeversion: '>=1.17.1-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : icr.io/cpopen/ibm-operator-catalog:latest - Image is Red Hat certified : icr.io/cpopen/ibm-catalog-helm-test@sha256:6e1fc64d29163f02803dc4f5a65f76954ed8add4c92196aafdc0df62d39d55a7 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - diff --git a/charts/partners/ibm/ibm-operator-catalog-enablement/OWNERS b/charts/partners/ibm/ibm-operator-catalog-enablement/OWNERS deleted file mode 100644 index 564506b83f..0000000000 --- a/charts/partners/ibm/ibm-operator-catalog-enablement/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ibm-operator-catalog-enablement - shortDescription: null -publicPgpKey: null -users: -- githubUsername: morstad -- githubUsername: rondamus -vendor: - label: ibm - name: IBM diff --git a/charts/partners/ibm/ibm-sfg-prod/OWNERS b/charts/partners/ibm/ibm-sfg-prod/OWNERS deleted file mode 100644 index d9273f7813..0000000000 --- a/charts/partners/ibm/ibm-sfg-prod/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ibm-sfg-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: nikeshmi -- githubUsername: imdad000 -vendor: - label: ibm - name: IBM Japan, Ltd. diff --git a/charts/partners/ibm/ibm-spectrum-protect-plus-prod/1.2.1/report.yaml b/charts/partners/ibm/ibm-spectrum-protect-plus-prod/1.2.1/report.yaml deleted file mode 100644 index 64d7df1932..0000000000 --- a/charts/partners/ibm/ibm-spectrum-protect-plus-prod/1.2.1/report.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-spectrum-protect-plus-prod-1.2.1.tgz?raw=true - digest: sha256:bdca5ff578ed63268169e9bf2b0ead107b89c8f9634eaf93492dc63a3234cc17 - digests: - chart: sha256:bdca5ff578ed63268169e9bf2b0ead107b89c8f9634eaf93492dc63a3234cc17 - package: 0073bda1813deff6e980f8266d2ca2827a9fdd8661cab823651b3077018c2f0f - lastCertifiedTimestamp: "2021-08-24T14:56:27.916199+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: ibm-spectrum-protect-plus-prod - home: https://www.ibm.com/us-en/marketplace/ibm-spectrum-protect-plus - sources: [] - version: 1.2.1 - description: |- - IBM Spectrum Protect Plus is a data protection and availability solution for virtual environments and database applications that can be rapidly deployed to protect your environment. - - Container Backup Support is a feature of IBM Spectrum Protect Plus that extends data protection to containers in Kubernetes and OpenShift clusters. Container Backup Support protects persistent volumes that are attached to containers in Kubernetes and OpenShift clusters. - - Documentation - For additional details regarding install parameters check the Container Backup Support documentation at https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.8/spp/welcome.html - - License - By installing this product you accept the following license terms: https://ibm.biz/BdquzE. - keywords: - - Commercial - - Storage - - Operations - - amd64 - - RHOCP - - Other - maintainers: - - name: IBM - email: "" - url: "" - icon: https://www.ibm.com/cloud-computing/scalable-icon.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 10.1.8.1 - deprecated: false - annotations: {} - kubeversion: '>=1.18.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-transaction-manager:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-minio:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-kafka-operator:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-controller:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-scheduler:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-spp-agent:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-transaction-manager-redis:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-transaction-manager-worker:10.1.8.1 - Image is Red Hat certified : cp.icr.io/cp/sppc/baas-cert-monitor:10.1.8.1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 \ No newline at end of file diff --git a/charts/partners/ibm/ibm-spectrum-protect-plus-prod/OWNERS b/charts/partners/ibm/ibm-spectrum-protect-plus-prod/OWNERS deleted file mode 100644 index 26ef9d8d2e..0000000000 --- a/charts/partners/ibm/ibm-spectrum-protect-plus-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ibm-spectrum-protect-plus-prod - shortDescription: null -publicPgpKey: null -users: -- githubUsername: emcollin -vendor: - label: ibm - name: IBM diff --git a/charts/partners/illumio/illumio-test/OWNERS b/charts/partners/illumio/illumio-test/OWNERS deleted file mode 100644 index a4a4b570aa..0000000000 --- a/charts/partners/illumio/illumio-test/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: illumio-test - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: illumio - name: Illumio diff --git a/charts/partners/illumio/illumio/1.0.0/report.yaml b/charts/partners/illumio/illumio/1.0.0/report.yaml deleted file mode 100644 index 7256a7db99..0000000000 --- a/charts/partners/illumio/illumio/1.0.0/report.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:86e18df54395641a1a5866bb801df5b0b79e86f992dc72cc395c47387f633389 - package: 2c4d9506b899577a79173adcb657d5948782b6fed208e84cedf37f2f2c3968ab - lastCertifiedTimestamp: "2022-06-29T19:28:05.160154+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: illumio - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/illumio/cven:21.5.14-1 - Image is Red Hat certified : quay.io/illumio/kubelink:3.0.0.16f670 - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - diff --git a/charts/partners/illumio/illumio/3.1.0/report.yaml b/charts/partners/illumio/illumio/3.1.0/report.yaml deleted file mode 100644 index 3b887f5751..0000000000 --- a/charts/partners/illumio/illumio/3.1.0/report.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.7.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:c02d46c17728a4e503e2ab65247920a4d5f204a44d735fa41d297078d3d2b7ad - package: 95c90c0f751c7f4c97233bcb9a8115e8749b6997d7292e7a2bdf09538bb94e1b - lastCertifiedTimestamp: "2022-11-21T15:21:08.548747+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: illumio - home: "" - sources: [] - version: 3.1.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 3.1.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - Image is Red Hat certified : quay.io/illumio/cven:21.5.18-8447 - Image is Red Hat certified : quay.io/illumio/kubelink:3.1.0.43a8f4 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - diff --git a/charts/partners/illumio/illumio/4.0.0/report.yaml b/charts/partners/illumio/illumio/4.0.0/report.yaml deleted file mode 100644 index d8d6c4637b..0000000000 --- a/charts/partners/illumio/illumio/4.0.0/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5148844088997397774 - chart-uri: N/A - digests: - chart: sha256:7b56401ba5858f1178bc2a67fc72468512e2d47041505d90320540e4325cc138 - package: b9ecf4d4133d8b3e272ab21a252bf1c555e4cd9f67f9dcac86ec38ac4236932a - lastCertifiedTimestamp: "2023-01-23T21:35:01.18158+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: illumio - home: "" - sources: [] - version: 4.0.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 4.0.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/illumio/cven:22.5.11-9729 - Image is Red Hat certified : quay.io/illumio/kubelink:3.2.0.7b7a38 - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/illumio/illumio/4.1.0/report.yaml b/charts/partners/illumio/illumio/4.1.0/report.yaml deleted file mode 100644 index f616f62abb..0000000000 --- a/charts/partners/illumio/illumio/4.1.0/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:800710538525813135 - chart-uri: N/A - digests: - chart: sha256:3bf47dd767c297b800554094e4752e250c49dfd4d616ce6e351f01b628afccbc - package: 28cfdcfe0acaf79e7254db9af5618ac38a22f9fc7917d914497dfcf6aee954f4 - lastCertifiedTimestamp: "2023-03-29T12:13:35.423207+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: true - chart: - name: illumio - home: "" - sources: [] - version: 4.1.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 4.1.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/illumio/cven:22.5.13-9746 - Image is Red Hat certified : quay.io/illumio/kubelink:3.2.1.0feca6 - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - diff --git a/charts/partners/illumio/illumio/4.2.0/report.yaml b/charts/partners/illumio/illumio/4.2.0/report.yaml deleted file mode 100644 index 6980281fd1..0000000000 --- a/charts/partners/illumio/illumio/4.2.0/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:14621129090800003028 - chart-uri: N/A - digests: - chart: sha256:69b0a14cead335d9f1828fec2993067c49a62d78e7e92f1924a2a62d9757a5e9 - package: f2d44f3b3018fcfa8dd53e095b3ff424b8c6c664da268eb44f062ca5c803115b - lastCertifiedTimestamp: "2023-05-10T10:08:37.606684+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: true - chart: - name: illumio - home: "" - sources: [] - version: 4.2.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 4.2.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - Image is Red Hat certified : quay.io/illumio/cven:22.5.13-9746 - Image is Red Hat certified : quay.io/illumio/kubelink:3.3.0-62 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/illumio/illumio/4.3.0/report.yaml b/charts/partners/illumio/illumio/4.3.0/report.yaml deleted file mode 100644 index 1fe5d3edb1..0000000000 --- a/charts/partners/illumio/illumio/4.3.0/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:1092068865871491332 - chart-uri: N/A - digests: - chart: sha256:d5ed5cae49a309ec1532fa7d56d8f4944880043f987076a6acada79e297067a1 - package: c98a4098f3246a7bd18278a5ffd8421c4ba65468a0cdcaa16016df52fdf81328 - lastCertifiedTimestamp: "2023-07-26T12:21:57.154687+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: true - chart: - name: illumio - home: "" - sources: [] - version: 4.3.0 - description: A Helm chart of Illumio Core for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.illumio.com/sites/default/files/2021-05/illumio_Logo_2019_0_OPT.svg - apiversion: v2 - condition: "" - tags: "" - appversion: 4.3.0 - deprecated: false - annotations: - charts.openshift.io/name: Illumio Core for Kubernetes - kubeversion: '>=1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/illumio/cven:22.5.14-9753 - Image is Red Hat certified : quay.io/illumio/kubelink:3.3.1-64 - Image is Red Hat certified : registry.access.redhat.com/ubi9/toolbox:9.0.0-13 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - diff --git a/charts/partners/illumio/illumio/OWNERS b/charts/partners/illumio/illumio/OWNERS deleted file mode 100644 index a93eb33e1e..0000000000 --- a/charts/partners/illumio/illumio/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: illumio - shortDescription: null -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: jan-lucansky -vendor: - label: illumio - name: Illumio diff --git a/charts/partners/inaccel/fpga-operator/OWNERS b/charts/partners/inaccel/fpga-operator/OWNERS deleted file mode 100644 index b7a43eb405..0000000000 --- a/charts/partners/inaccel/fpga-operator/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: fpga-operator - shortDescription: Simplifying FPGA management in Kubernetes -publicPgpKey: null -users: -- githubUsername: eliaskoromilas -vendor: - label: inaccel - name: InAccel diff --git a/charts/partners/intracom-telecom/nfvri-agent/OWNERS b/charts/partners/intracom-telecom/nfvri-agent/OWNERS deleted file mode 100644 index c4404b19a9..0000000000 --- a/charts/partners/intracom-telecom/nfvri-agent/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nfvri-agent - shortDescription: NFV-RI (TM) Agent Helm Chart Repository -publicPgpKey: null -users: -- githubUsername: angelouev -- githubUsername: victor-timofei -vendor: - label: intracom-telecom - name: Intracom S A Telecom Solutions diff --git a/charts/partners/intracom-telecom/nfvri-chart/OWNERS b/charts/partners/intracom-telecom/nfvri-chart/OWNERS deleted file mode 100644 index 8b6af6e0b8..0000000000 --- a/charts/partners/intracom-telecom/nfvri-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nfvri-chart - shortDescription: NFV-RI (TM) Helm Chart Repository -publicPgpKey: null -users: -- githubUsername: angelouev -- githubUsername: danielchristod -vendor: - label: intracom-telecom - name: Intracom S A Telecom Solutions diff --git a/charts/partners/intracom-telecom/nfvri/4.3.0/report.yaml b/charts/partners/intracom-telecom/nfvri/4.3.0/report.yaml deleted file mode 100644 index 67370b150d..0000000000 --- a/charts/partners/intracom-telecom/nfvri/4.3.0/report.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://europe-docker.pkg.dev/nfv-ri/rh-helm-charts/nfvri - digests: - chart: sha256:590d7a20414c751498c355163f48bf312481726fc617f9a034bbcd682e802477 - package: 311b83691f68272f4cc09a13c547b67052457d02775b2455687c1b59f660b3b9 - lastCertifiedTimestamp: "2022-04-20T10:33:50.894848+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: nfvri - home: "" - sources: [] - version: 4.3.0 - description: A Helm chart for Kubernetes to deploy the NFV-RI stack - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 4.3.0 - deprecated: false - annotations: - charts.openshift.io/name: nfvri - kubeversion: '>= 1.20.0' - dependencies: - - name: nfvri-agent - version: 4.3.0 - repository: file://../nfvri-agent - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-apiserver - version: 4.3.0 - repository: file://../nfvri-apiserver - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-orchestrator - version: 4.3.0 - repository: file://../nfvri-orchestrator - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-dashboard - version: 4.3.0 - repository: file://../nfvri-dashboard - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dc-agent-rhel8:v4.3.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/apiserver-ubi8:v4.3.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dashboard-ubi8:v4.3.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/orchestrator-rhel8:v4.3.0 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/intracom-telecom/nfvri/4.4.0/report.yaml b/charts/partners/intracom-telecom/nfvri/4.4.0/report.yaml deleted file mode 100644 index 929cde5b5a..0000000000 --- a/charts/partners/intracom-telecom/nfvri/4.4.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://europe-docker.pkg.dev/nfv-ri/helm-charts/nfvri - digests: - chart: sha256:001abb541d0be2cc58a5ab6bf75bf0b05023ef37f40f9129ff677db7cef603e3 - package: a65ca1921a21c3a90cda7849ebe7355aed87a6dde755d5231bb4a314f2ee1ae1 - lastCertifiedTimestamp: "2022-10-19T09:24:59.061544+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: nfvri - home: "" - sources: [] - version: 4.4.0 - description: A Helm chart for Kubernetes to deploy the NFV-RI stack - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: v4.4.0 - deprecated: false - annotations: - charts.openshift.io/name: nfvri - kubeversion: '>= 1.20.0' - dependencies: - - name: nfvri-agent - version: 4.4.0 - repository: file://../nfvri-agent - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-apiserver - version: 4.4.0 - repository: file://../nfvri-apiserver - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-orchestrator - version: 4.4.0 - repository: file://../nfvri-orchestrator - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-dashboard - version: 4.4.0 - repository: file://../nfvri-dashboard - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dc-agent-rhel8:v4.4.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/apiserver-ubi8:v4.4.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dashboard-ubi8:v4.4.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/orchestrator-rhel8:v4.4.0 - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi:8.4-206 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed \ No newline at end of file diff --git a/charts/partners/intracom-telecom/nfvri/4.6.0/report.yaml b/charts/partners/intracom-telecom/nfvri/4.6.0/report.yaml deleted file mode 100644 index 56f9c7c9fe..0000000000 --- a/charts/partners/intracom-telecom/nfvri/4.6.0/report.yaml +++ /dev/null @@ -1,127 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:2334367270523295195 - chart-uri: N/A - digests: - chart: sha256:038f5bdcec66e6c8787e6f66ae23a291be56fddf397bd51f6fac6cc0394596d3 - package: e0a08e4a400ea3255e4d69a7a163a055b0f3a76f89d2795b0ec53b97c88055d9 - lastCertifiedTimestamp: "2023-04-27T12:43:38.197495+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: true - chart: - name: nfvri - home: "" - sources: [] - version: 4.6.0 - description: A Helm chart for Kubernetes to deploy the NFV-RI stack - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: v4.6.0 - deprecated: false - annotations: - charts.openshift.io/name: nfvri - kubeversion: '>= 1.20.0' - dependencies: - - name: nfvri-agent - version: 4.6.0 - repository: file://../nfvri-agent - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-apiserver - version: 4.6.0 - repository: file://../nfvri-apiserver - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-orchestrator - version: 4.6.0 - repository: file://../nfvri-orchestrator - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-dashboard - version: 4.6.0 - repository: file://../nfvri-dashboard - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dc-agent-rhel8:v4.6.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/apiserver-ubi8:v4.6.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dashboard-ubi8:v4.6.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/orchestrator-rhel8:v4.6.0 - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi:8.4-206 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/intracom-telecom/nfvri/4.7.0/report.yaml b/charts/partners/intracom-telecom/nfvri/4.7.0/report.yaml deleted file mode 100644 index 96b84f7dd0..0000000000 --- a/charts/partners/intracom-telecom/nfvri/4.7.0/report.yaml +++ /dev/null @@ -1,127 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5676812155230051827 - chart-uri: N/A - digests: - chart: sha256:9c41056bd1106c071bdd31726cc0d190de2707c1e87a9baa5a4e87faa2ed1f14 - package: bb9fee00749c29127a5944ed7298b26938b242cdf566551e0afaa2e788d852ef - lastCertifiedTimestamp: "2023-07-17T12:35:24.910294+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: ">=4.7" - webCatalogOnly: true - chart: - name: nfvri - home: "" - sources: [] - version: 4.7.0 - description: A Helm chart for Kubernetes to deploy the NFV-RI stack - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: v4.7.0 - deprecated: false - annotations: - charts.openshift.io/name: nfvri - kubeversion: ">= 1.20.0" - dependencies: - - name: nfvri-agent - version: 4.7.0 - repository: file://../nfvri-agent - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-apiserver - version: 4.7.0 - repository: file://../nfvri-apiserver - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-orchestrator - version: 4.7.0 - repository: file://../nfvri-orchestrator - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nfvri-dashboard - version: 4.7.0 - repository: file://../nfvri-dashboard - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dc-agent-rhel8:v4.7.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/apiserver-ubi8:v4.7.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/dashboard-ubi8:v4.7.0 - Image is Red Hat certified : europe-docker.pkg.dev/nfv-ri/images/orchestrator-rhel8:v4.7.0 - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi:8.4-206 - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: "Chart is not signed : Signature verification not required" - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/intracom-telecom/nfvri/OWNERS b/charts/partners/intracom-telecom/nfvri/OWNERS deleted file mode 100644 index 2e24652a36..0000000000 --- a/charts/partners/intracom-telecom/nfvri/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: nfvri - shortDescription: NFV-RI (TM) Helm Chart Repository -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: angelouev -- githubUsername: danielchristod -vendor: - label: intracom-telecom - name: Intracom S A Telecom Solutions diff --git a/charts/partners/iomesh/iomesh-csidriver/OWNERS b/charts/partners/iomesh/iomesh-csidriver/OWNERS deleted file mode 100644 index e3c691b043..0000000000 --- a/charts/partners/iomesh/iomesh-csidriver/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: iomesh-csidriver - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: iomesh - name: SmartX diff --git a/charts/partners/iomesh/iomesh-operator/OWNERS b/charts/partners/iomesh/iomesh-operator/OWNERS deleted file mode 100644 index 1242aa407a..0000000000 --- a/charts/partners/iomesh/iomesh-operator/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: iomesh-operator - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: iomesh - name: SmartX diff --git a/charts/partners/jinhli-2021-update/test-helmchart/OWNERS b/charts/partners/jinhli-2021-update/test-helmchart/OWNERS deleted file mode 100644 index 41c283aaef..0000000000 --- a/charts/partners/jinhli-2021-update/test-helmchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helmchart - shortDescription: null -publicPgpKey: null -users: -- githubUsername: jinhli -vendor: - label: jinhli-2021-update - name: jinhli-uat1 inc diff --git a/charts/partners/jjf-fake-registry/chart-to-nowhere/OWNERS b/charts/partners/jjf-fake-registry/chart-to-nowhere/OWNERS deleted file mode 100644 index 7e57f09f4f..0000000000 --- a/charts/partners/jjf-fake-registry/chart-to-nowhere/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: chart-to-nowhere - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: jjf-fake-registry - name: John Francini's Fake Company diff --git a/charts/partners/jmanning/jm-helm-gpg-test/OWNERS b/charts/partners/jmanning/jm-helm-gpg-test/OWNERS deleted file mode 100644 index 4b899840e6..0000000000 --- a/charts/partners/jmanning/jm-helm-gpg-test/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: jm-helm-gpg-test - shortDescription: Josh Manning GPG Key Test -providerDelivery: false -publicPgpKey: somerandomstring -users: -- githubUsername: jsm84 -vendor: - label: jmanning - name: jmanning-uat1 diff --git a/charts/partners/kovair/kov-helm-chart/OWNERS b/charts/partners/kovair/kov-helm-chart/OWNERS deleted file mode 100644 index 030df90dd7..0000000000 --- a/charts/partners/kovair/kov-helm-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: kov-helm-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: kovair - name: Kovair Software, Inc. diff --git a/charts/partners/kovair/kovairdevops-helm/0.1.0/kovairdevops-helm-0.1.0.tgz b/charts/partners/kovair/kovairdevops-helm/0.1.0/kovairdevops-helm-0.1.0.tgz deleted file mode 100644 index a22d8405b8..0000000000 Binary files a/charts/partners/kovair/kovairdevops-helm/0.1.0/kovairdevops-helm-0.1.0.tgz and /dev/null differ diff --git a/charts/partners/kovair/kovairdevops-helm/OWNERS b/charts/partners/kovair/kovairdevops-helm/OWNERS deleted file mode 100644 index 28a55034db..0000000000 --- a/charts/partners/kovair/kovairdevops-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: kovairdevops-helm - shortDescription: Kovair DevOps Application Frontend Container -publicPgpKey: null -users: -- githubUsername: saaj562 -vendor: - label: kovair - name: Kovair Software, Inc. diff --git a/charts/partners/kubevious/kubevious/OWNERS b/charts/partners/kubevious/kubevious/OWNERS deleted file mode 100644 index d8f622050a..0000000000 --- a/charts/partners/kubevious/kubevious/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: kubevious - shortDescription: null -publicPgpKey: null -users: -- githubUsername: kubevious -vendor: - label: kubevious - name: Kubevious diff --git a/charts/partners/lacework/lacework-agent/5.4.1/lacework-agent-5.4.1.tgz b/charts/partners/lacework/lacework-agent/5.4.1/lacework-agent-5.4.1.tgz deleted file mode 100644 index 77476bf5e9..0000000000 Binary files a/charts/partners/lacework/lacework-agent/5.4.1/lacework-agent-5.4.1.tgz and /dev/null differ diff --git a/charts/partners/lacework/lacework-agent/5.4.1/report.yaml b/charts/partners/lacework/lacework-agent/5.4.1/report.yaml deleted file mode 100644 index 1bbcadba0c..0000000000 --- a/charts/partners/lacework/lacework-agent/5.4.1/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/lacework-agent-5.4.1.tgz - digests: - chart: sha256:fdc6f7c21a4f42349848a970de8a1d4a548c58e3f1366b0d3f84705a3b979a31 - package: 60a977f3f65094912be2819b8952bc0d4ec1e1eb566b796e265ad327069b08ad - lastCertifiedTimestamp: "2022-03-15T17:49:54.212404+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.1' - providerControlledDelivery: false - chart: - name: lacework-agent - home: https://www.lacework.com - sources: [] - version: 5.4.1 - description: Lacework Agent - keywords: - - monitoring - - security - - run-time - - metric - - troubleshooting - maintainers: - - name: lacework-support - email: info@lacework.net - url: "" - icon: https://www.lacework.com/wp-content/uploads/2019/07/Lacework_Logo_color_2019.svg - apiversion: v2 - condition: "" - tags: "" - appversion: "1.0" - deprecated: false - annotations: - charts.openshift.io/name: Lacework Agent - charts.openshift.io/provider: Lacework - charts.openshift.io/supportURL: https://support.lacework.com - kubeversion: '> 1.9.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/lacework/lacework-agent:5.4.1' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist diff --git a/charts/partners/lacework/lacework-agent/OWNERS b/charts/partners/lacework/lacework-agent/OWNERS deleted file mode 100644 index 2650ba3057..0000000000 --- a/charts/partners/lacework/lacework-agent/OWNERS +++ /dev/null @@ -1,18 +0,0 @@ -chart: - name: lacework-agent - shortDescription: Lacework Agent Helm Charts -publicPgpKey: null -users: -- githubUsername: cirego -- githubUsername: nschmeller -- githubUsername: theopolis -- githubUsername: mohamedghozzi-lw -- githubUsername: jprakash-lw -- githubUsername: mattiv-lw -- githubUsername: rnalexlacework -- githubUsername: ammarekbote -- githubUsername: anilnanduribote -- githubUsername: '' -vendor: - label: lacework - name: Lacework diff --git a/charts/partners/lakefs/lakefs/OWNERS b/charts/partners/lakefs/lakefs/OWNERS deleted file mode 100644 index 9cf900f568..0000000000 --- a/charts/partners/lakefs/lakefs/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: lakefs - shortDescription: lakeFS is an open-source data version control, that enables you - to manage your data lake the way you manage your code. -publicPgpKey: null -users: -- githubUsername: nopcoder -vendor: - label: lakefs - name: Treeverse diff --git a/charts/partners/mavenir/5gdu/5gdu_5.0.1-563/report.yaml b/charts/partners/mavenir/5gdu/5gdu_5.0.1-563/report.yaml deleted file mode 100644 index 6cdf7db073..0000000000 --- a/charts/partners/mavenir/5gdu/5gdu_5.0.1-563/report.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:2c286be0b45a1852634966316cc394bec6ee746e54a991b9caf1ab8c9c39d4e8 - package: c6586e42f85df1dc529892fca9ae41c45279610062c027c4262fc96ff219e4da - lastCertifiedTimestamp: "2022-07-21T14:04:14.999201+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: 5gdu - home: "" - sources: [] - version: 5gdu_5.0.1-563 - description: NF Service template. - keywords: [] - maintainers: - - name: ran ptf team - email: srikanth.subbaramu@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.17.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/5gdu:mvrp-du-x86-5.0.1.563 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/mavenir/5gdu/OWNERS b/charts/partners/mavenir/5gdu/OWNERS deleted file mode 100644 index b946d28a85..0000000000 --- a/charts/partners/mavenir/5gdu/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: 5gdu - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/amf/10.1.0-4757/report.yaml b/charts/partners/mavenir/amf/10.1.0-4757/report.yaml deleted file mode 100644 index e3cf98cdf7..0000000000 --- a/charts/partners/mavenir/amf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,163 +0,0 @@ -Using config file: ./amf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:c9e5119d0e0b9ce4845fc02807b44e0ab19555d584d0d805e32290511eaad1bd - package: d3f8a4885cdcf0f9137eb1acb8f90db8c7033caaeabf28d25a502affdd9f62e9 - lastCertifiedTimestamp: "2022-09-28T11:10:54.803276+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: amf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: amf - kubeversion: '>= 1.17.0' - dependencies: - - name: amf-comm - version: "0.1" - repository: file:///root/amf-comm/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-mt - version: "0.1" - repository: file:///root/amf-mt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-gw - version: "0.1" - repository: file:///root/amf-gw/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-n2iwf - version: "0.1" - repository: file:///root/amf-n2iwf/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-ee - version: "0.1" - repository: file:///root/amf-ee/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-slicemgmt - version: "0.1" - repository: file:///root/amf-slicemgmt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-gtpciwf - version: "0.1" - repository: file:///root/amf-gtpciwf/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: amf-pathmgmt - version: "0.1" - repository: file:///root/amf-pathmgmt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/amf-n2-iwf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-slicemanagement:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-comm:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-gtpc-iwf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-mt:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-pathmgmt:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-ee:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/amf-ap:10.1.0-4757-ubi-1-0 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/mavenir/amf/OWNERS b/charts/partners/mavenir/amf/OWNERS deleted file mode 100644 index 5221e97e48..0000000000 --- a/charts/partners/mavenir/amf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: amf - shortDescription: Mavenir 5GCore AMF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/ausf/10.1.0-4757/report.yaml b/charts/partners/mavenir/ausf/10.1.0-4757/report.yaml deleted file mode 100644 index 03ca294a43..0000000000 --- a/charts/partners/mavenir/ausf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,116 +0,0 @@ -Using config file: ./ausf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:57db67a32dd1ebc362207a9067557523f50e9edbbe6c516962b7c87b4cc58415 - package: 7e5d7bc6db69006629a23712682a512ee2b1fe9d1c239566f738da6c0cd5d591 - lastCertifiedTimestamp: "2022-10-19T07:25:54.524346+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: ausf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: ausf - kubeversion: '>= 1.17.0' - dependencies: - - name: ausf-auth - version: "0.1" - repository: file:///root/ausf-auth/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ausf-sorprotect - version: "0.1" - repository: file:///root/ausf-sorprotect/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ausf-upuprotect - version: "0.1" - repository: file:///root/ausf-upuprotect/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/ausf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/mavenir/ausf/OWNERS b/charts/partners/mavenir/ausf/OWNERS deleted file mode 100644 index b8d982a510..0000000000 --- a/charts/partners/mavenir/ausf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ausf - shortDescription: Mavenir 5GCore AUSF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/cucp/5.0.326-53/report.yaml b/charts/partners/mavenir/cucp/5.0.326-53/report.yaml deleted file mode 100644 index a2fdfb3361..0000000000 --- a/charts/partners/mavenir/cucp/5.0.326-53/report.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/ansvu/samplechart/releases/cucp_358/g3_5_0_326_53/cucp_53_helmtest.tgz - digests: - chart: sha256:fda1fa17c6802bcb0fe1bdc46ab95a3f7e4c26f105a0a3d2313e329e4f5fb4f9 - package: a3ec623230433f0753bd06b8223c68df6bc84f539166258144252420023c97dd - lastCertifiedTimestamp: "2022-05-05T18:19:51.249661+00:00" - testedOpenShiftVersion: "4.6" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: cucp - home: "" - sources: [] - version: 5.0.326-53 - description: NF Service template. - keywords: [] - maintainers: - - name: ran pltf team - email: srikanth.subbaramu@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.17.0' - dependencies: - - name: gnbmgr - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ueconmgr - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpe1iwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpf1iwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ngclientiwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpxniwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/nginx-sctp_e1_iwf:5.0.326.53 - Image is Red Hat certified : quay.io/mrhcert/nginx-sctp_f1_iwf:5.0.326.53 - Image is Red Hat certified : quay.io/mrhcert/nginx-sctp_ng_client_iwf:5.0.326.53 - Image is Red Hat certified : quay.io/mrhcert/nginx-sctp_xn_iwf:5.0.326.53 - Image is Red Hat certified : quay.io/mrhcert/nginx-ue_conn_mgr:5.0.326.53 - Image is Red Hat certified : quay.io/mrhcert/nginx-gnb_mgr:5.0.326.53 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - diff --git a/charts/partners/mavenir/cucp/5.0.590-67/report.yaml b/charts/partners/mavenir/cucp/5.0.590-67/report.yaml deleted file mode 100644 index 887ab34c6a..0000000000 --- a/charts/partners/mavenir/cucp/5.0.590-67/report.yaml +++ /dev/null @@ -1,141 +0,0 @@ -Using config file: /root/VZ_PHASE1/CUCP/590_67_P2/cucp_ubi/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:544208512538136612 - chart-uri: N/A - digests: - chart: sha256:9087cf91de6ceace64c2f07d7f997fe9d5f1f7b6b54b86ec45c03163ad774a63 - package: 688f8e90c2b15472c061aa850485117273e989d382c8f8c3e2585ea9f880507c - lastCertifiedTimestamp: "2023-01-27T06:01:02.426399+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: cucp - home: "" - sources: [] - version: 5.0.590-67 - description: NF Service template. - keywords: [] - maintainers: - - name: ran pltf team - email: srikanth.subbaramu@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.16.0-0' - dependencies: - - name: gnbmgr - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ueconmgr - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpe1iwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpf1iwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sctpx2iwf - version: "2.8" - repository: http://10.10.5.8:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/cucp_gnb_mgr:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/cim:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/cucp_sctp_e1_iwf:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cucp_sctp_f1_iwf:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cucp_sctp_x2_iwf:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cucp_ue_conn_mgr:5.0.590-67 - diff --git a/charts/partners/mavenir/cucp/OWNERS b/charts/partners/mavenir/cucp/OWNERS deleted file mode 100644 index 2df8098303..0000000000 --- a/charts/partners/mavenir/cucp/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cucp - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/cuup/0.14.1/report.yaml b/charts/partners/mavenir/cuup/0.14.1/report.yaml deleted file mode 100644 index df51f412f9..0000000000 --- a/charts/partners/mavenir/cuup/0.14.1/report.yaml +++ /dev/null @@ -1,154 +0,0 @@ -Using config file: /root/rhdu_Ubi7sw/CUUP_Ubi8/Chart/helchart_cuup/cuup_helm_01062022/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/shantanushivanekar123/rhdu_Ubi7sw/CUUP_Ubi8/Chart/helchart_cuup/cuup_helm_01062022_new.tgz - digests: - chart: sha256:2d662185426d2d11a310e8d055d4b86b4533f8c3fdb06c9c9450390dabecb6d8 - package: 4be6bc722e266c6753a7ca4291d499c23817572ed87f35bd705175feb112ef5e - lastCertifiedTimestamp: "2022-06-01T18:56:38.183573+00:00" - testedOpenShiftVersion: "4.7" - supportedOpenShiftVersions: '>=4.5' - providerControlledDelivery: false - chart: - name: cuup - home: "" - sources: [] - version: 0.14.1 - description: NR CUUP services. - keywords: [] - maintainers: - - name: George Jiang - email: junjie.jiang@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: NRCC.R.2.0.14.1_DB - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>=1.18.0-0' - dependencies: - - name: iwfsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: gwsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: intfmgrsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dprmsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: srmsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bccsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dalsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/nginx-srmsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-iwfsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-intfmgrsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-gwsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-etcdcleaner:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-dprmsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-dalsvc:NRCC.R.2.0.14.1.DB.20220520 - Image is Red Hat certified : quay.io/mrhcert/nginx-bccsvc:NRCC.R.2.0.14.1.DB.20220520 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/mavenir/cuup/5.0.590-67/report.yaml b/charts/partners/mavenir/cuup/5.0.590-67/report.yaml deleted file mode 100644 index e8bcaf9a06..0000000000 --- a/charts/partners/mavenir/cuup/5.0.590-67/report.yaml +++ /dev/null @@ -1,149 +0,0 @@ -Using config file: /root/VZ_PHASE1/CUUP/590_67_P2/cuup_ubiwi/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:2706543267371244217 - chart-uri: N/A - digests: - chart: sha256:ea54df57710837a1e1a9e9dfb89e6b03355d440d9b9abaf3db6d3907f873ee3a - package: 830d4d737ea9b0258043ea6aa8b4089dde0db27304e2d960de3115c615bc8de5 - lastCertifiedTimestamp: "2023-02-01T11:09:54.074079+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.5' - providerControlledDelivery: true - chart: - name: cuup - home: "" - sources: [] - version: 5.0.590-67 - description: NR CUUP services. - keywords: [] - maintainers: - - name: George Jiang - email: junjie.jiang@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: NRCC-R_2_0_13_0 - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>=1.18.0-0' - dependencies: - - name: iwfsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: gwsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: intfmgrsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: srmsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bccsvc - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: etcd - version: 0.0.1 - repository: http://10.69.12.211:8080 - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/cuup_iwfsvc:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cuup_srmsvc:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cuup_bccsvc:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/cim:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/cuup_gwsvc:5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/cuup_intfmgrsvc:5.0.590-67 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/mavenir/cuup/OWNERS b/charts/partners/mavenir/cuup/OWNERS deleted file mode 100644 index dbb69ac6b8..0000000000 --- a/charts/partners/mavenir/cuup/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cuup - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/du/5.0.590-67/report.yaml b/charts/partners/mavenir/du/5.0.590-67/report.yaml deleted file mode 100644 index bdece67700..0000000000 --- a/charts/partners/mavenir/du/5.0.590-67/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -Using config file: du_590_67_P2_ubi_newcim/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:918899815062968020 - chart-uri: N/A - digests: - chart: sha256:d1d5ea0477078eba6ee785899e259399747e0dbbdeab8cf2ff1cfedecc67aac1 - package: 92ccdf94af54cae1b1935907bbf8ddee8bd51bf5b4e5d4018250eb676ff9f004 - lastCertifiedTimestamp: "2023-01-27T16:28:56.717361+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.5' - webCatalogOnly: true - chart: - name: du - home: "" - sources: [] - version: 5.0.590-67 - description: NF Service template. - keywords: [] - maintainers: - - name: ran ptf team - email: srikanth.subbaramu@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.18.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/5gdu_updated:mvrp-du-x86-5.0.590-67 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/cim:22.3.1-p5 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/mavenir/du/OWNERS b/charts/partners/mavenir/du/OWNERS deleted file mode 100644 index 7c2487e471..0000000000 --- a/charts/partners/mavenir/du/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: du - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/du/du5.0.326-53/report.yaml b/charts/partners/mavenir/du/du5.0.326-53/report.yaml deleted file mode 100644 index 964e251a84..0000000000 --- a/charts/partners/mavenir/du/du5.0.326-53/report.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/ansvu/samplechart/releases/du_helmchart/du_helmchart_run.tgz - digests: - chart: sha256:75ca3bacbe48389a2273a216571db8d996336dca73feb8005b10d68f490044f2 - package: a96538a7d87eaf005e7a4b095b9fb314a96dfa2d570c283698b63ebbbd1a424f - lastCertifiedTimestamp: "2022-06-11T16:49:30.472769+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.5' - providerControlledDelivery: true - chart: - name: du - home: "" - sources: [] - version: du5.0.326-53 - description: NF Service template. - keywords: [] - maintainers: - - name: ran ptf team - email: srikanth.subbaramu@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>=1.18.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/du - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/mavenir/enbdu/4.10.26-11/report.yaml b/charts/partners/mavenir/enbdu/4.10.26-11/report.yaml deleted file mode 100644 index 8b94641c9f..0000000000 --- a/charts/partners/mavenir/enbdu/4.10.26-11/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -Using config file: /home/xr11-sno2/4GDU/sno-1-du-helm-test/4G-VDU-centos_7_9_xran_mnxt-R_4_10_26_1-helmCharts/vDU-mnxt/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:3916862377248515064 - chart-uri: N/A - digests: - chart: sha256:c5531ba17e271ab8a4a946dc8b0655024af784a228d2c2e7dd985e1ed677b3c3 - package: 254b898f97f9a34965d56cb38526d7c91ac568b7de9eb5b87cf026bf4eb02bbd - lastCertifiedTimestamp: "2023-02-02T16:20:22.166542+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.4' - webCatalogOnly: true - chart: - name: enbdu - home: "" - sources: [] - version: 4.10.26-11 - description: NF Service Template - keywords: [] - maintainers: - - name: RAN PLTF Team - email: rahul.gupta@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: R_4_10_26_11 - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.17.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/mrhcert/4g-du-rhubi:mnxt-du-x86-4.10.26-11' - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - diff --git a/charts/partners/mavenir/enbdu/OWNERS b/charts/partners/mavenir/enbdu/OWNERS deleted file mode 100644 index 7867d5200b..0000000000 --- a/charts/partners/mavenir/enbdu/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: enbdu - shortDescription: 4GDU -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/imc/11.0.2-2a/report.yaml b/charts/partners/mavenir/imc/11.0.2-2a/report.yaml deleted file mode 100644 index 3dbbdb8beb..0000000000 --- a/charts/partners/mavenir/imc/11.0.2-2a/report.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:17642831295096218512 - chart-uri: N/A - digests: - chart: sha256:e7d6661f2d7082e7544e1e8d51bd674567b62b3efa4282769e0024543e5f50b2 - package: 881978099097aa7ac4692bb0dc526afc5520d3ad19780cfa6a1c8cbcca589ffd - lastCertifiedTimestamp: "2023-05-03T06:39:10.957232+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.5' - webCatalogOnly: true - chart: - name: imc - home: "" - sources: [] - version: 11.0.2-2a - description: A combined Helm chart for IMC - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: mavenir IMS Test - charts.openshift.io/provider: Mavenir - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/uag/init_container_ubi:v4.4 - Image is Red Hat certified : quay.io/mrhcert/cscf/ims-r_11_0_12_2-v2:r_11_0_12_2a-patch-v4-nonroot - Image is Red Hat certified : quay.io/mrhcert/ims/rediam:r_2_0_40_0b-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/regt:r_2_0_44_0d-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/resip:r_2_0_41_0b-v2 - Image is Red Hat certified : quay.io/mrhcert/ims/sm:r_2_0_13_3d-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/vlbfe:r_1_0_34_0-v1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - diff --git a/charts/partners/mavenir/imc/OWNERS b/charts/partners/mavenir/imc/OWNERS deleted file mode 100644 index 3416d33ed6..0000000000 --- a/charts/partners/mavenir/imc/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: imc - shortDescription: imc helm -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: rameshmav -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/ksync/10.1.0-4757/report.yaml b/charts/partners/mavenir/ksync/10.1.0-4757/report.yaml deleted file mode 100644 index 49eb5b2498..0000000000 --- a/charts/partners/mavenir/ksync/10.1.0-4757/report.yaml +++ /dev/null @@ -1,90 +0,0 @@ -Using config file: ./ksync-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:7a5a55735164d17694fcec2eb8da47bda654693382904c09337e20a3c4e56b00 - package: 6f7430c5bf13c0214dfe327674ed8cd256f53284bb2de19adcdea602387d89f8 - lastCertifiedTimestamp: "2022-10-19T10:01:36.003934+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: ksync - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: ksync - kubeversion: '>= 1.17.0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/m5gcrhcert/ksync:10.1.0-4757-ubi-1-0' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/mavenir/ksync/OWNERS b/charts/partners/mavenir/ksync/OWNERS deleted file mode 100644 index 1f369a8772..0000000000 --- a/charts/partners/mavenir/ksync/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ksync - shortDescription: Mavenir 5GCore KSYNC CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/mco/3.0.1800-b17/report.yaml b/charts/partners/mavenir/mco/3.0.1800-b17/report.yaml deleted file mode 100644 index 9288ae2d8d..0000000000 --- a/charts/partners/mavenir/mco/3.0.1800-b17/report.yaml +++ /dev/null @@ -1,607 +0,0 @@ -Using config file: config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.1 - reportDigest: uint64:7671850966091442761 - chart-uri: N/A - digests: - chart: sha256:7483cdcc70e3465afc7e9d6d38239c398a71f78aff0e24958fb39b6bf1b35a3a - package: e7b60b37fb4a71a76dd88a990fb8baa1e3167cf4b287b93ca8b85904755b9e59 - lastCertifiedTimestamp: "2023-01-09T11:28:35.454508+01:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.5' - providerControlledDelivery: true - chart: - name: mco - home: "" - sources: [] - version: 3.0.1800-b17 - description: Helmchart for MCO - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 3.0.1800-b17 - deprecated: false - annotations: - charts.openshift.io/name: MCO Chart - charts.openshift.io/provider: Mavenir - kubeversion: '>= 1.17.3-0' - dependencies: - - name: admin-tools - version: 3.0.1800-b17 - repository: "" - condition: admin-tools.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: arm - version: 3.0.1800-b17 - repository: "" - condition: arm.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cdma - version: 3.0.1800-b17 - repository: "" - condition: cdma-r.enabled - tags: [] - enabled: false - importvalues: [] - alias: cdma-r - - name: cdma - version: 3.0.1800-b17 - repository: "" - condition: cdma-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: cdma-t - - name: cex - version: 3.0.1800-b17 - repository: "" - condition: cex.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cfgpull - version: 3.0.1800-b17 - repository: "" - condition: cfgpull.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: collector - version: 3.0.1800-b17 - repository: "" - condition: collector.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cron - version: 3.0.1800-b17 - repository: "" - condition: cron.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbfi - version: 3.0.1800-b17 - repository: "" - condition: dbfi.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbft - version: 3.0.1800-b17 - repository: "" - condition: dbft.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbfm - version: 3.0.1800-b17 - repository: "" - condition: dbfm.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: echos - version: 3.0.1800-b17 - repository: "" - condition: echos.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: gsm-0340 - version: 3.0.1800-b17 - repository: "" - condition: gsm-0340-r.enabled - tags: [] - enabled: false - importvalues: [] - alias: gsm-0340-r - - name: gsm-0340 - version: 3.0.1800-b17 - repository: "" - condition: gsm-0340-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: gsm-0340-t - - name: ifxr - version: 3.0.1800-b17 - repository: "" - condition: ifxr.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: k8sag - version: 3.0.1800-b17 - repository: "" - condition: k8sag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: kernel - version: 3.0.1800-b17 - repository: "" - condition: kernel.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lida - version: 3.0.1800-b17 - repository: "" - condition: lida.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lipa - version: 3.0.1800-b17 - repository: "" - condition: lipa.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mag - version: 3.0.1800-b17 - repository: "" - condition: mag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm1c - version: 3.0.1800-b17 - repository: "" - condition: mm1c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm1s - version: 3.0.1800-b17 - repository: "" - condition: mm1s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm3c - version: 3.0.1800-b17 - repository: "" - condition: mm3c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm3s - version: 3.0.1800-b17 - repository: "" - condition: mm3s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm4c - version: 3.0.1800-b17 - repository: "" - condition: mm4c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm4s - version: 3.0.1800-b17 - repository: "" - condition: mm4s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm7c - version: 3.0.1800-b17 - repository: "" - condition: mm7c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm7s - version: 3.0.1800-b17 - repository: "" - condition: mm7s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mmk - version: 3.0.1800-b17 - repository: "" - condition: mmk.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mmr - version: 3.0.1800-b17 - repository: "" - condition: mmr.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: hmp - version: 3.0.1800-b17 - repository: "" - condition: hmp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: msg-t - version: 3.0.1800-b17 - repository: "" - condition: msg-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: netconfgw - version: 3.0.1800-b17 - repository: "" - condition: netconfgw.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrfag - version: 3.0.1800-b17 - repository: "" - condition: nrfag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: oamzoo - version: 3.0.1800-b17 - repository: "" - condition: oamzoo.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: orion - version: 3.0.1800-b17 - repository: "" - condition: orion.enabled - tags: [] - enabled: false - importvalues: [] - alias: orion - - name: pag - version: 3.0.1800-b17 - repository: "" - condition: pag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: prometheus - version: 3.0.1800-b17 - repository: "" - condition: prometheus.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pusa - version: 3.0.1800-b17 - repository: "" - condition: pusa.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: redis - version: 3.0.1800-b17 - repository: "" - condition: redis-m.enabled - tags: [] - enabled: false - importvalues: [] - alias: redis-m - - name: redis - version: 3.0.1800-b17 - repository: "" - condition: redis-s.enabled - tags: [] - enabled: false - importvalues: [] - alias: redis-s - - name: restgw - version: 3.0.1800-b17 - repository: "" - condition: restgw.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: scn - version: 3.0.1800-b17 - repository: "" - condition: scn.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: shark - version: 3.0.1800-b17 - repository: "" - condition: shark.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: redis - version: 3.0.1800-b17 - repository: "" - condition: shredis-m.enabled - tags: [] - enabled: false - importvalues: [] - alias: shredis-m - - name: redis - version: 3.0.1800-b17 - repository: "" - condition: shredis-s.enabled - tags: [] - enabled: false - importvalues: [] - alias: shredis-s - - name: replicator - version: 3.0.1800-b17 - repository: "" - condition: replicator.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sgs - version: 3.0.1800-b17 - repository: "" - condition: sgs.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: slc - version: 3.0.1800-b17 - repository: "" - condition: slc.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smog - version: 3.0.1800-b17 - repository: "" - condition: smog.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smpp - version: 3.0.1800-b17 - repository: "" - condition: smpp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smtp - version: 3.0.1800-b17 - repository: "" - condition: smtp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: snmpag - version: 3.0.1800-b17 - repository: "" - condition: snmpag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sodia - version: 3.0.1800-b17 - repository: "" - condition: sodia.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sol - version: 3.0.1800-b17 - repository: "" - condition: sol.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sonas - version: 3.0.1800-b17 - repository: "" - condition: sonas.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: spooler - version: 3.0.1800-b17 - repository: "" - condition: spooler.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ucp - version: 3.0.1800-b17 - repository: "" - condition: ucp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: vesag - version: 3.0.1800-b17 - repository: "" - condition: vesag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: zookeeper - version: 3.0.1800-b17 - repository: "" - condition: zookeeper.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/kaitlam/dbfi:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/pag:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/kernel:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/ice:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/gsm:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/cfgpull:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/dbft:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/k8sag:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/lida:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/smpp:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/ucp:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/sol:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/dbfm:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/arm:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/ims:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/echos:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/oamzoo:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/sgs:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/smog:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/sonas:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/admin-tools:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/zookeeper:3.8.00.b06.el7 - Image is Red Hat certified : quay.io/kaitlam/vesag:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/shark:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/slc:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/snmpag:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/lipa:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/smtp:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/spooler:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/redis:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/restgw:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/pusa:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/orion:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/nrfag:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/ifxr:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/scn:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/sodia:r3.0-18.00.b17.el7 - Image is Red Hat certified : quay.io/kaitlam/collector:r3.0-18.00.b17.el7 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - diff --git a/charts/partners/mavenir/mco/3.0.1812-b17/report.yaml b/charts/partners/mavenir/mco/3.0.1812-b17/report.yaml deleted file mode 100644 index c4207ad5de..0000000000 --- a/charts/partners/mavenir/mco/3.0.1812-b17/report.yaml +++ /dev/null @@ -1,647 +0,0 @@ -Using config file: config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.1 - reportDigest: uint64:14974417299402898136 - chart-uri: N/A - digests: - chart: sha256:6d0b4e0448a64d7a339caa779eb31d93b3b2cb57a9f2d2477bdf688ddb7efd67 - package: 2a20f63dd7be814c577fba7138e2f1ef2531e4af92f99a53ff57d8a96a555a1c - lastCertifiedTimestamp: "2023-06-26T11:49:14.731901+02:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.5' - providerControlledDelivery: true - chart: - name: mco - home: "" - sources: [] - version: 3.0.1812-b17 - description: Helmchart for MCO - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 3.0.1812-b17 - deprecated: false - annotations: - charts.openshift.io/name: MCO Chart - charts.openshift.io/provider: Mavenir - kubeversion: '>= 1.17.3-0' - dependencies: - - name: admin-tools - version: 3.0.1812-b17 - repository: "" - condition: admin-tools.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: arm - version: 3.0.1812-b17 - repository: "" - condition: arm.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cdma - version: 3.0.1812-b17 - repository: "" - condition: cdma-r.enabled - tags: [] - enabled: false - importvalues: [] - alias: cdma-r - - name: cdma - version: 3.0.1812-b17 - repository: "" - condition: cdma-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: cdma-t - - name: cex - version: 3.0.1812-b17 - repository: "" - condition: cex.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cfgpull - version: 3.0.1812-b17 - repository: "" - condition: cfgpull.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: collector - version: 3.0.1812-b17 - repository: "" - condition: collector.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cron - version: 3.0.1812-b17 - repository: "" - condition: cron.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbfi - version: 3.0.1812-b17 - repository: "" - condition: dbfi.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbft - version: 3.0.1812-b17 - repository: "" - condition: dbft.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: dbfm - version: 3.0.1812-b17 - repository: "" - condition: dbfm.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: echos - version: 3.0.1812-b17 - repository: "" - condition: echos.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: gsm-0340 - version: 3.0.1812-b17 - repository: "" - condition: gsm-0340-r.enabled - tags: [] - enabled: false - importvalues: [] - alias: gsm-0340-r - - name: gsm-0340 - version: 3.0.1812-b17 - repository: "" - condition: gsm-0340-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: gsm-0340-t - - name: ifxr - version: 3.0.1812-b17 - repository: "" - condition: ifxr.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: k8sag - version: 3.0.1812-b17 - repository: "" - condition: k8sag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: kernel - version: 3.0.1812-b17 - repository: "" - condition: kernel.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lida - version: 3.0.1812-b17 - repository: "" - condition: lida.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lipa - version: 3.0.1812-b17 - repository: "" - condition: lipa.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: logos - version: 3.0.1812-b17 - repository: "" - condition: logos.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mag - version: 3.0.1812-b17 - repository: "" - condition: mag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm1c - version: 3.0.1812-b17 - repository: "" - condition: mm1c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm1s - version: 3.0.1812-b17 - repository: "" - condition: mm1s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm3c - version: 3.0.1812-b17 - repository: "" - condition: mm3c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm3s - version: 3.0.1812-b17 - repository: "" - condition: mm3s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm4c - version: 3.0.1812-b17 - repository: "" - condition: mm4c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm4s - version: 3.0.1812-b17 - repository: "" - condition: mm4s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm7c - version: 3.0.1812-b17 - repository: "" - condition: mm7c.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mm7s - version: 3.0.1812-b17 - repository: "" - condition: mm7s.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mmk - version: 3.0.1812-b17 - repository: "" - condition: mmk.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mmr - version: 3.0.1812-b17 - repository: "" - condition: mmr.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: msgapi - version: 3.0.1812-b17 - repository: "" - condition: msgapi.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mta - version: 3.0.1812-b17 - repository: "" - condition: mtai.enabled - tags: [] - enabled: false - importvalues: [] - alias: mtai - - name: mta - version: 3.0.1812-b17 - repository: "" - condition: mtao.enabled - tags: [] - enabled: false - importvalues: [] - alias: mtao - - name: hmp - version: 3.0.1812-b17 - repository: "" - condition: hmp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: msg-t - version: 3.0.1812-b17 - repository: "" - condition: msg-t.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: netconfgw - version: 3.0.1812-b17 - repository: "" - condition: netconfgw.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrfag - version: 3.0.1812-b17 - repository: "" - condition: nrfag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: oamzoo - version: 3.0.1812-b17 - repository: "" - condition: oamzoo.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: orion - version: 3.0.1812-b17 - repository: "" - condition: orion.enabled - tags: [] - enabled: false - importvalues: [] - alias: orion - - name: pag - version: 3.0.1812-b17 - repository: "" - condition: pag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: prometheus - version: 3.0.1812-b17 - repository: "" - condition: prometheus.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pusa - version: 3.0.1812-b17 - repository: "" - condition: pusa.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: redis - version: 3.0.1812-b17 - repository: "" - condition: redis-m.enabled - tags: [] - enabled: false - importvalues: [] - alias: redis-m - - name: redis - version: 3.0.1812-b17 - repository: "" - condition: redis-s.enabled - tags: [] - enabled: false - importvalues: [] - alias: redis-s - - name: restgw - version: 3.0.1812-b17 - repository: "" - condition: restgw.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: scn - version: 3.0.1812-b17 - repository: "" - condition: scn.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: shark - version: 3.0.1812-b17 - repository: "" - condition: shark.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: redis - version: 3.0.1812-b17 - repository: "" - condition: shredis-m.enabled - tags: [] - enabled: false - importvalues: [] - alias: shredis-m - - name: redis - version: 3.0.1812-b17 - repository: "" - condition: shredis-s.enabled - tags: [] - enabled: false - importvalues: [] - alias: shredis-s - - name: replicator - version: 3.0.1812-b17 - repository: "" - condition: replicator.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sgs - version: 3.0.1812-b17 - repository: "" - condition: sgs.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: slc - version: 3.0.1812-b17 - repository: "" - condition: slc.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smog - version: 3.0.1812-b17 - repository: "" - condition: smog.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smpp - version: 3.0.1812-b17 - repository: "" - condition: smpp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smtp - version: 3.0.1812-b17 - repository: "" - condition: smtp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: snmpag - version: 3.0.1812-b17 - repository: "" - condition: snmpag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sodia - version: 3.0.1812-b17 - repository: "" - condition: sodia.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sol - version: 3.0.1812-b17 - repository: "" - condition: sol.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sonas - version: 3.0.1812-b17 - repository: "" - condition: sonas.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: spooler - version: 3.0.1812-b17 - repository: "" - condition: spooler.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: stn - version: 3.0.1812-b17 - repository: "" - condition: stn.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ucp - version: 3.0.1812-b17 - repository: "" - condition: ucp.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: vesag - version: 3.0.1812-b17 - repository: "" - condition: vesag.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: zookeeper - version: 3.0.1812-b17 - repository: "" - condition: zookeeper.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/kaitlam/lida:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/pag:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/smog:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/vesag:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/dbfm:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/k8sag:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/restgw:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/orion:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/cfgpull:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/oamzoo:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/sodia:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/spooler:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/nrfag:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/shark:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/smpp:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/sgs:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/zookeeper:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/kernel:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/redis:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/arm:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/ice:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/collector:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/dbft:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/lipa:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/pusa:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/scn:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/sonas:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/admin-tools:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/ims:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/dbfi:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/gsm:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/ifxr:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/sol:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/echos:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/slc:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/smtp:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/snmpag:3.0.1812-b17 - Image is Red Hat certified : quay.io/kaitlam/ucp:3.0.1812-b17 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - diff --git a/charts/partners/mavenir/mco/OWNERS b/charts/partners/mavenir/mco/OWNERS deleted file mode 100644 index 9183daba25..0000000000 --- a/charts/partners/mavenir/mco/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: mco - shortDescription: Mavenir MCO CNF Helm charts -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: kaitaklam -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/mtas/11.1.37-0/report.yaml b/charts/partners/mavenir/mtas/11.1.37-0/report.yaml deleted file mode 100644 index 43d448562b..0000000000 --- a/charts/partners/mavenir/mtas/11.1.37-0/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:3468823504650116408 - chart-uri: N/A - digests: - chart: sha256:11e4be2f8bd5b555363608fe7d30acd699c49ceba54373071e6b3e8c3ce1bc9b - package: a8f380f54b3c9259cbabd7f41be833ef57d574f9ac9de0734170e48acba7f36a - lastCertifiedTimestamp: "2023-05-03T12:16:47.817002+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.5' - webCatalogOnly: true - chart: - name: mtas - home: "" - sources: [] - version: 11.1.37-0 - description: A combined Helm chart for MTAS - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: mavenir IMS Test - charts.openshift.io/provider: Mavenir - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/ims/vlbfe:r_1_0_34_0-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/init_container_ubi:v4.4 - Image is Red Hat certified : quay.io/mrhcert/ims/rediam:r_2_0_40_0b-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/regt:r_2_0_44_0d-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/resip:r_2_0_41_0b-v2 - Image is Red Hat certified : quay.io/mrhcert/ims/sm:r_2_0_13_3d-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/ress7:r_2_0_27_0a-v1 - Image is Red Hat certified : quay.io/mrhcert/ims/mtas:r_11_1_37_0-v16 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/mavenir/mtas/OWNERS b/charts/partners/mavenir/mtas/OWNERS deleted file mode 100644 index 926067d74f..0000000000 --- a/charts/partners/mavenir/mtas/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: mtas - shortDescription: mtas helm report -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: rameshmav -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/mtcil/22.3.1/report.yaml b/charts/partners/mavenir/mtcil/22.3.1/report.yaml deleted file mode 100644 index 91ce8dcd01..0000000000 --- a/charts/partners/mavenir/mtcil/22.3.1/report.yaml +++ /dev/null @@ -1,120 +0,0 @@ -Using config file: v4/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:16200621773980446276 - chart-uri: N/A - digests: - chart: sha256:62ca72bb1bd5357c632abf8270a0c40d4ce48e85420142a06f67a5b110a6a307 - package: cd03e372891947283d3109dc36461523425b8008dcfe5002acd6066733557b2c - lastCertifiedTimestamp: "2023-02-23T15:22:42.034718+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.3' - webCatalogOnly: true - chart: - name: mtcil - home: "" - sources: [] - version: 22.3.1 - description: A Helm chart for Mtcil. - keywords: [] - maintainers: - - name: mtcil team - email: support@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "1.0" - deprecated: false - annotations: - charts.openshift.io/name: mtcil - kubeversion: '>= 1.16.0-0' - dependencies: - - name: mtcil-infra - version: "" - repository: "" - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mtcil-mgmt - version: "" - repository: "" - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/etcd:v3.4.3-5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/zk:v3.6.3-3 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/config-service:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/fmaas:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/tpaas:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/tmaas:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/kafka:v3.1.2-1 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/cim:22.3.1-p5 - Image is Red Hat certified : quay.io/mrhcert/mtcil-22.3.1_p5/mtcil-svc-init:22.3.1-p5 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/partners/mavenir/mtcil/OWNERS b/charts/partners/mavenir/mtcil/OWNERS deleted file mode 100644 index fdbad40c40..0000000000 --- a/charts/partners/mavenir/mtcil/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: mtcil - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/mtcilhelmchart/OWNERS b/charts/partners/mavenir/mtcilhelmchart/OWNERS deleted file mode 100644 index e7fa13b958..0000000000 --- a/charts/partners/mavenir/mtcilhelmchart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: mtcilhelmchart - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/nrf/10.1.0-4757/report.yaml b/charts/partners/mavenir/nrf/10.1.0-4757/report.yaml deleted file mode 100644 index 1eb5ec3d0b..0000000000 --- a/charts/partners/mavenir/nrf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,136 +0,0 @@ -Using config file: ./nrf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:23f85da7f8a66e3c6cdca6c835f433fba5d07fd0808d846f4fd3723288504545 - package: fb681c4b20b95a12d4788fbc7d85872c06c1e15fb0cdca929fe006288eae673b - lastCertifiedTimestamp: "2022-10-19T07:32:53.900139+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: nrf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: nrf - kubeversion: '>= 1.17.0' - dependencies: - - name: nrf-mgmt - version: "0.1" - repository: file:///root/nrf-mgmt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrf-discovery - version: "0.1" - repository: file:///root/nrf-discovery/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrf-sn - version: "0.1" - repository: file:///root/nrf-sn/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrf-expiration - version: "0.1" - repository: file:///root/nrf-expiration/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nrf-at - version: "0.1" - repository: file:///root/nrf-at/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nrf-discovery:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nrf-expiration:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nrf-mgmt:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nrf-sn:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nrf-at:10.1.0-4757-ubi-1-0 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - diff --git a/charts/partners/mavenir/nrf/OWNERS b/charts/partners/mavenir/nrf/OWNERS deleted file mode 100644 index 8ff97f5089..0000000000 --- a/charts/partners/mavenir/nrf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nrf - shortDescription: Mavenir 5GCore NRF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/nssf/10.1.0-4757/report.yaml b/charts/partners/mavenir/nssf/10.1.0-4757/report.yaml deleted file mode 100644 index 43adb2cd60..0000000000 --- a/charts/partners/mavenir/nssf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,109 +0,0 @@ -Using config file: ./nssf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:bb0e315f03d016a0b12c97696869bef2795c4f90086c8feca8f64413b180c2bc - package: 32688501fafbe521dbbe28c2834756735302c4cd2c3a1b178476cb872591e669 - lastCertifiedTimestamp: "2022-10-19T07:42:24.360981+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: nssf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: nssf - kubeversion: '>= 1.17.0' - dependencies: - - name: nssf-nssaiavailability - version: "0.1" - repository: file:///root/nssf-nssaiavailability/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nssf-nsselection - version: "0.1" - repository: file:///root/nssf-nsselection/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/nssf-slicesel:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/nssf-avail:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - diff --git a/charts/partners/mavenir/nssf/OWNERS b/charts/partners/mavenir/nssf/OWNERS deleted file mode 100644 index 670534cdef..0000000000 --- a/charts/partners/mavenir/nssf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nssf - shortDescription: Mavenir 5GCore NSSF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/pcf/10.1.0-4757/report.yaml b/charts/partners/mavenir/pcf/10.1.0-4757/report.yaml deleted file mode 100644 index e9f61b13d9..0000000000 --- a/charts/partners/mavenir/pcf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,154 +0,0 @@ -Using config file: ./pcf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:42603523dfa36198de190c597ab7a06a499e2da407647cec27f19c24ba562b9c - package: f91826bf02fa891f6fb500e24dbb436863c2e4b9ef95cdf00fd2dd8381cd3e76 - lastCertifiedTimestamp: "2022-10-19T07:54:01.013538+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: pcf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: pcf - kubeversion: '>= 1.17.0' - dependencies: - - name: pcf-eval-policy - version: "0.1" - repository: file:///root/pcf-eval-policy/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcfsm - version: "0.1" - repository: file:///root/pcfsm/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcfam - version: "0.1" - repository: file:///root/pcfam/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcfue - version: "0.1" - repository: file:///root/pcfue/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcf-diam-iwf - version: "0.1" - repository: file:///root/pcf-diam-iwf/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcfgw - version: "0.1" - repository: file:///root/pcfgw/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: pcfmgmt - version: "0.1" - repository: file:///root/pcfmgmt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-ue:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-diam-iwf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-eval-policy:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-am:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-gw:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-mgmt:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/pcf-sm:10.1.0-4757-ubi-1-0 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - diff --git a/charts/partners/mavenir/pcf/OWNERS b/charts/partners/mavenir/pcf/OWNERS deleted file mode 100644 index 2f8bf75a78..0000000000 --- a/charts/partners/mavenir/pcf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: pcf - shortDescription: Mavenir 5GCore PCF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/smf/10.1.0-4757/report.yaml b/charts/partners/mavenir/smf/10.1.0-4757/report.yaml deleted file mode 100644 index 8feda65327..0000000000 --- a/charts/partners/mavenir/smf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,163 +0,0 @@ -Using config file: ./smf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:08fd5c4cd8c86180336734a698c65fd85bf0f28ae76c669f6c028fc67998f0ab - package: 716fe24a5e072b0727454bf3a80410bc1593f14192f02faf7eb9bb8b9d87d624 - lastCertifiedTimestamp: "2022-10-19T08:05:00.640438+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: smf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: smf - kubeversion: '>= 1.17.0' - dependencies: - - name: smf-pdusession - version: "0.1" - repository: file:///root/smf-pdusession/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-n4iwf - version: "0.1" - repository: file:///root/smf-n4iwf/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-gw - version: "0.1" - repository: file:///root/smf-gw/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-plc - version: "0.1" - repository: file:///root/smf-plc/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-ipm - version: "0.1" - repository: file:///root/smf-ipm/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-ctf - version: "0.1" - repository: file:///root/smf-ctf/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-restore - version: "0.1" - repository: file:///root/smf-restore/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: smf-eef - version: "0.1" - repository: file:///root/smf-eef/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/smf-restore:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-ctf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-plc:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-gw:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-ipm:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-n4-iwf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-pdu:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/smf-eef:10.1.0-4757-ubi-1-0 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - diff --git a/charts/partners/mavenir/smf/OWNERS b/charts/partners/mavenir/smf/OWNERS deleted file mode 100644 index 614f97a52b..0000000000 --- a/charts/partners/mavenir/smf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: smf - shortDescription: Mavenir 5GCore SMF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/smsf-helm-charts/OWNERS b/charts/partners/mavenir/smsf-helm-charts/OWNERS deleted file mode 100644 index c98abb9e5c..0000000000 --- a/charts/partners/mavenir/smsf-helm-charts/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: smsf-helm-charts - shortDescription: Mavenir SMSF Helm Charts -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: kaitaklam -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/smsf/OWNERS b/charts/partners/mavenir/smsf/OWNERS deleted file mode 100644 index e49769671b..0000000000 --- a/charts/partners/mavenir/smsf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: smsf - shortDescription: Mavenir SMSF Helm Charts -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: kaitaklam -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/testchart/OWNERS b/charts/partners/mavenir/testchart/OWNERS deleted file mode 100644 index ccaaee1d3e..0000000000 --- a/charts/partners/mavenir/testchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testchart - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/testchart1/OWNERS b/charts/partners/mavenir/testchart1/OWNERS deleted file mode 100644 index d5f926bd59..0000000000 --- a/charts/partners/mavenir/testchart1/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: testchart1 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: mavenir - name: Mavenir diff --git a/charts/partners/mavenir/uag/8.1.7-10/report.yaml b/charts/partners/mavenir/uag/8.1.7-10/report.yaml deleted file mode 100644 index c3b3faf6b4..0000000000 --- a/charts/partners/mavenir/uag/8.1.7-10/report.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:16223674545452463527 - chart-uri: N/A - digests: - chart: sha256:178c73a526cc639686059202c663057635bbe3f0307c8a2f8efc5cb872a97ed4 - package: 90b1b2c3b2849fdca0a6dd0d99cd9e5a2a48492ada6be65d452ee3f3c41cfe86 - lastCertifiedTimestamp: "2023-04-28T07:56:59.488064+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.5' - webCatalogOnly: true - chart: - name: uag - home: "" - sources: [] - version: 8.1.7-10 - description: Combined Helm for UAG - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: mavenir IMS Test - charts.openshift.io/provider: Mavenir - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.18.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/uag/init_container_ubi:v4.4 - Image is Red Hat certified : quay.io/mrhcert/uag/gtre-reugt-r_2_1_14_0-v1:r_2_1_14_0-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/mp-v-r_1_1_18_0-v1:r_1_1_18_0-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/sc-r_2_1_14_0-v3:r_2_1_14_0-v3 - Image is Red Hat certified : quay.io/mrhcert/uag/sipre-resip-r_2_1_14_0-v1:r_2_1_14_0-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/sm-r_2_0_14_2-v1:r_2_0_14_2-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/upc-r_2_1_14_0-v1:r_2_1_14_0-v1 - Image is Red Hat certified : quay.io/mrhcert/uag/vlbfe-v-r_1_0_35_0-v2:r_1_0_35_0-v2 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/mavenir/uag/OWNERS b/charts/partners/mavenir/uag/OWNERS deleted file mode 100644 index fd02b61c85..0000000000 --- a/charts/partners/mavenir/uag/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: uag - shortDescription: uag helm -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: rameshmav -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/udm/22.1.3-1/report.yaml b/charts/partners/mavenir/udm/22.1.3-1/report.yaml deleted file mode 100644 index 97cf7f6b7c..0000000000 --- a/charts/partners/mavenir/udm/22.1.3-1/report.yaml +++ /dev/null @@ -1,145 +0,0 @@ -Using config file: ./udm-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:3ec23e856d691f4b816a2a623749c7d1a537f615dec3df93a3225fc82f1f87a0 - package: 7bafec664cebeb0f3f6c71d97e8e3113ab0c9e5da57211122db7ec938a61c2a0 - lastCertifiedTimestamp: "2022-10-19T10:23:47.837144+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: udm - home: "" - sources: [] - version: 22.1.3-1 - description: NF Service template. - keywords: [] - maintainers: - - name: sayan sarkar - email: sayan.sarkar@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: udm - kubeversion: '>= 1.17.0' - dependencies: - - name: udm-ueau - version: "0.1" - repository: file:///root/udm-ueau/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udm-ee - version: "0.1" - repository: file:///root/udm-ee/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udm-sdm - version: "0.1" - repository: file:///root/udm-sdm/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udm-uecm - version: "0.1" - repository: file:///root/udm-uecm/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udm-notify - version: "0.1" - repository: file:///root/udm-notify/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udm-mt - version: "0.1" - repository: file:///root/udm-mt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/udm-ee:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udm-mt:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udm-notify:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udm-sdm:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udm-ueau:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udm-uecm:22.1.3-1-ubi-1-0 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - diff --git a/charts/partners/mavenir/udm/OWNERS b/charts/partners/mavenir/udm/OWNERS deleted file mode 100644 index 280e8af279..0000000000 --- a/charts/partners/mavenir/udm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: udm - shortDescription: Mavenir 5GCore UDM CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/udr/22.1.3-1/report.yaml b/charts/partners/mavenir/udr/22.1.3-1/report.yaml deleted file mode 100644 index 40887e8562..0000000000 --- a/charts/partners/mavenir/udr/22.1.3-1/report.yaml +++ /dev/null @@ -1,154 +0,0 @@ -Using config file: ./udr-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:75cb578786c9c051eac8eff9430f7de4c3640bdce49ca0b7819d2997fbca8f3c - package: 1743b104e5dd85cbccd32649d50af9c54a876843191d6f7c6ff600869966082c - lastCertifiedTimestamp: "2022-10-19T10:35:38.181319+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: udr - home: "" - sources: [] - version: 22.1.3-1 - description: NF Service template. - keywords: [] - maintainers: - - name: sayan sarkar - email: sayan.sarkar@mavenir.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: udr - kubeversion: '>= 1.17.0' - dependencies: - - name: udr-subs - version: "0.1" - repository: file:///root/udr-subs/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-policy - version: "0.1" - repository: file:///root/udr-policy/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-provision - version: "0.1" - repository: file:///root/udr-provision/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-notify - version: "0.1" - repository: file:///root/udr-notify/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-polling - version: "0.1" - repository: file:///root/udr-polling/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-exp - version: "0.1" - repository: file:///root/udr-exp/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udr-app - version: "0.1" - repository: file:///root/udr-app/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/udr-app:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-exp:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-notify:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-policy:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-polling:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-provision:22.1.3-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udr-subs:22.1.3-1-ubi-1-0 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/mavenir/udr/OWNERS b/charts/partners/mavenir/udr/OWNERS deleted file mode 100644 index d61bb61132..0000000000 --- a/charts/partners/mavenir/udr/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: udr - shortDescription: Mavenir 5GCore UDR CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/udsf/10.1.0-4757/report.yaml b/charts/partners/mavenir/udsf/10.1.0-4757/report.yaml deleted file mode 100644 index 484d077ddb..0000000000 --- a/charts/partners/mavenir/udsf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,153 +0,0 @@ -Using config file: ./udsf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:e28c1a71d916db4ec5ed045fab1c4e84c306b9792b1c6b35afae310086f66f4f - package: 4f1ae168f4af6c172cb0b003b5705110e7999bfdd7fb84e3cdd7461fdb356c99 - lastCertifiedTimestamp: "2022-10-19T07:02:51.897224+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: udsf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: udsf - kubeversion: '>= 1.17.0' - dependencies: - - name: udsf-core - version: "0.1" - repository: file:///root/udsf-core/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-util - version: "0.1" - repository: file:///root/udsf-util/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-mgmt - version: "0.1" - repository: file:///root/udsf-mgmt/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-tsman - version: "0.1" - repository: file:///root/udsf-tsman/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-tsexp - version: "0.1" - repository: file:///root/udsf-tsexp/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-tscoor - version: "0.1" - repository: file:///root/udsf-tscoor/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: udsf-reconcile - version: "0.1" - repository: file:///root/udsf-reconcile/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/ts-man:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udsf-util:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udsf:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/udsf-mgmt:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/ts-coordinator:10.1.0-4757-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/ts-exp:10.1.0-4757-ubi-1-0 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - diff --git a/charts/partners/mavenir/udsf/OWNERS b/charts/partners/mavenir/udsf/OWNERS deleted file mode 100644 index b4e177dd55..0000000000 --- a/charts/partners/mavenir/udsf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: udsf - shortDescription: Mavenir 5GCore UDSF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/upf/10.1.0-4757/report.yaml b/charts/partners/mavenir/upf/10.1.0-4757/report.yaml deleted file mode 100644 index eea35d327d..0000000000 --- a/charts/partners/mavenir/upf/10.1.0-4757/report.yaml +++ /dev/null @@ -1,100 +0,0 @@ -Using config file: ./upf-chart-verifier.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:1a74e4708c98039c012fe61b92b4f43007106799cb6c1fcebd3c65380775d39c - package: 8283038b4e8f65dd4fd23df91de601fe1e3f65a532bc5be83739725cab781b44 - lastCertifiedTimestamp: "2022-10-19T10:11:07.386609+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: true - chart: - name: upf - home: "" - sources: [] - version: 10.1.0-4757 - description: NF Service template. - keywords: [] - maintainers: - - name: Copyright Mavenir Inc 2021 - email: "" - url: https://mavenir.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "0.1" - deprecated: false - annotations: - charts.openshift.io/name: upf - kubeversion: '>= 1.17.0' - dependencies: - - name: upf-dpe - version: "0.1" - repository: file:///root/upf-dpe/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/m5gcrhcert/cim:21.4.1-1-ubi-1-0 - Image is Red Hat certified : quay.io/m5gcrhcert/upf:10.1.0-4757-ubi-1-0 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - diff --git a/charts/partners/mavenir/upf/OWNERS b/charts/partners/mavenir/upf/OWNERS deleted file mode 100644 index a6c36695b5..0000000000 --- a/charts/partners/mavenir/upf/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: upf - shortDescription: Mavenir 5GCore UPF CNF Helm charts -publicPgpKey: null -providerDelivery: True -users: -- githubUsername: k-anirwan -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mavenir/vcu/4.10.16-0/report.yaml b/charts/partners/mavenir/vcu/4.10.16-0/report.yaml deleted file mode 100644 index e3cd6ca0a0..0000000000 --- a/charts/partners/mavenir/vcu/4.10.16-0/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -Using config file: /home/xr11-sno2/4GCU/Newchart_29_3_23/vcu-4.10.16-chartverifier-3_new_12april/config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:2406821223687813486 - chart-uri: N/A - digests: - chart: sha256:786c5fbde450aa7c72680a976fa9a78bf4091550a89b04fd78b1734dbb63ea38 - package: 94023809318f5e0af99a6dcd6f9ddb8e67acf3b9c56ba5bd0f2f00629e6bab7d - lastCertifiedTimestamp: "2023-05-05T12:01:41.065908+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.4' - webCatalogOnly: true - chart: - name: vcu - home: "" - sources: [] - version: 4.10.16-0 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: M4GCU-R_4_10_16_0 - deprecated: false - annotations: - charts.openshift.io/name: test - kubeversion: '>= 1.17.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/mrhcert/init_container_ubi:v4.1 - Image is Red Hat certified : quay.io/mrhcert/4g_cuup:4.10.16-0 - Image is Red Hat certified : quay.io/mrhcert/4gcucp:4.10.16-0 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - diff --git a/charts/partners/mavenir/vcu/OWNERS b/charts/partners/mavenir/vcu/OWNERS deleted file mode 100644 index bceaebff7f..0000000000 --- a/charts/partners/mavenir/vcu/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: vcu - shortDescription: 4GCU -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: shantanushivanekar123 -vendor: - label: mavenir - name: Mavenir Systems Inc. diff --git a/charts/partners/mobileum/alerter/0.1.0/report.yaml b/charts/partners/mobileum/alerter/0.1.0/report.yaml deleted file mode 100644 index 2c64f7c2ce..0000000000 --- a/charts/partners/mobileum/alerter/0.1.0/report.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:9f78ab56f85f878c5e13e7120cbf6a0bcb78085c87641dc83cbf3bcaafd2fa86 - package: bce7e7e969e264781434470d246ca4acd06c35158441e360be135d61895da2c4 - lastCertifiedTimestamp: "2022-12-16T18:21:46.051372+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: alerter - home: "" - sources: [] - version: 0.1.0 - description: A Helm chart for RCEM Alerter - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: alerter - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/alerter:r221202 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/alerter - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/helmtest:1.0.0 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/helmtest - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/mobileum/alerter/OWNERS b/charts/partners/mobileum/alerter/OWNERS deleted file mode 100644 index bd91f915b2..0000000000 --- a/charts/partners/mobileum/alerter/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: alerter - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/caddy-015/OWNERS b/charts/partners/mobileum/caddy-015/OWNERS deleted file mode 100644 index 4d22e08b2c..0000000000 --- a/charts/partners/mobileum/caddy-015/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: caddy-015 - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/caddy015/0.1.5/report.yaml b/charts/partners/mobileum/caddy015/0.1.5/report.yaml deleted file mode 100644 index e5cd13be27..0000000000 --- a/charts/partners/mobileum/caddy015/0.1.5/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:37e7d634146d7fe2250eb21460d4e33d2ad45e47bd6f774552a84a6ff9326ed4 - package: 4e3933814b7f8159f16c8d78cf1f4b425e4d1a824fb17dbab4cea077f0a6be6d - lastCertifiedTimestamp: "2022-12-15T13:15:12.777089+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: caddy015 - home: "" - sources: [] - version: 0.1.5 - description: AIP - Reverse proxy component - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.5 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Reverse Proxy - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/caddy:0.1.5 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/caddy' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/mobileum/caddy015/OWNERS b/charts/partners/mobileum/caddy015/OWNERS deleted file mode 100644 index 76a2dfc58a..0000000000 --- a/charts/partners/mobileum/caddy015/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: caddy015 - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/data-sync/OWNERS b/charts/partners/mobileum/data-sync/OWNERS deleted file mode 100644 index 472dc21954..0000000000 --- a/charts/partners/mobileum/data-sync/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: data-sync - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/hivemetastore/0.4.5/report.yaml b/charts/partners/mobileum/hivemetastore/0.4.5/report.yaml deleted file mode 100644 index 99dd0f226e..0000000000 --- a/charts/partners/mobileum/hivemetastore/0.4.5/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:625230dea241958ee417a302768f0b79ca8199ac3dea19980f92a7908b9aa557 - package: 85a029e9234ba18bb4694f2d763bf689a25bc22e462301b3e2ddc7c52d5b5bdb - lastCertifiedTimestamp: "2022-12-15T21:24:42.990199+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: hivemetastore - home: "" - sources: [] - version: 0.4.5 - description: Hive Metastore Application - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.4.5 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: hivemetastore - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>= 1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/hivemetastore:0.4.5 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/hivemetastore' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/mobileum/hivemetastore/OWNERS b/charts/partners/mobileum/hivemetastore/OWNERS deleted file mode 100644 index 255626f00a..0000000000 --- a/charts/partners/mobileum/hivemetastore/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: hivemetastore - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/ignite/0.3.3/report.yaml b/charts/partners/mobileum/ignite/0.3.3/report.yaml deleted file mode 100644 index 44b77993be..0000000000 --- a/charts/partners/mobileum/ignite/0.3.3/report.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:021abbc02e78cf0c57ce87d9a2af38da9d9a45cb74c691bf9139fb720c5fbac5 - package: 96729e204ca52c29e29d429234c7cdf0e67da473d2bf738bbda5ae366d78a2de - lastCertifiedTimestamp: "2022-12-15T14:59:20.243663+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: ignite - home: "" - sources: [] - version: 0.3.3 - description: Apache Ignite is a distributed database management system for high-performance computing. - keywords: - - apache - - ignite - - aip - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.3.3 - deprecated: false - annotations: - category: Infrastructure - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: KV Storage - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/ignite:0.3.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/ignite' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/mobileum/ignite/OWNERS b/charts/partners/mobileum/ignite/OWNERS deleted file mode 100644 index 6599407cbc..0000000000 --- a/charts/partners/mobileum/ignite/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ignite - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/keycloak040/0.4.0/report.yaml b/charts/partners/mobileum/keycloak040/0.4.0/report.yaml deleted file mode 100644 index 1679523107..0000000000 --- a/charts/partners/mobileum/keycloak040/0.4.0/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:8bab7186c7e40052846ebd225242f51abe7c6b1d659ab2ffb9040cf3bcc8f645 - package: 751705b84c96d18cbbc5da21363489a7047157efaf58faaa6163b8cff2f3e8f4 - lastCertifiedTimestamp: "2022-12-14T18:23:37.154027+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.8' - providerControlledDelivery: true - chart: - name: keycloak040 - home: "" - sources: [] - version: 0.4.0 - description: A Helm chart for keycloak 1.0 - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.4.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Keycloak SSO - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.21.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Failed to certify images : Failed to get images, error running helm template : chart requires kubeVersion: >=1.21.0-0 which is incompatible with Kubernetes v1.20.0' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs diff --git a/charts/partners/mobileum/keycloak040/OWNERS b/charts/partners/mobileum/keycloak040/OWNERS deleted file mode 100644 index 0fd706e9b8..0000000000 --- a/charts/partners/mobileum/keycloak040/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: keycloak040 - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/portal-053/OWNERS b/charts/partners/mobileum/portal-053/OWNERS deleted file mode 100644 index a8032a9c93..0000000000 --- a/charts/partners/mobileum/portal-053/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: portal-053 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/portal/0.5.3/report.yaml b/charts/partners/mobileum/portal/0.5.3/report.yaml deleted file mode 100644 index 01169b7016..0000000000 --- a/charts/partners/mobileum/portal/0.5.3/report.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:7d67e0e03cd9133a1121fac9b2cf808185c975cb8dca20b6b69a3714a1a6787c - package: 57061e704df16bee8249ba778aacb788f7d5afa4dd08ddcf5f7c8a308eb47aee - lastCertifiedTimestamp: "2022-12-15T23:01:04.869067+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: portal - home: "" - sources: [] - version: 0.5.3 - description: Mobileum portal integration all the products together on a single UI - keywords: - - portal - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.5.3 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Portal - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/base:0.2.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/base - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/portal-8.2.5_221110:0.5.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/portal-8.2.5_221110 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist diff --git a/charts/partners/mobileum/portal/OWNERS b/charts/partners/mobileum/portal/OWNERS deleted file mode 100644 index fb401475ad..0000000000 --- a/charts/partners/mobileum/portal/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: portal - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/rafm/0.5.3/report.yaml b/charts/partners/mobileum/rafm/0.5.3/report.yaml deleted file mode 100644 index d5cd87e666..0000000000 --- a/charts/partners/mobileum/rafm/0.5.3/report.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /home/partner/Music/newcharts/rafm - digests: - chart: sha256:12752c5979aa7f7a8440e653eed45f5639bf44b99dcf70cc0722b1b00d70707c - package: 8e062a2550852cf172ce2ff57fc7bd0729e3e9dbec5724078a49a2d527c39432 - lastCertifiedTimestamp: "2022-11-08T15:17:11.24113+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: rafm - home: "" - sources: [] - version: 0.5.3 - description: RAFM backend product - keywords: - - rafm - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.5.3 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RAID Revenue Assurance and Fraud Management - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/base:0.2.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/base - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/rafm-8.2.8.2.5_221110:0.5.2 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/rafm-8.2.5_221110 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified diff --git a/charts/partners/mobileum/rafm/OWNERS b/charts/partners/mobileum/rafm/OWNERS deleted file mode 100644 index 19f2151566..0000000000 --- a/charts/partners/mobileum/rafm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: rafm - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/rcem/OWNERS b/charts/partners/mobileum/rcem/OWNERS deleted file mode 100644 index 1d0fc1f873..0000000000 --- a/charts/partners/mobileum/rcem/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: rcem - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/sparkjobmanager/0.5.4/report.yaml b/charts/partners/mobileum/sparkjobmanager/0.5.4/report.yaml deleted file mode 100644 index 70e238235e..0000000000 --- a/charts/partners/mobileum/sparkjobmanager/0.5.4/report.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:e2a3a3063baf1591087b28e4ee8b05c45b60069a06bea16faad7e200d061028a - package: 44c568172665d310e3de01f9fb776ab624b7545b27a52e75549c549595f6c185 - lastCertifiedTimestamp: "2022-12-16T12:16:49.584668+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: sparkjobmanager - home: "" - sources: [] - version: 0.5.4 - description: Spark JobManager is a middleware proxy that enables users to launch data processing jobs as a service. - keywords: - - apache - - spark - - aip - - sparkjobmanager - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.5.4 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Sparkjob Manager - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.3 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/sparkjobmanager:0.5.4 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/sparkjobmanager' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/mobileum/sparkjobmanager/OWNERS b/charts/partners/mobileum/sparkjobmanager/OWNERS deleted file mode 100644 index 244ed82849..0000000000 --- a/charts/partners/mobileum/sparkjobmanager/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: sparkjobmanager - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/tracer/0.1.0/report.yaml b/charts/partners/mobileum/tracer/0.1.0/report.yaml deleted file mode 100644 index de7e30d1f7..0000000000 --- a/charts/partners/mobileum/tracer/0.1.0/report.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:672682c2b807d5f1d4e11e292aea42b616b2dc7634749e369e214c292066416e - package: 709221f0e6b2a104bd799d72d8e2de46c0e8b4c648c59bc119167126e6c74865 - lastCertifiedTimestamp: "2022-12-16T16:43:11.203255+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: tracer - home: "" - sources: [] - version: 0.1.0 - description: A Helm chart for Tracer - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: tracer - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/tracer:Q221204 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/tracer - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/tracerwireshark:Q221204 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/tracerwireshark - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/helmtest:1.0.0 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/helmtest - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/mobileum/tracer/OWNERS b/charts/partners/mobileum/tracer/OWNERS deleted file mode 100644 index c3306680c3..0000000000 --- a/charts/partners/mobileum/tracer/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: tracer - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/trinodb/0.5.2/report.yaml b/charts/partners/mobileum/trinodb/0.5.2/report.yaml deleted file mode 100644 index ce1fc51fdd..0000000000 --- a/charts/partners/mobileum/trinodb/0.5.2/report.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:6f9aef2444426e3cf5ed3292197016e45c7a6c3e7a5901df5b4cffb9ddc96857 - package: 05dc36cadb084e3628e3adbfa06f698cdc4aed8825aa34cd5fa49702442df4d3 - lastCertifiedTimestamp: "2022-12-16T12:55:16.191558+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: trinodb - home: "" - sources: [] - version: 0.5.2 - description: AIP Query Engine - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.5.2 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: dqe - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>= 1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/trinodb:0.5.2 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/trinodb' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - diff --git a/charts/partners/mobileum/trinodb/OWNERS b/charts/partners/mobileum/trinodb/OWNERS deleted file mode 100644 index e848a57c11..0000000000 --- a/charts/partners/mobileum/trinodb/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: trinodb - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/mobileum/wafplatform/0.5.3/report.yaml b/charts/partners/mobileum/wafplatform/0.5.3/report.yaml deleted file mode 100644 index 302c7b4437..0000000000 --- a/charts/partners/mobileum/wafplatform/0.5.3/report.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /home/partner/Music/Music/aip10/wafplatform-053/wafplatform-0.5.3.tgz - digests: - chart: sha256:320cae155d54f91c0eed9e7fb78402e77215e63a2fd2535354adb7684cc6a2ae - package: ac7e998ce8e88ceb027f9b1502c2f355fc10cd5164e06c235f0ae451c36e651b - lastCertifiedTimestamp: "2022-12-20T22:25:56.326238+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: true - chart: - name: wafplatform - home: "" - sources: [] - version: 0.5.3 - description: Standard platform backend service - keywords: - - wafplatform - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.5.3 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RAID Platform - charts.openshift.io/provider: Mobileum Inc. - charts.openshift.io/supportURL: http://www.mobileum.com - kubeversion: '>=1.16.0-0' - dependencies: - - name: aip-common - version: 0.3.1 - repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/base:0.2.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/base - Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/wafplatform-8.2.5_221110:0.5.3 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/wafplatform-8.2.5_221110 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/mobileum/wafplatform/OWNERS b/charts/partners/mobileum/wafplatform/OWNERS deleted file mode 100644 index 2550b717df..0000000000 --- a/charts/partners/mobileum/wafplatform/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: wafplatform - shortDescription: Mobileum Private Repository -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: mobaipws -vendor: - label: mobileum - name: Mobileum India Pvt. Ltd diff --git a/charts/partners/multipolar/bpjstk-service/1.0.0/bpjstk-service-1.0.0.tgz b/charts/partners/multipolar/bpjstk-service/1.0.0/bpjstk-service-1.0.0.tgz deleted file mode 100644 index 5894421c6d..0000000000 Binary files a/charts/partners/multipolar/bpjstk-service/1.0.0/bpjstk-service-1.0.0.tgz and /dev/null differ diff --git a/charts/partners/multipolar/bpjstk-service/1.0.0/report.yaml b/charts/partners/multipolar/bpjstk-service/1.0.0/report.yaml deleted file mode 100644 index 2f84c13b9b..0000000000 --- a/charts/partners/multipolar/bpjstk-service/1.0.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.11.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5881595352480318780 - chart-uri: bpjstk-helm/charts/bpjstk-service-1.0.0.tgz - digests: - chart: sha256:59170c18b61fac0926d8d12f70914502b282b9fd66b1ab062ab99aabbae7974c - package: 0d3f151c28fa81ccd206896da8e6ae29d561c6bc27f0201ef69daec7d859a668 - lastCertifiedTimestamp: "2023-06-11T12:51:20.439212+07:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: false - chart: - name: bpjstk-service - home: "" - sources: [] - version: 1.0.0 - description: BPJSTK Multichannel Payment Gateway - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: BPJSTK Multichannel Payment Gateway - charts.openshift.io/provider: Multipolar - charts.openshift.io/supportURL: https://github.com/andrianrf/bpjstk-helm - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi:latest' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present \ No newline at end of file diff --git a/charts/partners/multipolar/bpjstk-service/OWNERS b/charts/partners/multipolar/bpjstk-service/OWNERS deleted file mode 100644 index 6cd78e6581..0000000000 --- a/charts/partners/multipolar/bpjstk-service/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: bpjstk-service - shortDescription: BPJSTK Multichannel Payment Gateway -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: andrianrf -vendor: - label: multipolar - name: PT. Multipolar Tbk diff --git a/charts/partners/multipolar/bpjstk/OWNERS b/charts/partners/multipolar/bpjstk/OWNERS deleted file mode 100644 index ca8176416d..0000000000 --- a/charts/partners/multipolar/bpjstk/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: bpjstk - shortDescription: BPJSTK Multichannel Payment Gateway -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: andrianrf -vendor: - label: multipolar - name: PT. Multipolar Tbk diff --git a/charts/partners/nabstract/nef-nabstract/1.1.0/nef-nabstract-1.1.0.tgz b/charts/partners/nabstract/nef-nabstract/1.1.0/nef-nabstract-1.1.0.tgz deleted file mode 100644 index 74ed9bff88..0000000000 Binary files a/charts/partners/nabstract/nef-nabstract/1.1.0/nef-nabstract-1.1.0.tgz and /dev/null differ diff --git a/charts/partners/nabstract/nef-nabstract/1.1.0/report.yaml b/charts/partners/nabstract/nef-nabstract/1.1.0/report.yaml deleted file mode 100644 index affbb5188c..0000000000 --- a/charts/partners/nabstract/nef-nabstract/1.1.0/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:14666013262864690650 - chart-uri: /charts/nef-nabstract-1.1.0.tgz - digests: - chart: sha256:f17a0108bde61a2e532b1a4dc9f1608acfd1450267d7828bc2b9e872e6e6803f - package: 2844b47efc233871585fb45b77ec255351b9220a3d0581e7c0f43d506af77e9a - lastCertifiedTimestamp: "2023-06-11T20:02:27.729265+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.12' - webCatalogOnly: false - chart: - name: nef-nabstract - home: "" - sources: [] - version: 1.1.0 - description: NABSTRACT NEF deployment Helm chart - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 2.5.7 - deprecated: false - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: NEF - catalog.cattle.io/release-name: nef-nabstract - charts.openshift.io/name: nef-nabstract - kubeversion: '>= 1.25.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : docker.io/devnio/nef:2.5.7 - Image certification skipped : registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:0.74.0-4 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' diff --git a/charts/partners/nabstract/nef-nabstract/2.0.0/nef-nabstract-2.0.0.tgz b/charts/partners/nabstract/nef-nabstract/2.0.0/nef-nabstract-2.0.0.tgz deleted file mode 100644 index 33fef92cd5..0000000000 Binary files a/charts/partners/nabstract/nef-nabstract/2.0.0/nef-nabstract-2.0.0.tgz and /dev/null differ diff --git a/charts/partners/nabstract/nef-nabstract/2.0.0/report.yaml b/charts/partners/nabstract/nef-nabstract/2.0.0/report.yaml deleted file mode 100644 index a634132c7b..0000000000 --- a/charts/partners/nabstract/nef-nabstract/2.0.0/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:6061140465681047164 - chart-uri: /charts/nef-nabstract-2.0.0.tgz - digests: - chart: sha256:ed143d98e9dfb876a512ee7cb485c871306872755ea8e2e14c2b7ed3cea73709 - package: 493da0bdb2b167b6e81359104e1af1afde93e27b12171c715adb989765582288 - lastCertifiedTimestamp: "2023-09-11T12:59:56.214977+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.12' - webCatalogOnly: false - chart: - name: nef-nabstract - home: "" - sources: [] - version: 2.0.0 - description: NABSTRACT NEF deployment Helm chart - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 2.5.7 - deprecated: false - annotations: - catalog.cattle.io/certified: partner - catalog.cattle.io/display-name: NEF - catalog.cattle.io/release-name: nef-nabstract - charts.openshift.io/name: nef-nabstract - kubeversion: '>= 1.25.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : docker.io/devnio/nef:2.5.7 - Image certification skipped : registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:0.74.0-4 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/nabstract/nef-nabstract/OWNERS b/charts/partners/nabstract/nef-nabstract/OWNERS deleted file mode 100644 index c491636128..0000000000 --- a/charts/partners/nabstract/nef-nabstract/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nef-nabstract - shortDescription: Nabstract NEF - 5G Network APIs -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ishanshahnio -vendor: - label: nabstract - name: Nabstract Technologies Pvt. Ltd. diff --git a/charts/partners/namespace/xcipio-helm-ccpag/OWNERS b/charts/partners/namespace/xcipio-helm-ccpag/OWNERS deleted file mode 100644 index b11c5bd0aa..0000000000 --- a/charts/partners/namespace/xcipio-helm-ccpag/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: xcipio-helm-ccpag - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: namespace - name: SS8 Networks, Inc. diff --git a/charts/partners/namespace/xcipio-helm-ccpag1/OWNERS b/charts/partners/namespace/xcipio-helm-ccpag1/OWNERS deleted file mode 100644 index b6bb506994..0000000000 --- a/charts/partners/namespace/xcipio-helm-ccpag1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: xcipio-helm-ccpag1 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: namespace - name: SS8 Networks, Inc. diff --git a/charts/partners/nearby-computing/nearbyone-controller/2.119.1/report.yaml b/charts/partners/nearby-computing/nearbyone-controller/2.119.1/report.yaml deleted file mode 100644 index 94abff8aad..0000000000 --- a/charts/partners/nearby-computing/nearbyone-controller/2.119.1/report.yaml +++ /dev/null @@ -1,220 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:18336447436037988787 - chart-uri: https://registry.nearbycomputing.com/chartrepo/redhat/charts/nearbyone-controller-2.119.1.tgz - digests: - chart: sha256:1cdd24c3ff3be63e1816b59962a027d03317c44776f55dfe6ef1b9277b896dcb - package: 25082acedb8eb2914aa78def6d9811a3018fab73377ddcc7f1e0b01484bae431 - lastCertifiedTimestamp: "2023-04-27T16:16:08.079605+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.9' - webCatalogOnly: false - chart: - name: nearbyone-controller - home: "" - sources: [] - version: 2.119.1 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://blocklogos.s3.eu-west-1.amazonaws.com/nearbycomputing.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: NearbyOne Controller - kubeversion: '>=1.22' - dependencies: - - name: hydra-maesterless - version: ~0.30.1 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: hydra.enabled - tags: [] - enabled: false - importvalues: [] - alias: hydra - - name: postgresql - version: ~10.16.2 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: hydraDB.enabled - tags: [] - enabled: false - importvalues: [] - alias: hydraDB - - name: keto - version: ~0.27.0 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: keto.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: postgresql - version: ~10.16.2 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: ketoDB.enabled - tags: [] - enabled: false - importvalues: [] - alias: ketoDB - - name: kratos - version: ~0.27.0 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: kratos.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: postgresql - version: ~10.16.2 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: kratosDB.enabled - tags: [] - enabled: false - importvalues: [] - alias: kratosDB - - name: oathkeeper-maesterless - version: ~0.30.0 - repository: https://registry.nearbycomputing.com/chartrepo/public - condition: oathkeeper.enabled - tags: [] - enabled: false - importvalues: [] - alias: oathkeeper - - name: metallb - version: ~0.11.0 - repository: https://metallb.github.io/metallb - condition: metallb.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ingress-nginx - version: 4.2.5 - repository: https://kubernetes.github.io/ingress-nginx - condition: ingress-nginx.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: prometheus - version: ~15.0.1 - repository: https://prometheus-community.github.io/helm-charts - condition: prometheus.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: fluentd - version: ~0.3.7 - repository: https://fluent.github.io/helm-charts - condition: fluentd.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: fluent-bit - version: ~0.24.0 - repository: https://fluent.github.io/helm-charts - condition: fluent-bit.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: external-dns - version: ~6.5.5 - repository: https://charts.bitnami.com/bitnami - condition: externaldns.enabled - tags: [] - enabled: false - importvalues: [] - alias: externaldns - type: application - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/conn-artist:redhat-0.0.36 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/device-manager:redhat-0.0.254 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/mark-hydration:redhat-0.0.12 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/okto-apiserver:redhat-0.0.147 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/okto-eventlogger:redhat-0.0.147 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/settings:redhat-0.0.50 - Image is Red Hat certified : registry.connect.redhat.com/crunchydata/crunchy-postgres:ubi8-15.1-0 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/external/oryd/keto:redhat-v0.10.0 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/wget:redhat-ubi9 - Image is Red Hat certified : registry.connect.redhat.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-4 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/cert-watcher:redhat-0.0.6 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/external/etcd-io/etcd:v3.5.7 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/sally-upload:redhat-0.0.13 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/user-buster:redhat-0.0.55 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/api-gateway:redhat-0.0.407 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/external/oryd/kratos:redhat-v0.11.0 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/okto-controllermanager:redhat-0.0.147 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/service-manager:redhat-0.0.384 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/db-init:redhat-0.0.107 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/invite-user:redhat-0.0.9 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/external/oryd/hydra:redhat-v2.0.3 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/kubectl:redhat-1.26.3 - Image certification skipped : registry.redhat.io/application-interconnect/skupper-site-controller-rhel8:1.2.0 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/web:redhat-0.0.790 - Image is Red Hat certified : registry.connect.redhat.com/couchbase/server:7.1.4-amd64 - Image is Red Hat certified : registry.nearbycomputing.com/nearbyone/external/oryd/oathkeeper:redhat-v0.40.0 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist diff --git a/charts/partners/nearby-computing/nearbyone-controller/OWNERS b/charts/partners/nearby-computing/nearbyone-controller/OWNERS deleted file mode 100644 index 97c4efde08..0000000000 --- a/charts/partners/nearby-computing/nearbyone-controller/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nearbyone-controller - shortDescription: Nearby One Controller -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: fenech -vendor: - label: nearby-computing - name: Nearby Computing SL diff --git a/charts/partners/nearby-computing/nearbyone-v2/OWNERS b/charts/partners/nearby-computing/nearbyone-v2/OWNERS deleted file mode 100644 index 651c13f447..0000000000 --- a/charts/partners/nearby-computing/nearbyone-v2/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nearbyone-v2 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: fenech -vendor: - label: nearby-computing - name: Nearby Computing SL diff --git a/charts/partners/nebulon/csi-nebulon/OWNERS b/charts/partners/nebulon/csi-nebulon/OWNERS deleted file mode 100644 index 5a24b59ce8..0000000000 --- a/charts/partners/nebulon/csi-nebulon/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: csi-nebulon - shortDescription: null -publicPgpKey: null -users: -- githubUsername: arun@nebulon.com -vendor: - label: nebulon - name: Nebulon Inc. diff --git a/charts/partners/nebulon/nebulon-csi-nebulon/OWNERS b/charts/partners/nebulon/nebulon-csi-nebulon/OWNERS deleted file mode 100644 index 1ecb24e18f..0000000000 --- a/charts/partners/nebulon/nebulon-csi-nebulon/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: nebulon-csi-nebulon - shortDescription: null -publicPgpKey: null -users: -- githubUsername: priyanka@nebulon.com -vendor: - label: nebulon - name: Nebulon Inc. diff --git a/charts/partners/nextevolution/nedb-classic/OWNERS b/charts/partners/nextevolution/nedb-classic/OWNERS deleted file mode 100644 index d751201498..0000000000 --- a/charts/partners/nextevolution/nedb-classic/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: nedb-classic - shortDescription: NE.Databridge Classic Helm Chart -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: selamanse -- githubUsername: Blitzableiter -vendor: - label: nextevolution - name: nextevolution GmbH diff --git a/charts/partners/nextevolution/nedb-service-engine/OWNERS b/charts/partners/nextevolution/nedb-service-engine/OWNERS deleted file mode 100644 index 54841a9826..0000000000 --- a/charts/partners/nextevolution/nedb-service-engine/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: nedb-service-engine - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: nextevolution - name: nextevolution GmbH diff --git a/charts/partners/nirmata/kyverno/2.6.4/kyverno-2.6.4.tgz b/charts/partners/nirmata/kyverno/2.6.4/kyverno-2.6.4.tgz deleted file mode 100644 index 73b25146f5..0000000000 Binary files a/charts/partners/nirmata/kyverno/2.6.4/kyverno-2.6.4.tgz and /dev/null differ diff --git a/charts/partners/nirmata/kyverno/2.6.4/report.yaml b/charts/partners/nirmata/kyverno/2.6.4/report.yaml deleted file mode 100644 index 77e1b578dd..0000000000 --- a/charts/partners/nirmata/kyverno/2.6.4/report.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: kyverno-2.6.4.tgz - digests: - chart: sha256:46690196b5eb280b49e7db44657bdc819a7ef169b7139135fc48725e8455ad73 - package: 01d1388c64926684960e696a3d8f09c78b0df3885dfde0a0aa0a8b7e682c4ec8 - lastCertifiedTimestamp: "2022-12-09T13:08:59.467196+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: false - chart: - name: kyverno - home: https://kyverno.io/ - sources: - - https://github.com/kyverno/kyverno - version: 2.6.4 - description: Kubernetes Native Policy Management - keywords: - - kubernetes - - nirmata - - policy agent - - validating webhook - - admissions controller - maintainers: - - name: Nirmata - email: "" - url: https://kyverno.io/ - icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: v1.8.4 - deprecated: false - annotations: - artifacthub.io/changes: | - - kind: added - description: Added possibility to define additional init and sidecar container. - - kind: added - description: Added ability to remove namespaces from default resourceFilters list. - - kind: added - description: Prevent installing Kyverno in namespace kube-system. - - kind: fixed - description: Docs for generatecontrollerExtraResources. - - kind: changed - description: Enable autogen internals by default. - - kind: fixed - description: Self signed certificates not using SANs. - - kind: added - description: Extra args support for init container. - - kind: added - description: Allow overriding of test security context and resource block. - - kind: added - description: Added possibility to define custom image registries - - kind: added - description: Enable adding optional annotations to configmaps - - kind: added - description: Add startup probes support - - kind: added - description: Support extra CRD annotations - - kind: added - description: Grafana dashboard. - artifacthub.io/links: | - - name: Documentation - url: https://kyverno.io/docs - artifacthub.io/operator: "false" - artifacthub.io/prerelease: "false" - charts.openshift.io/name: kyverno - kubeversion: '>=1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyvernopre:v1.8.4 - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyverno:v1.8.4 - Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-120:1-74.1669834626 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist \ No newline at end of file diff --git a/charts/partners/nirmata/kyverno/2.6.5/kyverno-2.6.5.tgz b/charts/partners/nirmata/kyverno/2.6.5/kyverno-2.6.5.tgz deleted file mode 100644 index 2efb28118c..0000000000 Binary files a/charts/partners/nirmata/kyverno/2.6.5/kyverno-2.6.5.tgz and /dev/null differ diff --git a/charts/partners/nirmata/kyverno/2.6.5/report.yaml b/charts/partners/nirmata/kyverno/2.6.5/report.yaml deleted file mode 100644 index dfd65d786a..0000000000 --- a/charts/partners/nirmata/kyverno/2.6.5/report.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: kyverno-2.6.5.tgz - digests: - chart: sha256:049e020cb9dd8e54a32156671d2e0cdb5a772769d16c64dd0c653bac3f99477c - package: bd614af286d981774392327e77020831d0dd85f0119afa06867c7182585fb7a1 - lastCertifiedTimestamp: "2022-12-20T12:54:56.633958+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.3' - providerControlledDelivery: false - chart: - name: kyverno - home: https://kyverno.io/ - sources: - - https://github.com/kyverno/kyverno - version: 2.6.5 - description: Kubernetes Native Policy Management - keywords: - - kubernetes - - nirmata - - policy agent - - validating webhook - - admissions controller - maintainers: - - name: Nirmata - email: "" - url: https://kyverno.io/ - icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: v1.8.5 - deprecated: false - annotations: - artifacthub.io/changes: | - - kind: added - description: Added possibility to define additional init and sidecar container. - - kind: added - description: Added ability to remove namespaces from default resourceFilters list. - - kind: added - description: Prevent installing Kyverno in namespace kube-system. - - kind: fixed - description: Docs for generatecontrollerExtraResources. - - kind: changed - description: Enable autogen internals by default. - - kind: fixed - description: Self signed certificates not using SANs. - - kind: added - description: Extra args support for init container. - - kind: added - description: Allow overriding of test security context and resource block. - - kind: added - description: Added possibility to define custom image registries - - kind: added - description: Enable adding optional annotations to configmaps - - kind: added - description: Add startup probes support - - kind: added - description: Support extra CRD annotations - - kind: added - description: Grafana dashboard. - artifacthub.io/links: | - - name: Documentation - url: https://kyverno.io/docs - artifacthub.io/operator: "false" - artifacthub.io/prerelease: "false" - charts.openshift.io/name: kyverno - kubeversion: '>=1.16.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyvernopre:v1.8.5 - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyverno:v1.8.5 - Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-120:1-74.1669834626 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present \ No newline at end of file diff --git a/charts/partners/nirmata/kyverno/OWNERS b/charts/partners/nirmata/kyverno/OWNERS deleted file mode 100644 index a07ff238a1..0000000000 --- a/charts/partners/nirmata/kyverno/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: kyverno - shortDescription: Kyverno is a Kubernetes Native Policy Management engine. -publicPgpKey: null -users: -- githubUsername: realshuting -- githubUsername: patelrit -vendor: - label: nirmata - name: Nirmata diff --git a/charts/partners/nirmata/kyverno/v2.1.2/kyverno-v2.1.2.tgz b/charts/partners/nirmata/kyverno/v2.1.2/kyverno-v2.1.2.tgz deleted file mode 100644 index 69a13fe151..0000000000 Binary files a/charts/partners/nirmata/kyverno/v2.1.2/kyverno-v2.1.2.tgz and /dev/null differ diff --git a/charts/partners/nirmata/kyverno/v2.1.2/report.yaml b/charts/partners/nirmata/kyverno/v2.1.2/report.yaml deleted file mode 100644 index 95af053c05..0000000000 --- a/charts/partners/nirmata/kyverno/v2.1.2/report.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.3.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: /nirmata/kyverno/kyverno-v2.1.2.tgz - digest: sha256:e2146be6e64f8581d77e026ffda519e03e9ce5e91cae86609cd4e723961856c1 - digests: - chart: sha256:e2146be6e64f8581d77e026ffda519e03e9ce5e91cae86609cd4e723961856c1 - package: 88247892d2f6b5f7eb5d56ed92fccf092bfd9c57f11e9750a756f9df449ee5d9 - lastCertifiedTimestamp: "2021-12-14T05:34:57.758331+00:00" - certifiedOpenShiftVersions: 4.8.0 - chart: - name: kyverno - home: https://kyverno.io/ - sources: - - https://github.com/kyverno/kyverno - version: v2.1.2 - description: Kubernetes Native Policy Management - keywords: - - kubernetes - - nirmata - - policy agent - - validating webhook - - admissions controller - maintainers: - - name: Nirmata - email: "" - url: https://kyverno.io/ - icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: v1.5.1 - deprecated: false - annotations: {} - kubeversion: '>=1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyvernopre:v1.5.1 - Image is Red Hat certified : registry.connect.redhat.com/nirmata/kyverno:v1.5.1 - Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-120:1-5.1638356804 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist \ No newline at end of file diff --git a/charts/partners/nobl9/nobl9-agent/OWNERS b/charts/partners/nobl9/nobl9-agent/OWNERS deleted file mode 100644 index 82b79053b6..0000000000 --- a/charts/partners/nobl9/nobl9-agent/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: nobl9-agent - shortDescription: Nobl9 Agent - Agent to retrieve SLI metrics from configured data - sources and send the data back to the Nobl9 backend. -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: triluch -- githubUsername: alexnauda -vendor: - label: nobl9 - name: Nobl9 diff --git a/charts/partners/nokia-cmm/cmm-operator-k8s/OWNERS b/charts/partners/nokia-cmm/cmm-operator-k8s/OWNERS deleted file mode 100644 index 17a2cbe8f5..0000000000 --- a/charts/partners/nokia-cmm/cmm-operator-k8s/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: cmm-operator-k8s - shortDescription: null -publicPgpKey: null -users: -- githubUsername: NA -vendor: - label: nokia-cmm - name: Nokia Networks - LTTH diff --git a/charts/partners/nokia/cmm-operator-k8s/22.5.0-p4/report.yaml b/charts/partners/nokia/cmm-operator-k8s/22.5.0-p4/report.yaml deleted file mode 100644 index 45456047ff..0000000000 --- a/charts/partners/nokia/cmm-operator-k8s/22.5.0-p4/report.yaml +++ /dev/null @@ -1,90 +0,0 @@ -Using config file: config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:dd31da96f7bec0897f1a95ff2d4215e06af672db659daef999b8945c4467a920 - package: 67e6cdc1422911f1556546ba85554f02b0e5db8220e81efe08581d397366919a - lastCertifiedTimestamp: "2022-09-27T16:58:55.142046+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: 4.7 - 4.11 - providerControlledDelivery: true - chart: - name: cmm-operator-k8s - home: "" - sources: [] - version: 22.5.0-p4 - description: A Helm chart for CMM in Kubernetes using operators - keywords: [] - maintainers: [] - icon: https://www.nokia.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Nokia CMM - charts.openshift.io/provider: Nokia - charts.openshift.io/supportURL: https://github.com/nokiacmm/helm-chart - kubeversion: 1.20.0 - 1.24.0 - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/nepravee/cmm-operator:CMM22.5.0.4' - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - diff --git a/charts/partners/nokia/cmm-operator-k8s/23.2.0-p1/report.yaml b/charts/partners/nokia/cmm-operator-k8s/23.2.0-p1/report.yaml deleted file mode 100644 index 3a3fe4014d..0000000000 --- a/charts/partners/nokia/cmm-operator-k8s/23.2.0-p1/report.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:13138112599617555327 - chart-uri: N/A - digests: - chart: sha256:53a425fc94f395e1a0fff94e3ed55cfa95d1db5cc81774b74a37954b569e03e2 - package: 8e89167feeb1b2479e1e527f15d4b5957dce24bbdcbe15f42ffe7074b9d13883 - lastCertifiedTimestamp: "2023-02-09T16:08:16.797839+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: 4.7 - 4.11 - webCatalogOnly: true - chart: - name: cmm-operator-k8s - home: "" - sources: [] - version: 23.2.0-p1 - description: A Helm chart for CMM in Kubernetes using operators - keywords: [] - maintainers: [] - icon: https://www.nokia.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Nokia CMM - charts.openshift.io/provider: Nokia - charts.openshift.io/supportURL: https://github.com/nokiacmm/helm-chart - kubeversion: 1.20.0 - 1.24.0 - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : quay.io/operatorhubio/catalog:latest - Failed to certify images : quay.io/nepravee/cmm-operator:CMM23.2.0.0 : Tag CMM23.2.0.0 not found. Found : CMM22.5.0.4 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/nokia/cmm-operator-k8s/23.5.0-p1/report.yaml b/charts/partners/nokia/cmm-operator-k8s/23.5.0-p1/report.yaml deleted file mode 100644 index 95c1702e76..0000000000 --- a/charts/partners/nokia/cmm-operator-k8s/23.5.0-p1/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -Using config file: config.yaml -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:14386291006615586129 - chart-uri: N/A - digests: - chart: sha256:29b1d193b74e65da34d2378a1ebd124b2865cb7a418c8668319a9c377d927614 - package: ac3cb007107868eb2c1acaade989c3c1d23cdfc2e93e79792ef35b9e5842fba8 - lastCertifiedTimestamp: "2023-06-05T17:02:09.629013+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: true - chart: - name: cmm-operator-k8s - home: "" - sources: [] - version: 23.5.0-p1 - description: A Helm chart for CMM in Kubernetes using operators - keywords: [] - maintainers: [] - icon: https://www.nokia.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Nokia CMM - charts.openshift.io/provider: Nokia - charts.openshift.io/supportURL: https://github.com/nokiacmm/helm-chart - kubeversion: '>= 1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/nepravee/cmm-operator:CMM23.5.0.0' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/nokia/cmm-operator-k8s/OWNERS b/charts/partners/nokia/cmm-operator-k8s/OWNERS deleted file mode 100644 index 4fd2c8559d..0000000000 --- a/charts/partners/nokia/cmm-operator-k8s/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cmm-operator-k8s - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: nelsonpraveen -vendor: - label: nokia - name: Nokia diff --git a/charts/partners/not-a-real-company/helm-testing/OWNERS b/charts/partners/not-a-real-company/helm-testing/OWNERS deleted file mode 100644 index dcdbb837f0..0000000000 --- a/charts/partners/not-a-real-company/helm-testing/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm-testing - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: not-a-real-company - name: Daphne Test Company diff --git a/charts/partners/notapplicable/illumio-test/OWNERS b/charts/partners/notapplicable/illumio-test/OWNERS deleted file mode 100644 index d5aead5bf6..0000000000 --- a/charts/partners/notapplicable/illumio-test/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: illumio-test - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: notapplicable - name: Illumio diff --git a/charts/partners/notapplicable/illumio/OWNERS b/charts/partners/notapplicable/illumio/OWNERS deleted file mode 100644 index 3d9bae483e..0000000000 --- a/charts/partners/notapplicable/illumio/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: illumio - shortDescription: null -publicPgpKey: null -users: -- githubUsername: jan-lucansky -vendor: - label: notapplicable - name: Illumio diff --git a/charts/partners/ntest/certpm-test-chart/OWNERS b/charts/partners/ntest/certpm-test-chart/OWNERS deleted file mode 100644 index d192cb95c3..0000000000 --- a/charts/partners/ntest/certpm-test-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: certpm-test-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: ntest - name: ypresa-uat1 diff --git a/charts/partners/ntest/test-external-helm/OWNERS b/charts/partners/ntest/test-external-helm/OWNERS deleted file mode 100644 index ddc34a9ca7..0000000000 --- a/charts/partners/ntest/test-external-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-external-helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: ntest - name: ypresa-uat1 diff --git a/charts/partners/ntest/test-helm-project/OWNERS b/charts/partners/ntest/test-helm-project/OWNERS deleted file mode 100644 index 3b5a2ebf27..0000000000 --- a/charts/partners/ntest/test-helm-project/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-project - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: ntest - name: ypresa-uat1 diff --git a/charts/partners/ntest/test-rh-chart/OWNERS b/charts/partners/ntest/test-rh-chart/OWNERS deleted file mode 100644 index fce654a3df..0000000000 --- a/charts/partners/ntest/test-rh-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-rh-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: ntest - name: ypresa-uat1 diff --git a/charts/partners/ntest/yanai-test-1/OWNERS b/charts/partners/ntest/yanai-test-1/OWNERS deleted file mode 100644 index d0eb3951c8..0000000000 --- a/charts/partners/ntest/yanai-test-1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: yanai-test-1 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: ntest - name: ypresa-uat1 diff --git a/charts/partners/nti-containers/sepp/OWNERS b/charts/partners/nti-containers/sepp/OWNERS deleted file mode 100644 index d85af53720..0000000000 --- a/charts/partners/nti-containers/sepp/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: sepp - shortDescription: Internal TITAN.IUM Platform, LLC repository -providerDelivery: false -publicPgpKey: TkE= -users: -- githubUsername: NA -vendor: - label: nti-containers - name: Titan.ium Platform LLC diff --git a/charts/partners/ongres/stackgres-operator-gl/OWNERS b/charts/partners/ongres/stackgres-operator-gl/OWNERS deleted file mode 100644 index 356c0ec27b..0000000000 --- a/charts/partners/ongres/stackgres-operator-gl/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -chart: - name: stackgres-operator-gl - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: ahachete -- githubUsername: gelias -- githubUsername: teoincontatto -- githubUsername: jorsol -vendor: - label: ongres - name: OnGres diff --git a/charts/partners/ongres/stackgres-operator/OWNERS b/charts/partners/ongres/stackgres-operator/OWNERS deleted file mode 100644 index 00183a5172..0000000000 --- a/charts/partners/ongres/stackgres-operator/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -chart: - name: stackgres-operator - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: ahachete -- githubUsername: gelias -- githubUsername: teoincontatto -- githubUsername: jorsol -vendor: - label: ongres - name: OnGres diff --git a/charts/partners/openlegacy-corp/rest-rpc/OWNERS b/charts/partners/openlegacy-corp/rest-rpc/OWNERS deleted file mode 100644 index 087b88cbc6..0000000000 --- a/charts/partners/openlegacy-corp/rest-rpc/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: rest-rpc - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: openlegacy-corp - name: OpenLegacy Technologies Ltd diff --git a/charts/partners/openziti/ziti-host/OWNERS b/charts/partners/openziti/ziti-host/OWNERS deleted file mode 100644 index 86b9b3a8f9..0000000000 --- a/charts/partners/openziti/ziti-host/OWNERS +++ /dev/null @@ -1,17 +0,0 @@ -chart: - name: ziti-host - shortDescription: Expose cluster services with Ziti -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: qrkourier -- githubUsername: dovholuknf -- githubUsername: smilindave26 -- githubUsername: gberl002 -- githubUsername: mguthrie88 -- githubUsername: mikegorman-nf -- githubUsername: sabedevops -- githubUsername: scareything -vendor: - label: openziti - name: NetFoundry diff --git a/charts/partners/opscruise/opscruise/0.35.100/report.yaml b/charts/partners/opscruise/opscruise/0.35.100/report.yaml deleted file mode 100644 index 5629eee047..0000000000 --- a/charts/partners/opscruise/opscruise/0.35.100/report.yaml +++ /dev/null @@ -1,332 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:1530424512291900759 - chart-uri: https://opscruise-helm.bitbucket.io/opscruise-0.35.100.tgz.gzip - digests: - chart: sha256:3936a9deac923380aa2dd842f19da07d32030a867ebd05eea48dd38b895b82c0 - package: 04623afc4fe021480af2282dcc61f59aae626bb11fd3dc9116134224e8fdbbd8 - lastCertifiedTimestamp: "2023-02-10T02:29:23.721977+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.4' - webCatalogOnly: false - chart: - name: opscruise - home: "" - sources: [] - version: 0.35.100 - description: A Helm chart for installing OpsCruise - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 3.2.1 - deprecated: false - annotations: - charts.openshift.io/name: opscruise - kubeversion: ^1.16.1-0 - dependencies: - - name: awsgw - version: 0.1.0 - repository: "" - condition: global.awsgw.enabled,awsgw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: k8sgw - version: 0.1.0 - repository: "" - condition: global.k8sgw.enabled,k8sgw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: promgw - version: 0.1.0 - repository: "" - condition: global.promgw.enabled,promgw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: loggw-loki - version: 0.1.0 - repository: "" - condition: global.loggw-loki.enabled,loggw-loki.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: azuregw - version: 0.1.0 - repository: "" - condition: global.azuregw.enabled,azuregw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: gcpgw - version: 0.1.0 - repository: "" - condition: global.gcpgw.enabled,gcpgw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: tracegw - version: 0.1.0 - repository: "" - condition: global.tracegw.enabled,tracegw.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: trace-router - version: 0.1.0 - repository: "" - condition: global.trace-router.enabled,trace-router.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: opscruise-node-exporter - version: 0.1.0 - repository: "" - condition: global.opscruise-node-exporter.enabled,opscruise-node-exporter.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: opscruise-node-exporter-new - version: 0.1.0 - repository: "" - condition: global.opscruise-node-exporter-new.enabled,opscruise-node-exporter-new.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: prometheus-yace-exporter - version: 0.5.0 - repository: https://mogaal.github.io/helm-charts - condition: global.prometheus-yace-exporter.enabled,prometheus-yace-exporter.enabled - tags: - - opscruise - enabled: false - importvalues: [] - alias: "" - - name: cadvisor - version: 0.1.0 - repository: "" - condition: global.cadvisor.enabled,cadvisor.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: kube-state-metrics - version: 0.1.0 - repository: "" - condition: global.kube-state-metrics.enabled,kube-state-metrics.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: fluent-bit - version: 0.20.2 - repository: https://fluent.github.io/helm-charts - condition: global.fluent-bit.enabled,fluent-bit.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: prometheus - version: 0.1.0 - repository: "" - condition: global.prometheus.enabled,prometheus.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: loki-stack - version: 2.3.0 - repository: https://grafana.github.io/helm-charts - condition: global.loki-stack.enabled,loki-stack.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: jaeger - version: 0.47.0 - repository: https://jaegertracing.github.io/helm-charts - condition: global.jaeger.enabled,jaeger.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: jaeger-operator - version: 2.24.0 - repository: https://jaegertracing.github.io/helm-charts - condition: global.jaeger-operator.enabled,jaeger-operator.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: prometheus-postgres-exporter - version: 2.4.0 - repository: https://prometheus-community.github.io/helm-charts - condition: global.prometheus-postgres-exporter.enabled,prometheus-postgres-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: prometheus-mongodb-exporter - version: 3.1.2 - repository: https://prometheus-community.github.io/helm-charts - condition: global.prometheus-mongodb-exporter.enabled,prometheus-mongodb-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: kafka-exporter - version: 0.1.0 - repository: "" - condition: global.kafka-exporter.enabled,kafka-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: prometheus-mysql-exporter - version: 1.5.0 - repository: https://prometheus-community.github.io/helm-charts - condition: global.prometheus-mysql-exporter.enabled,prometheus-mysql-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: influxdb-exporter - version: 0.1.0 - repository: "" - condition: global.influxdb-exporter.enabled,influxdb-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: x509-certificate-exporter - version: 3.4.0 - repository: https://charts.enix.io - condition: global.x509-certificate-exporter.enabled,x509-certificate-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: prometheus-redis-exporter - version: 5.2.1 - repository: https://prometheus-community.github.io/helm-charts - condition: global.prometheus-redis-exporter.enabled,prometheus-redis-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - - name: nginx-prometheus-exporter - version: 0.1.0 - repository: "" - condition: global.nginx-prometheus-exporter.enabled,nginx-prometheus-exporter.enabled - tags: - - collectors - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: FAIL - reason: Chart contains CRDs - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-node-exporter:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-awsgw:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-gcpgw:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-k8sgw:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-loggw:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-promgw:rel35.2.1 - Image is Red Hat certified : registry.connect.redhat.com/opscruise/opscruise-tracegw:rel35.2.1 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - diff --git a/charts/partners/opscruise/opscruise/OWNERS b/charts/partners/opscruise/opscruise/OWNERS deleted file mode 100644 index 396de287a0..0000000000 --- a/charts/partners/opscruise/opscruise/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: opscruise - shortDescription: Helm chart for deploying OpsCruise -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: sudheeshopscruise -- githubUsername: cesar-quintana-opscruise -vendor: - label: opscruise - name: Opscruise, Inc. diff --git a/charts/partners/progressoft/corpay-helm/OWNERS b/charts/partners/progressoft/corpay-helm/OWNERS deleted file mode 100644 index 810f109787..0000000000 --- a/charts/partners/progressoft/corpay-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: corpay-helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: progressoft - name: ProgressSoft Corporation diff --git a/charts/partners/progressoft/corpay-progressoft/19.0.3/report.yaml b/charts/partners/progressoft/corpay-progressoft/19.0.3/report.yaml deleted file mode 100644 index 491008be47..0000000000 --- a/charts/partners/progressoft/corpay-progressoft/19.0.3/report.yaml +++ /dev/null @@ -1,530 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: N/A - digests: - chart: sha256:39b7fdecbc249d5570a769e0814575f7d3d65a99445c0d43be5459ca05dbfc75 - package: 356344e13ba47e2a7c7187803ebe1da430c22bd4e420620b1ca988956ba827d3 - lastCertifiedTimestamp: "2022-12-27T17:31:03.429214+03:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: corpay-progressoft - home: "" - sources: [] - version: 19.0.3 - description: corpay team helm chart - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 19.0.3 - deprecated: false - annotations: - charts.openshift.io/name: corpay-progressoft - charts.openshift.io/provider: ProgressSoft Corporation - charts.openshift.io/supportURL: https://www.progressoft.com/ - kubeversion: '> 1.19.0' - dependencies: - - name: keycloak - version: "" - repository: "" - condition: global.keycloak_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mq-rest-api - version: "" - repository: "" - condition: global.mq_rest_api_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: data-management - version: "" - repository: "" - condition: global.data_management_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: beneficiary - version: "" - repository: "" - condition: global.beneficiary_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bi-dashboard - version: "" - repository: "" - condition: global.bi_dashboard_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: payments - version: "" - repository: "" - condition: global.payments_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: template-engine - version: "" - repository: "" - condition: global.template_engine_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: corporate-ui-shell - version: "" - repository: "" - condition: global.corporate_ui_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bank-frontend-shell - version: "" - repository: "" - condition: global.bank_frontend_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ecc-sync - version: "" - repository: "" - condition: global.ecc_sync_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: onus-sync - version: "" - repository: "" - condition: global.onus_sync_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: eccapi-mock - version: "" - repository: "" - condition: global.eccapi_mock_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cash-management - version: "" - repository: "" - condition: global.cash_management_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bc - version: "" - repository: "" - condition: global.bc_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: corpay-utility - version: "" - repository: "" - condition: global.corpay_utility_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sib-corporate-shell - version: "" - repository: "" - condition: global.sib_corporate_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: nic-bcn-integration - version: "" - repository: "" - condition: global.nic_bcn_integration_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: uae-sib-integration - version: "" - repository: "" - condition: global.uae_sib_integration_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: qib-integration - version: "" - repository: "" - condition: global.qib_integration_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: oracledb - version: "" - repository: "" - condition: global.oracledb_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sib-corporate-profile - version: "" - repository: "" - condition: global.sib_corporate_profile_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: tf-config-service - version: "" - repository: "" - condition: global.tf_config_service_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: idm - version: "" - repository: "" - condition: global.idm_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: checks - version: "" - repository: "" - condition: global.checks_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: zuul-gateway - version: "" - repository: "" - condition: global.zuul_gateway_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sib-checks-mngt - version: "" - repository: "" - condition: global.sib_checks_mngt_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: mailhog - version: "" - repository: "" - condition: global.mailhog_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: operator-ui-shell - version: "" - repository: "" - condition: global.operator_ui_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bnft-bank-shell - version: "" - repository: "" - condition: global.bnft_bank_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sib-bank-shell - version: "" - repository: "" - condition: global.sib_bank_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: artemis - version: "" - repository: "" - condition: global.artemis_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: artemis-ha - version: "" - repository: "" - condition: global.artemis_ha_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ecc-simulator - version: "" - repository: "" - condition: global.ecc_simulator_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: payment-file-parser - version: "" - repository: "" - condition: global.payment_file_parser_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: bc - version: "" - repository: "" - condition: global.bc_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lg - version: "" - repository: "" - condition: global.lg_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: gc - version: "" - repository: "" - condition: global.gc_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: lc - version: "" - repository: "" - condition: global.lc_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: retail-ui-shell - version: "" - repository: "" - condition: global.retail_ui_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: corpay-integration - version: "" - repository: "" - condition: global.corpay_integration_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: oab-integration - version: "" - repository: "" - condition: global.oab_integration_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: corpay-castlemock - version: "" - repository: "" - condition: global.corpay_castlemock_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: chatbot - version: "" - repository: "" - condition: global.chatbot_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: main-shell - version: "" - repository: "" - condition: global.main_shell_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: fixed-deposits-and-loans - version: "" - repository: "" - condition: global.fixed_deposits_and_loans_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: docs - version: "" - repository: "" - condition: global.docs_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: iccs-api - version: "" - repository: "" - condition: global.iccs_api_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: cloud-gateway - version: "" - repository: "" - condition: global.cloud_gateway_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: file-parser - version: "" - repository: "" - condition: global.file_parser_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: correspondence - version: "" - repository: "" - condition: global.correspondence_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: ibmmq - version: "" - repository: "" - condition: global.ibmmq_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: hazelcast - version: "" - repository: "" - condition: global.hazelcast_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: events-store - version: "" - repository: "" - condition: global.events_store_enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : harbor.progressoft.io/kryptonite/data-management-openshift-demo:v22.2.2 - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi-minimal:8.7-923.1669829893 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/corpay-docs-openshift-demo:221215-718071e9 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/files-parser-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/corpay-frontend-bank-shell-openshift:221215-637f71f9 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/beneficiary-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/cash-management-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/corpay-frontend-corporate-shell-openshift:221215-637f71f9 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/fixed-deposits-and-loans-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/payments-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/corpay-castlemock-openshift-demo:221215-164b066f - Image is Red Hat certified : harbor.progressoft.io/kryptonite/corpay-utility-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/oab-integration-openshift-demo:221215-1bfad3ac - Image is Red Hat certified : registry.access.redhat.com/ubi8/ubi:8.7-1037 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/checks-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/api-gateway-openshift-demo:v22.2.2 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/correspondence-openshift-demo:v22.2.2 - Image is Red Hat certified : progressoft/artemis-openshift:2.26.0 - Image is Red Hat certified : harbor.progressoft.io/kryptonite/idm-openshift-demo:v22.2.2 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist diff --git a/charts/partners/progressoft/corpay-progressoft/OWNERS b/charts/partners/progressoft/corpay-progressoft/OWNERS deleted file mode 100644 index 0ea516f691..0000000000 --- a/charts/partners/progressoft/corpay-progressoft/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: corpay-progressoft - shortDescription: "ProgressSoft\u2019s Corporate Banking (PS-CORPay) Suite introduces\ - \ a solution that enables corporates to manage front-office banking services." -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: nour-alsatari -- githubUsername: naelalbashir -vendor: - label: progressoft - name: ProgressSoft Corporation diff --git a/charts/partners/progressoft/web-catalog-only/OWNERS b/charts/partners/progressoft/web-catalog-only/OWNERS deleted file mode 100644 index d54a398e4d..0000000000 --- a/charts/partners/progressoft/web-catalog-only/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: web-catalog-only - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: progressoft - name: ProgressSoft Corporation diff --git a/charts/partners/quay.io/flomesh/fsm/OWNERS b/charts/partners/quay.io/flomesh/fsm/OWNERS deleted file mode 100644 index 3c9c956837..0000000000 --- a/charts/partners/quay.io/flomesh/fsm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: fsm - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: reaver-flomesh -vendor: - label: quay.io/flomesh - name: Flomesh diff --git a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/rafay-operator-redhat-0.2.1.tgz b/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/rafay-operator-redhat-0.2.1.tgz deleted file mode 100644 index 1d01afc301..0000000000 Binary files a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/rafay-operator-redhat-0.2.1.tgz and /dev/null differ diff --git a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/report.yaml b/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/report.yaml deleted file mode 100644 index dfe2471f37..0000000000 --- a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.1/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:18154893873636075289 - chart-uri: rafay-operator-redhat-0.2.1.tgz - digests: - chart: sha256:e90ed52496459379a844f3c7e258f6e71f024ab6ed0a8530be643f84003d5987 - package: fff15d14a1546115d27fa4ec911c079e3f82d378f3bb2d780ebdaee17077fc15 - lastCertifiedTimestamp: "2023-03-29T19:54:50.3391+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: false - chart: - name: rafay-operator-redhat - home: "" - sources: [] - version: 0.2.1 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: rafay-operator-redhat - kubeversion: '>= 1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.rafay-edge.net/rafay/cluster-controller-redhat:r1.22.1 - Image is Red Hat certified : registry.rafay-edge.net/rafay/rafay-kubectl:1.2 - Image is Red Hat certified : registry.rafay-edge.net/rafay/rafay-connector-redhat:r1.22.1 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present \ No newline at end of file diff --git a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/rafay-operator-redhat-0.2.3.tgz b/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/rafay-operator-redhat-0.2.3.tgz deleted file mode 100644 index d34a5dec9e..0000000000 Binary files a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/rafay-operator-redhat-0.2.3.tgz and /dev/null differ diff --git a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/report.yaml b/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/report.yaml deleted file mode 100644 index 312f7f4e10..0000000000 --- a/charts/partners/rafaysystems/rafay-operator-redhat/0.2.3/report.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:15264398072255749232 - chart-uri: rafay-operator-redhat-0.2.3.tgz - digests: - chart: sha256:8f0eb56841646ced1cc4145ebe64eb758dc81b4f2aad91939282745637206335 - package: d5bf43c7066c1b553f4c547aac68680d9c834d9079d09f2ccd7e4472cd83f001 - lastCertifiedTimestamp: "2023-07-22T01:24:27.75999+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.7' - webCatalogOnly: false - chart: - name: rafay-operator-redhat - home: https://github.com/RafaySystems/rafay-helm-charts/tree/main/charts/rafay-operator-redhat - sources: [] - version: 0.2.3 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://rafay-partner-logos.s3.us-west-1.amazonaws.com/rafay-charts-logo.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: rafay-operator-redhat - kubeversion: '>= 1.20.0-0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.rafay-edge.net/rafay/rafay-kubectl:1.2 - Image is Red Hat certified : registry.rafay-edge.net/rafay/rafay-connector-redhat:r1.26.0-1 - Image is Red Hat certified : registry.rafay-edge.net/rafay/cluster-controller-redhat:r1.26.0-1 - Image is Red Hat certified : registry.access.redhat.com/ubi8-init:8.8-8 - Image is Red Hat certified : registry.rafay-edge.net/rafay/rafay-relay-agent-redhat:r1.26.0-1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist \ No newline at end of file diff --git a/charts/partners/rafaysystems/rafay-operator-redhat/OWNERS b/charts/partners/rafaysystems/rafay-operator-redhat/OWNERS deleted file mode 100644 index f882631dae..0000000000 --- a/charts/partners/rafaysystems/rafay-operator-redhat/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: rafay-operator-redhat - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: kutumba-rafay -vendor: - label: rafaysystems - name: Rafay Systems diff --git a/charts/partners/rebaca/abot-chart/OWNERS b/charts/partners/rebaca/abot-chart/OWNERS deleted file mode 100644 index 9a521d4db6..0000000000 --- a/charts/partners/rebaca/abot-chart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: abot-chart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: rebaca - name: Rebaca Technologies diff --git a/charts/partners/rebaca/abot-ocp-helm/OWNERS b/charts/partners/rebaca/abot-ocp-helm/OWNERS deleted file mode 100644 index e6d24b4fa7..0000000000 --- a/charts/partners/rebaca/abot-ocp-helm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: abot-ocp-helm - shortDescription: abot -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: suchi-rebaca -vendor: - label: rebaca - name: Rebaca Technologies diff --git a/charts/partners/redhat-arkady-test/alex-chart/OWNERS b/charts/partners/redhat-arkady-test/alex-chart/OWNERS deleted file mode 100644 index b1520a6725..0000000000 --- a/charts/partners/redhat-arkady-test/alex-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: alex-chart - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/arkady-chart/OWNERS b/charts/partners/redhat-arkady-test/arkady-chart/OWNERS deleted file mode 100644 index fd12b86664..0000000000 --- a/charts/partners/redhat-arkady-test/arkady-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: arkady-chart - shortDescription: short-arkady-chart -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/avautochart/OWNERS b/charts/partners/redhat-arkady-test/avautochart/OWNERS deleted file mode 100644 index 258ec5f8e2..0000000000 --- a/charts/partners/redhat-arkady-test/avautochart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: avautochart - shortDescription: This is a short description! -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/avautochart1/OWNERS b/charts/partners/redhat-arkady-test/avautochart1/OWNERS deleted file mode 100644 index 6a5d37f096..0000000000 --- a/charts/partners/redhat-arkady-test/avautochart1/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: avautochart1 - shortDescription: This is a short description avautochart1! -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/avautochart2/OWNERS b/charts/partners/redhat-arkady-test/avautochart2/OWNERS deleted file mode 100644 index 731052cf35..0000000000 --- a/charts/partners/redhat-arkady-test/avautochart2/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: avautochart2 - shortDescription: This is a short description avautochart2! -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/cmm-operator-k8s/OWNERS b/charts/partners/redhat-arkady-test/cmm-operator-k8s/OWNERS deleted file mode 100644 index 76baad200b..0000000000 --- a/charts/partners/redhat-arkady-test/cmm-operator-k8s/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: cmm-operator-k8s - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/cmm-operator/OWNERS b/charts/partners/redhat-arkady-test/cmm-operator/OWNERS deleted file mode 100644 index d850334279..0000000000 --- a/charts/partners/redhat-arkady-test/cmm-operator/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cmm-operator - shortDescription: cmmtest -publicPgpKey: null -users: -- githubUsername: wying3 -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/cmmchart/OWNERS b/charts/partners/redhat-arkady-test/cmmchart/OWNERS deleted file mode 100644 index 9445edc51f..0000000000 --- a/charts/partners/redhat-arkady-test/cmmchart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: cmmchart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochar4/OWNERS b/charts/partners/redhat-arkady-test/demochar4/OWNERS deleted file mode 100644 index 66db6738e2..0000000000 --- a/charts/partners/redhat-arkady-test/demochar4/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochar4 - shortDescription: This is a short description demochart4! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart1/OWNERS b/charts/partners/redhat-arkady-test/demochart1/OWNERS deleted file mode 100644 index 49e4270098..0000000000 --- a/charts/partners/redhat-arkady-test/demochart1/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart1 - shortDescription: This is a short description demochart1! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart10/OWNERS b/charts/partners/redhat-arkady-test/demochart10/OWNERS deleted file mode 100644 index 06d89f84ad..0000000000 --- a/charts/partners/redhat-arkady-test/demochart10/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart10 - shortDescription: This is a short description demochart10! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart11/OWNERS b/charts/partners/redhat-arkady-test/demochart11/OWNERS deleted file mode 100644 index 9739e21ee5..0000000000 --- a/charts/partners/redhat-arkady-test/demochart11/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart11 - shortDescription: This is a short description demochart11! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart12/OWNERS b/charts/partners/redhat-arkady-test/demochart12/OWNERS deleted file mode 100644 index 5ea8292b4a..0000000000 --- a/charts/partners/redhat-arkady-test/demochart12/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart12 - shortDescription: This is a short description demochart12! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart13/OWNERS b/charts/partners/redhat-arkady-test/demochart13/OWNERS deleted file mode 100644 index eac0ff463e..0000000000 --- a/charts/partners/redhat-arkady-test/demochart13/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart13 - shortDescription: This is a short description demochart13! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart14/OWNERS b/charts/partners/redhat-arkady-test/demochart14/OWNERS deleted file mode 100644 index 5651f83e26..0000000000 --- a/charts/partners/redhat-arkady-test/demochart14/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart14 - shortDescription: This is a short description demochart14! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart15/OWNERS b/charts/partners/redhat-arkady-test/demochart15/OWNERS deleted file mode 100644 index b481ec06ef..0000000000 --- a/charts/partners/redhat-arkady-test/demochart15/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart15 - shortDescription: This is a short description demochart15! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart2/OWNERS b/charts/partners/redhat-arkady-test/demochart2/OWNERS deleted file mode 100644 index 289043703f..0000000000 --- a/charts/partners/redhat-arkady-test/demochart2/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart2 - shortDescription: This is a short description demochart2! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart3/OWNERS b/charts/partners/redhat-arkady-test/demochart3/OWNERS deleted file mode 100644 index 4d48805cd9..0000000000 --- a/charts/partners/redhat-arkady-test/demochart3/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart3 - shortDescription: This is a short description demochart3! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart4/OWNERS b/charts/partners/redhat-arkady-test/demochart4/OWNERS deleted file mode 100644 index b40d86f25a..0000000000 --- a/charts/partners/redhat-arkady-test/demochart4/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: demochart4 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart5/OWNERS b/charts/partners/redhat-arkady-test/demochart5/OWNERS deleted file mode 100644 index b0b0aa755c..0000000000 --- a/charts/partners/redhat-arkady-test/demochart5/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart5 - shortDescription: This is a short description demochart5! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart7/OWNERS b/charts/partners/redhat-arkady-test/demochart7/OWNERS deleted file mode 100644 index b6aceafb25..0000000000 --- a/charts/partners/redhat-arkady-test/demochart7/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart7 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart8/OWNERS b/charts/partners/redhat-arkady-test/demochart8/OWNERS deleted file mode 100644 index ca72141791..0000000000 --- a/charts/partners/redhat-arkady-test/demochart8/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart8 - shortDescription: This is a short description demochart8! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/demochart9/OWNERS b/charts/partners/redhat-arkady-test/demochart9/OWNERS deleted file mode 100644 index 06deae5869..0000000000 --- a/charts/partners/redhat-arkady-test/demochart9/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: demochart9 - shortDescription: This is a short description demochart9! -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/mychart/OWNERS b/charts/partners/redhat-arkady-test/mychart/OWNERS deleted file mode 100644 index 3c06354c4a..0000000000 --- a/charts/partners/redhat-arkady-test/mychart/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: mychart - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/newchart/OWNERS b/charts/partners/redhat-arkady-test/newchart/OWNERS deleted file mode 100644 index 9b389bd5aa..0000000000 --- a/charts/partners/redhat-arkady-test/newchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: newchart - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml b/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml deleted file mode 100644 index f76a0b9720..0000000000 --- a/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.3.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: https://github.com/ansvu/samplechart/releases/download/samplechart-0.1.1/samplechart-0.1.1.tgz - digests: - chart: sha256:7eb4836e9b39d05743a44320b4b9d057269409fa0605c6c797a960221a63e214 - package: 6823ec50ab88b1cf6970bb1ce0ee696a5d78adec5ce8e7f6640b4d8d44944fb5 - lastCertifiedTimestamp: "2021-12-07T14:41:30.222057-06:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.7' - chart: - name: samplechart - home: "" - sources: [] - version: 0.1.1 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: https://www.example.com/chart-icon.png - apiversion: v2 - condition: "" - tags: "" - appversion: 1-42 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: RedHat Test - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-118:1-42' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - diff --git a/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml.asc b/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml.asc deleted file mode 100644 index 5b408c288f..0000000000 --- a/charts/partners/redhat-arkady-test/samplechart/0.1.1/report.yaml.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEXX25J0HFrc8OVYbUySdI/lGfHRUFAmGvx4gACgkQySdI/lGf -HRVdyAgAoUQHlIM8rp7K5i6UzexeZaMTYBO9iR1neAiPpVjZ6c4+SEi268KghY61 -dukaaeoob7BsIiY5pIPOZXYeEcftrAWcGfhYquQa4lnMdv1q1/SSI0iAecphY1V5 -THL4318BOFRj38bPEr5g/GsN0JSGtfg9aOnyW1VcNJzNpbNZxZOoanJmvuiazq9e -RgKuJ70koIZP9dJz4657SSBJtJ/f0b5TbXZQCrJI9U5Hjn+osE2U9YVO5gcoa4+A -54gfYLZPQMxsJLR7IXX0inLKkps1bcuzQtvz2bUnnFZawaLzVA3PgDAh/70Ucviy -eaI9BsPKUf8iZ6JNJ8teUUnVRVJWIg== -=Kdzq ------END PGP SIGNATURE----- diff --git a/charts/partners/redhat-arkady-test/samplechart/OWNERS b/charts/partners/redhat-arkady-test/samplechart/OWNERS deleted file mode 100644 index e852692c8c..0000000000 --- a/charts/partners/redhat-arkady-test/samplechart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: samplechart - shortDescription: update description -publicPgpKey: null -users: -- githubUsername: wying3 -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/test1/0.1.0/test1-0.1.0.tgz b/charts/partners/redhat-arkady-test/test1/0.1.0/test1-0.1.0.tgz deleted file mode 100644 index 60d37d4a99..0000000000 Binary files a/charts/partners/redhat-arkady-test/test1/0.1.0/test1-0.1.0.tgz and /dev/null differ diff --git a/charts/partners/redhat-arkady-test/test1/OWNERS b/charts/partners/redhat-arkady-test/test1/OWNERS deleted file mode 100644 index 114573507f..0000000000 --- a/charts/partners/redhat-arkady-test/test1/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test1 - shortDescription: Short description of a Helm chart project. -publicPgpKey: null -users: -- githubUsername: wying3 -- githubUsername: sebrandon1 -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/test2/OWNERS b/charts/partners/redhat-arkady-test/test2/OWNERS deleted file mode 100644 index 0beed194dd..0000000000 --- a/charts/partners/redhat-arkady-test/test2/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test2 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart-after-ns-changed/OWNERS b/charts/partners/redhat-arkady-test/testchart-after-ns-changed/OWNERS deleted file mode 100644 index 567f404ea0..0000000000 --- a/charts/partners/redhat-arkady-test/testchart-after-ns-changed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testchart-after-ns-changed - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart1/OWNERS b/charts/partners/redhat-arkady-test/testchart1/OWNERS deleted file mode 100644 index 287a57c22e..0000000000 --- a/charts/partners/redhat-arkady-test/testchart1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testchart1 - shortDescription: null -publicPgpKey: null -users: -- githubUsername: yinwang@redhat.com -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart10/OWNERS b/charts/partners/redhat-arkady-test/testchart10/OWNERS deleted file mode 100644 index 4cd3e25e85..0000000000 --- a/charts/partners/redhat-arkady-test/testchart10/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart10 - shortDescription: This is a short description testchart10 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart11/OWNERS b/charts/partners/redhat-arkady-test/testchart11/OWNERS deleted file mode 100644 index a5fc05f458..0000000000 --- a/charts/partners/redhat-arkady-test/testchart11/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart11 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart12/OWNERS b/charts/partners/redhat-arkady-test/testchart12/OWNERS deleted file mode 100644 index e5a69d6224..0000000000 --- a/charts/partners/redhat-arkady-test/testchart12/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart12 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart13/OWNERS b/charts/partners/redhat-arkady-test/testchart13/OWNERS deleted file mode 100644 index 0bfe6d9d80..0000000000 --- a/charts/partners/redhat-arkady-test/testchart13/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart13 - shortDescription: This is a short description testchart13 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart2/OWNERS b/charts/partners/redhat-arkady-test/testchart2/OWNERS deleted file mode 100644 index 0943fc3ae0..0000000000 --- a/charts/partners/redhat-arkady-test/testchart2/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart2 - shortDescription: This is a short description testchart2 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart3/OWNERS b/charts/partners/redhat-arkady-test/testchart3/OWNERS deleted file mode 100644 index 92761034e0..0000000000 --- a/charts/partners/redhat-arkady-test/testchart3/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart3 - shortDescription: This is a short description testchart3 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart4/OWNERS b/charts/partners/redhat-arkady-test/testchart4/OWNERS deleted file mode 100644 index b74468e095..0000000000 --- a/charts/partners/redhat-arkady-test/testchart4/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart4 - shortDescription: This is a short description testchart4 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart5/OWNERS b/charts/partners/redhat-arkady-test/testchart5/OWNERS deleted file mode 100644 index b97666ff1b..0000000000 --- a/charts/partners/redhat-arkady-test/testchart5/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart5 - shortDescription: This is a short description testchart5 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart6/OWNERS b/charts/partners/redhat-arkady-test/testchart6/OWNERS deleted file mode 100644 index e09d8b1952..0000000000 --- a/charts/partners/redhat-arkady-test/testchart6/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart6 - shortDescription: This is a short description testchart6 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart7/OWNERS b/charts/partners/redhat-arkady-test/testchart7/OWNERS deleted file mode 100644 index 24411799be..0000000000 --- a/charts/partners/redhat-arkady-test/testchart7/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart7 - shortDescription: This is a short description testchart7 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart8/OWNERS b/charts/partners/redhat-arkady-test/testchart8/OWNERS deleted file mode 100644 index 68d819ec7e..0000000000 --- a/charts/partners/redhat-arkady-test/testchart8/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart8 - shortDescription: This is a short description testchart8 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/testchart9/OWNERS b/charts/partners/redhat-arkady-test/testchart9/OWNERS deleted file mode 100644 index 97d3fff9b7..0000000000 --- a/charts/partners/redhat-arkady-test/testchart9/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: testchart9 - shortDescription: This is a short description testchart9 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ansvu -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-arkady-test/yhelmchart/OWNERS b/charts/partners/redhat-arkady-test/yhelmchart/OWNERS deleted file mode 100644 index 0323c29fc7..0000000000 --- a/charts/partners/redhat-arkady-test/yhelmchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: yhelmchart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-arkady-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-caastestreg/johns-test-web-helm-chart/OWNERS b/charts/partners/redhat-caastestreg/johns-test-web-helm-chart/OWNERS deleted file mode 100644 index 7115bd37f1..0000000000 --- a/charts/partners/redhat-caastestreg/johns-test-web-helm-chart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: johns-test-web-helm-chart - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-caastestreg - name: RED HAT, INC. diff --git a/charts/partners/redhat-caastestreg/testte/OWNERS b/charts/partners/redhat-caastestreg/testte/OWNERS deleted file mode 100644 index d854489225..0000000000 --- a/charts/partners/redhat-caastestreg/testte/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: testte - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-caastestreg - name: Red Hat diff --git a/charts/partners/redhat-sap-cop/test-chart/OWNERS b/charts/partners/redhat-sap-cop/test-chart/OWNERS deleted file mode 100644 index 19ab2bb8b9..0000000000 --- a/charts/partners/redhat-sap-cop/test-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: elhadjici -vendor: - label: redhat-sap-cop - name: Red Hat diff --git a/charts/partners/redhat-sap-cop/test-helm-cnf/OWNERS b/charts/partners/redhat-sap-cop/test-helm-cnf/OWNERS deleted file mode 100644 index 91ae5330bf..0000000000 --- a/charts/partners/redhat-sap-cop/test-helm-cnf/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-cnf - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sap-cop - name: Red Hat diff --git a/charts/partners/redhat-sp/chartname/OWNERS b/charts/partners/redhat-sp/chartname/OWNERS deleted file mode 100644 index 8a23450761..0000000000 --- a/charts/partners/redhat-sp/chartname/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chartname - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/chartnamee/OWNERS b/charts/partners/redhat-sp/chartnamee/OWNERS deleted file mode 100644 index f6d441dea0..0000000000 --- a/charts/partners/redhat-sp/chartnamee/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chartnamee - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/ext5/OWNERS b/charts/partners/redhat-sp/ext5/OWNERS deleted file mode 100644 index 5f52d79a06..0000000000 --- a/charts/partners/redhat-sp/ext5/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: ext5 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/external/OWNERS b/charts/partners/redhat-sp/external/OWNERS deleted file mode 100644 index 27810e2427..0000000000 --- a/charts/partners/redhat-sp/external/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: external - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626110997/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626110997/OWNERS deleted file mode 100644 index b1ca3164c3..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626110997/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626110997 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626111159/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626111159/OWNERS deleted file mode 100644 index 6df8390d15..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626111159/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626111159 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626115473/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626115473/OWNERS deleted file mode 100644 index a8bbd02383..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626115473/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626115473 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626115684/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626115684/OWNERS deleted file mode 100644 index eee9c10afc..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626115684/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626115684 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626151651/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626151651/OWNERS deleted file mode 100644 index 4aa7e1d653..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626151651/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626151651 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-chart-internal-1626151862/OWNERS b/charts/partners/redhat-sp/helm-chart-internal-1626151862/OWNERS deleted file mode 100644 index 2900abc095..0000000000 --- a/charts/partners/redhat-sp/helm-chart-internal-1626151862/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-chart-internal-1626151862 - shortDescription: Test Helm Chart Short DESC -publicPgpKey: MTIzNDU2Nzg5MA== -users: -- githubUsername: sawalgiriraj -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-prod/OWNERS b/charts/partners/redhat-sp/helm-prod/OWNERS deleted file mode 100644 index c897640b6d..0000000000 --- a/charts/partners/redhat-sp/helm-prod/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm-prod - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm-project/OWNERS b/charts/partners/redhat-sp/helm-project/OWNERS deleted file mode 100644 index bd16f7addb..0000000000 --- a/charts/partners/redhat-sp/helm-project/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-project - shortDescription: test short desc -publicPgpKey: LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdDYW1oZ0JFQUNhbFVuZU10Mm5lMDIwTHVsVnU0Q3FZV1NNME83TTdMY01UTEIwcGFKMlZlOGNTNFVzCnpQcUMveS9rTmo4dkJVbG1TNzFMY25zdGIxVVJiTGJic1pTd1lXUU5oT1FWenJIRWF2clZ5ckNCT3hGTzVOUC8KSTMwNWlnSDh1RVBXb2JDcXhLT0J1VjdaUzJrcUN5RlhxYkp1c2Zzc2NqTHNFTW51SmJkWTU5M2h5VklabmIrZwpaam5SajVEb0RBNWZEZ25sci9KSzdZRnVoYmxReFBIcTBLS1dDR3JEdGNQL095NkdpeWQvRHo3UXh1WU9wcy85CndRYnNzOS8ybXB1TWpNWDF6VGtKdEVwdHZDa2F3WGtwL0EySnc1UjRtTjFwczhOaXU5M1RmcUpzRHUyZUo4M1oKK3lBanRLbWpOVEhrUUNsZ0xxaXZ5dUliZklMaHJoYzhCYVBGZUUvcnoyNXYvTjNDcytpYjVwcGR1Qk5KRllVWgpSZmJIdElabUJuVzNCU0Z1Q3ErNG9EZHZFU1Ryam1oWGhvN0k1TEtHYUFOMWJYRUpLSURxTTdZS2xNbkJlWGhXCnR2NDk1K2locy84Q3EwVjY4ejJCc2Zwa0pXbTVwN3VOSXZFeUs4UFd5UDlTT3BWYVROb2ZneUVGNCs0N2NOQkYKeXBQSzZ2UzlUYkRmOHFDOGdXbTlFZ2tobGRyRGlVejR2UC9jZVhoNzM5NXc1WitYQ2Z1bUgybFo2dHBZQk1GMgoxaC9HSDZFZjhISUNqajlJSTA1VEthTWRIeDJNZDhGbmlRT3RuWUdzWG5wVDdYZTFHYU9sK3IzTHUxZXQ3Rlk1CitEbVkzazh6Q2MxcGtvTEZDTTRjbW1yMG9mSk5wcjFwSjVsbWVtVXNQS2RCSjE3QndiblZHUjVXdlFBUkFRQUIKdEI1U1pXUWdTR0YwSUZSbGMzUWdQSFJsYzNSQWNtVmthR0YwTG1OdmJUNkpBaTBFRXdFS0FCY0ZBbUNhbWhnQwpHeThEQ3drSEF4VUtDQUllQVFJWGdBQUtDUkFLbHpiYzFXQ1VpbWdoRUFDVnpQU0hWOUZIR0Q0RjRKMy9BcXlpClZocFdGWGFNUWVhM2Z4dFNzR2FOelM4dklvZGd4K2M1RmFxQnNUVFluRm8yTjJrSzhWSHlTbEVEMlYwSEt2N1MKSnEvVnFMamJpR05nSTFBRWhTMmVuUTVpS0MvMExSMWhGY2NnTUFNSGN6M0NmVE9nbDJKcmJ6RjlXdiswM3Bzegp6UE1GckZpamVkbEE5UVkvQlRsOU9tc3FRc3hMTURpSUtFSmdkTElEZEdiZ2FEbVhRaVI1dTc1Vy85S2RYV1NuCkxtZHZ4dlg1emtZWmtzc3dKSkVWMW1uRUN2aVhIa3NYUTZEREY1VzdoaHBTY2JyRlIyM002MExRRU00RC9TUGUKMGxSb3lkVnA2OFdpN2tFTkl6SUtiV2JoRUNmblpZWHdjMkkyQ1ZxNHFqaUM1S0ZOTk00QWwzRlhST20rRC9mOApyZkg5VnFBRVlURk16b1hlY2czV3I2Uk1aTE5aaXlIc1J5YzArUCtDT1lra09yVVArVEE3b1ZSaW1OV2FGclloCjNlU2tvVno2aXlnK0JMUmZ3M2twVFkyS3J6b0FDVXl1QzBMUHEvZlJCRFRTS1poVytJbkhwQXVUUlhCcDZpbXgKQ2VDOU55SnpDS3BLQWY5VHVsMlRiY0NmbnBUUUJDYnM2czduSUJEV1pacjJKb2dNUE1YMVJlVGtTeGNYRUJVMAo3WnQ5SHZYa0VOTDUxK3djMDIrY1g3T2o5MjQ4RU95SWFyWDRjMWRxQ29BY3Q2Vi9ZVmozU1FGRTJiUTBEL0xDCldrbjQwRS9Uc3RqY2pHQkM2bUVjOElOblhiY1dxQVVmbk1rWEN3Mm4wd2V5NkxsdUN5ajMyWlpieHgrVFNDN0cKdWl5ZzhYTXFpTldoSFkyV3pkRzc3cmtDRFFSZ21wb1lBUkFBdGVOMVY2eHdYM1FZSDZOdHIxVW9JVlBBcURUSgpEVjdHQURVNWp6ejBiekNnOTRMeERkTXdwdVVkb0hXZk9Xamp2N1g1L0pUdE5IQTE2TjNYbGJWcVg1aDhUU0RvCklmbGpyb3hTeUNqVVNDVG13bDQ4ZEUxZkozMVFrZVIrd3lUdWxUQXNjSG9nMDJNMXZNRFM4aFpTMUJ2UC8ydTIKSWtVNk5zQm1UM3JWT1hCNXNweVVBYVh6aW9wcTlMSUNaTnFuMXdZK3hadktRSFIyd0wvdzE2Q0hYMXMzZmJBOApTbkNPejAvYnF6WTdEQ2tyTDRuMmR1bkNTdWV2OHpOVDFpV3EwK0hnenZYRnN4N094RFB4VWlnNGpVTEpmdmlyCm0wN0prUDN3MDVJTmxjL1JGaHZIam5OaW1SMFp2ejVacUpEL05Rbk44WFkvSmVCS2FpMWwzWkdqS2paZHZjSisKUlhqd2M4WmtSdGp6a0g4NWt0Q0g4c3VUaWp1aTJzd0xOQWVPVUtaRjFBRUt6UmJKSDJiYmRncTc5Y3U1aFpJSQp3bHZJVy95cERkWHY5UVdQRFo1T3dwWlkrYXZGak42dldmOG1UTW1VbjVTaFIrRmNCdjd1c2ZrRXBUYysxWWZrClpET0tGRUYyZnpyOFVTQXA5T2xWVjdBMGNXclhkejdSTFZtaHV1eVcwVEY1U3BKM1hvQnBXQnoraXhSWlEvaXUKeTdVcEYvNHpNVXVvbGduTndaOVFHMUhEalR4SHZGZmdCTzVJNVRNdG9jSkhHYlVPaThucGJBbG5Qd1NxSVBMNApQTU1uZU5McmF6aUJsZkFoMmNQWGJwYjJOWjFGS0hScDd2TWF2eU83R2JOeVlTWVRLSlkzWStGcTg2cysxb010CnU3YkI0bEUrY3praHZMY0FFUUVBQVlrRVJBUVlBUW9BRHdVQ1lKcWFHQVVKRHdtY0FBSWJMZ0lwQ1JBS2x6YmMKMVdDVWlzRmRJQVFaQVFvQUJnVUNZSnFhR0FBS0NSQTBDQVN1NXErY055WUlEL3NIeDVYZXk3LzNkRDhqUDJ4ZQo1bjVDQjJDZzZFOURkTkJMc1ZHNjliYlFtS25iTFFOaDJKQlh1eVRDQnpMK0pMaEo2NU9xZ0puMUl2Q1owT1ZlCmJTb3JhTElQcVVUQi9EL2M2UHl0cDJySzlpZXdGRmtMc2NDV0hFbnk1d2tRbStZd2NhTitycFQ4TCtCN3ZBdGIKWk82ZkM4UTBWRGxiSUlrWktaOGtpc0NxeVd2MnVmRHRkU0liWmJuTkkzSGdES09nL2JNZzRwZ0hYcms4Z3p6NQpTR29WaDBGY2lNeXdDajZxTUFCUmlveDJFcUc2b3dKN1IwaGNhUUZucXlyZUpRNXJqVUhZaXh1dVJ0enpvWkdiCm1wa09BQXdQa1VHcUlNTEJZcGhzZHhxSGZVZUtLNFFWaGxIdGFIVzdiUFI0YXZQNjgwallaaEQyTUZQZzVTcGsKWGoyQkZyWmw1Ny9zM01SdWo5VUFWMXArQmNadURtOFZVdnc1OTdHbnkrcTIwQVRQZWhIUUdtN0lyWHIwd3BrRwpkL3JGbmtTdFY2YnNkdE53R3VsM3BJditFdDFZSWM5VnNJMnhQSHptdDFBVjYzUyt1R0VtNmwyUUtrWDRVVE1nCm1OK3psd1R6VHN4Z1AwR1oxZHYwWWpiNy9WWFRpRGJyUUtBUjZxamRlbFpSYVRTVEpWTU1Bai9EeE04MnVjQjgKbmhzSm5KYVBtYy90aFJ5MEpKWnp5Z2NKR3BoUWp6WWZOWFhxcHNiZGFPU2xCaGN6bVNxbEN4QXBzSkR0RGlkbwpIb3ZiSHdvMEpHemhHNXYrOWdjNk1STkF0U2l5LzNJL0VjOHhEdGw3eEE3SC91bnEwMWNGbWRHQWxad1RSM2VBCk45aXgwdmFoaGVqbHRJZXpDTzdubVYvcC9jajNELzlnbzBnYVo4UHJKaU9Ja0JzbkgrbFU1SHZNRFZTZkZkNlUKenR2TzV1MnkzZi9zNnFVYTFFUFViQzc5MEVLT3FzNGYwQXo2NFJNbTRZeWoxdWdySVRpUXdBSi9uVGNPUDdoUgpaMysxeE9nZ21OM2NtbGlDcW1Fd1NmOFFvVkNUSlg5alpCOFdGN1V1cWkvc2cveS9zdjE5KzN2NnMxaWZyZEZzCjYwVk5UZk1jRFh1UVpGQ0FKOGg4SFNRSnhuRnd5bkhyT2U2WkVYclRPUHRCdStyNlIxZ05BNHNQdE9kWkR2WDcKWDNreStaZWMyMWVlVDJJaEx1SnlZUDNZS2hXbUUzWWNQbEh6SDJ4SVptd1pLNG1QeStwWk9EMmdDRUJlOFRLZgpKQnpkajNDbzRBMVZYZ0tRVUM4aHE1Z1hndTIxLzVpcFZDdmd2Zm1aUEUxeXViWWZXcWFNWDJUMUFBT1h6L3ZGCmxFL0VaNFpEbW5BbnhuTWwwS3dmK1FhZTVaNDBEOGMwZm5zeHg0amthekZ1aFV4VC81bnlvNGg3QUY4UDJLdlYKVllMWG4vQjhwekZSMFhEbENGbTZ4TCtvMDhtK2FVM2pLcXJ2VlY4OHB3eXF2YlpVQUZwS2s2NFhzamRVMlRGbgpJVWNqVmN6Tmd1YlZRM0JIdnovbW85VDVKUk1IZnFQclRmZjZ0cURWOTFrc3NKTXdyQk5ZbThPYUxoK3kzNGU3ClM3K3hBQXAyeHI0YlptRVk2L3ZkUWhYczFjQ1RGcGY1SldITDRYM0RwNnVob0ZJS09VSVZOVEV3aDRRVGI1ZkMKZUR4Z1lFNzZMdjZiMW4zcXZRNkl0WXkvME0rRjBTSG5TM0YySFpoL3ZyNHlYcVI1a2FpbXlJdFNwN1FNOXJJZAo4TTBwb1N1ZGtia0NEUVJnbXBvWUFSQUF5VzdIcVhXcUxPSzVpa3R4UHNTWXpCKzY0dHFzY1IvKzFxVmhKSzB2Cm9rWC9PVnlyd0Y4d25uS0xIS0kyUDZ4aVpYczd6Nnk0YjhTcHdZTkZ1b0pCUDBQcVN5TWExNXVqdGNlcmJZWVUKSFhWaW9zNVRIcmhrY3hNcTFSQ0tiR2pPNDR1T3c5NklTcXdTU0xTTWxuN2JxUWtDeVBabzdiVXdyRjQ2QldHTQpyQ2oyNjNTd1VIOUdSRDBzbjc1aXNSTmZnVFlUTHJwUkltKzRBVlRnVmpFWkVFSFY1VWY3aFNxVGJWUzgrVVJzCm9WR0Z5eUU0cWFyekpVc1FQOE1adjJMc3pOS0dqQ0szc205YzhyRkpnRFF6M3h4Ukl4anJ1aE50dVFkcHkzYUMKclBwMnduQnRKTEl2ME90WDZRekJIRVJQMGhwLzhpQjlLUDBqRWtxZkNLUFNhdkZVN05OdmlJbWdyaWhnNDAyVwpRQXhZd0Y3cE50eXdkSnFOUU11RWRNVWpRR2lwUDZEdml6N2xHNk9CUUE3ckYvM25LZjVHcXc2NjRSTk9WbnovCklSV0ljNDVxQUxLSko4Tzd5b2ppSHl6SEdLVzBmdExYc1FYQU03czRXQVV3MDhseVhOLzlRTjdSa0dLL0g4WGoKWlcrKzVjaFVNeXRQS0hOZjVrTHpuQzVGODFIV1ptNnBWVDFqbkpHWEd5VlVmNGZpWVB1Z1RERko5Q2tKZlBtagpRR2prdHcrOG5TWTBCdGp5THl4a1RDOVl4WktNSFI3cUJydCsxTnVZZzdyMGlBM0JmUEgrbjBNcG5rWk9LSXcxCktWaVEzZkkzUC9ucW9ocUdQWWx5R1lGM0h3Z0lKeW1idVovZlY0UW1tSGIrcmtFaXRvMmx0R0gwTnBMeGw3NTkKVXJFQUVRRUFBWWtFUkFRWUFRb0FEd1VDWUpxYUdBVUpEd21jQUFJYkxnSXBDUkFLbHpiYzFXQ1Vpc0ZkSUFRWgpBUW9BQmdVQ1lKcWFHQUFLQ1JDcC9FTlVRWk5YRUFMWUQvOTZYQVd2cHpjVE92MTZhVm1OdVpMbGZvQklkcWZyCnVreitQZ3dIcmhJLzBqYlVVUDlhcDZaOTlYTjZJNlk2QWRyeGFncE9XSklVaDgzaXA3SmVHcXBRdThuZmN6WW4KYTQwWnk5SGFidUU2Wk1UR2E4TndTYWppa2UvUDBnRzFIVkFobzVpZEV1Z1h2MUFvb09kaTYwMVNqS1J0U1U2WQpaZ3FWWWJtWTI1eEZWbXh6ZXlSdWdiTC90OGNCYWFOVUlHY1JnSmNZVFRLbGxUekdqRU1hTUJEb1NMbS80Sm56CmpJdWpqY1FEbzUyMWFpN0tmYmFSUHRJUFdmcnV1MnRaRjBWVm1yYmJxV3ZmTnZSejBRTCtnY2QxWk42bjd4SEYKeUhFOTJNUGdlTU1rRmtWTHhONCtOQzJhQ0ZZYkxxYXE3ZEJsWEdvZUI1QUQveVpTZWo4eDltYnhWSDNTSkdIUAoxRGhXOXhadHNDV0grNmdPV21HZCtoY1JPWXJVMVhpL3k0TGE5LzRLbFdod3dSNjJlNVVIY0N4cUYvTnZnbDJFClRlOGY0Vm4ycXZYTUQwUGdNMmF2OVVvSWlYUk9pRlF0NVV2R0pKRE9vVTBybjNodWRickNKcXh0MGltT2gyaHEKVGNBcEgxdTd4T0JnTytLY2EyNjRSdldKZURxZ3ZXd0l3clE2dll3T0UrQ2xjS3Z4SjlHeFFmUCt3QTZqYkNpdgpwNXIxUEZhRWdXWCtYZnVUL2pYRXBuRGxoZjZOd2lMRXVZZDBJUFc2eDBBbW1lbE1EMmxpTElLY0RSaS9RcnozCjVhckJsQWlYWlVRdGZGTXVRS1ZzOXlKZG14VUhYWXBtWGNSSmtBZmpKeGZicFpFQzlaQzBzdmdid1VQODRiRWYKOUtLYTk3MG9RaiszRENKY0QvMFVlaUN2S3ZXT3NqZFFsYnRmWnBSL0FCNXFMOW5STnhpaGh0WGwwT3RBbFJ2NApiWVNyZ2gzM3BLek1nMkNSamlhY1NoMzVMNVFxZGxWcHE0ZkgzdlVtWG5LQ0lWMXlrcnlxSFlFUEx6dHdCajJDClVsQmVuQXdvMFM4RjNDUWpIOW4zWnEzeHVMSlNCMkMwVUxhR2JlNXZPdno0cTFHZWkvU2IzTDJMTTRiQXdNWWsKU3NhT211ZWhOQUF1REhLd2lIK2hVUmV3aGN5Mjh6YWN0dXNkblB4OXJCajJ3bXp2Q2lWcnhsOHcwQnZablRRVgpQOW10aEtOK1g5bGVrK2VmVnBQaWV0c2dGMTJZeDQ2M2tUM3VKelJyM2QyRDk1MWhVbXJyNHhsZXF0Z1hBUkwrCk9pRFNYbmFhV2QwVWtkWjlGUHFOOHlsbU5JQUZ0S3NFd2V1SFpKb1BCeW9XZTlSZjZHeDROS0VHdGRVYjZvbkYKdUNQYThTNEpXNERYRTdaVHFlNkpmbXFFMmpiTTVHT1U5Tmp3b01YaDFsbVlwcEY4Wk02QXhWSjNxaUlnc0hFQwo5RTU5RnFrM05nYmhSUXBRZGZHR0VMUU80TVhuSVFTYk50KzVGZ1FIalZDRG1YY0VDVDBGcXNteXk4MmFYRDR2CjJvV0xlY2h1YklwYUdOa0M0SE9lMVU2QTZHTWt4Vzc0RjdObXh1c2lTQ1R4UFl0UTZMZVpLMDRCcDVpQmg2bUYKQXdFWGRXb05RQ1lBeTE1VW40TFZBQzlNaElmRy9tU3BHRjl3bjRobVVCRVNVRlpKbU1SY1FteGJyYXk2aVZsSAp6NGVKRzk5Qlk2bzgxaEpHZUNuS1YzNGRrckgxdVNGR1dwNWRicVdCNzl6MGUwWmpQZWczR2lUREpvcTBwdz09Cj00clFQCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K -users: -- githubUsername: kanchan04katare -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/helm/OWNERS b/charts/partners/redhat-sp/helm/OWNERS deleted file mode 100644 index ff9ed823fb..0000000000 --- a/charts/partners/redhat-sp/helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm - shortDescription: null -publicPgpKey: null -users: -- githubUsername: khatare -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/internal/OWNERS b/charts/partners/redhat-sp/internal/OWNERS deleted file mode 100644 index d51b356c9b..0000000000 --- a/charts/partners/redhat-sp/internal/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: internal - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/nt/OWNERS b/charts/partners/redhat-sp/nt/OWNERS deleted file mode 100644 index 624d41e0c5..0000000000 --- a/charts/partners/redhat-sp/nt/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: nt - shortDescription: vcvf -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/prod/OWNERS b/charts/partners/redhat-sp/prod/OWNERS deleted file mode 100644 index 681a07060e..0000000000 --- a/charts/partners/redhat-sp/prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: prod - shortDescription: Short repository description -publicPgpKey: null -users: -- githubUsername: kkatare -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/rr/OWNERS b/charts/partners/redhat-sp/rr/OWNERS deleted file mode 100644 index 539e473727..0000000000 --- a/charts/partners/redhat-sp/rr/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: rr - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat, Inc. diff --git a/charts/partners/redhat-sp/rrrrr/OWNERS b/charts/partners/redhat-sp/rrrrr/OWNERS deleted file mode 100644 index d9fe44332b..0000000000 --- a/charts/partners/redhat-sp/rrrrr/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: rrrrr - shortDescription: null -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: redhat-sp - name: Red Hat, Inc. diff --git a/charts/partners/redhat-sp/test-5/OWNERS b/charts/partners/redhat-sp/test-5/OWNERS deleted file mode 100644 index 5dbd047713..0000000000 --- a/charts/partners/redhat-sp/test-5/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-5 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/test-chart-for-kt/OWNERS b/charts/partners/redhat-sp/test-chart-for-kt/OWNERS deleted file mode 100644 index cd959aebc0..0000000000 --- a/charts/partners/redhat-sp/test-chart-for-kt/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-chart-for-kt - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/test-helm-chart-demo/OWNERS b/charts/partners/redhat-sp/test-helm-chart-demo/OWNERS deleted file mode 100644 index 596e23e446..0000000000 --- a/charts/partners/redhat-sp/test-helm-chart-demo/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test-helm-chart-demo - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/test-helm/OWNERS b/charts/partners/redhat-sp/test-helm/OWNERS deleted file mode 100644 index 0682ed9d59..0000000000 --- a/charts/partners/redhat-sp/test-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm - shortDescription: null -publicPgpKey: LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdDYW1oZ0JFQUNhbFVuZU10Mm5lMDIwTHVsVnU0Q3FZV1NNME83TTdMY01UTEIwcGFKMlZlOGNTNFVzCnpQcUMveS9rTmo4dkJVbG1TNzFMY25zdGIxVVJiTGJic1pTd1lXUU5oT1FWenJIRWF2clZ5ckNCT3hGTzVOUC8KSTMwNWlnSDh1RVBXb2JDcXhLT0J1VjdaUzJrcUN5RlhxYkp1c2Zzc2NqTHNFTW51SmJkWTU5M2h5VklabmIrZwpaam5SajVEb0RBNWZEZ25sci9KSzdZRnVoYmxReFBIcTBLS1dDR3JEdGNQL095NkdpeWQvRHo3UXh1WU9wcy85CndRYnNzOS8ybXB1TWpNWDF6VGtKdEVwdHZDa2F3WGtwL0EySnc1UjRtTjFwczhOaXU5M1RmcUpzRHUyZUo4M1oKK3lBanRLbWpOVEhrUUNsZ0xxaXZ5dUliZklMaHJoYzhCYVBGZUUvcnoyNXYvTjNDcytpYjVwcGR1Qk5KRllVWgpSZmJIdElabUJuVzNCU0Z1Q3ErNG9EZHZFU1Ryam1oWGhvN0k1TEtHYUFOMWJYRUpLSURxTTdZS2xNbkJlWGhXCnR2NDk1K2locy84Q3EwVjY4ejJCc2Zwa0pXbTVwN3VOSXZFeUs4UFd5UDlTT3BWYVROb2ZneUVGNCs0N2NOQkYKeXBQSzZ2UzlUYkRmOHFDOGdXbTlFZ2tobGRyRGlVejR2UC9jZVhoNzM5NXc1WitYQ2Z1bUgybFo2dHBZQk1GMgoxaC9HSDZFZjhISUNqajlJSTA1VEthTWRIeDJNZDhGbmlRT3RuWUdzWG5wVDdYZTFHYU9sK3IzTHUxZXQ3Rlk1CitEbVkzazh6Q2MxcGtvTEZDTTRjbW1yMG9mSk5wcjFwSjVsbWVtVXNQS2RCSjE3QndiblZHUjVXdlFBUkFRQUIKdEI1U1pXUWdTR0YwSUZSbGMzUWdQSFJsYzNSQWNtVmthR0YwTG1OdmJUNkpBaTBFRXdFS0FCY0ZBbUNhbWhnQwpHeThEQ3drSEF4VUtDQUllQVFJWGdBQUtDUkFLbHpiYzFXQ1VpbWdoRUFDVnpQU0hWOUZIR0Q0RjRKMy9BcXlpClZocFdGWGFNUWVhM2Z4dFNzR2FOelM4dklvZGd4K2M1RmFxQnNUVFluRm8yTjJrSzhWSHlTbEVEMlYwSEt2N1MKSnEvVnFMamJpR05nSTFBRWhTMmVuUTVpS0MvMExSMWhGY2NnTUFNSGN6M0NmVE9nbDJKcmJ6RjlXdiswM3Bzegp6UE1GckZpamVkbEE5UVkvQlRsOU9tc3FRc3hMTURpSUtFSmdkTElEZEdiZ2FEbVhRaVI1dTc1Vy85S2RYV1NuCkxtZHZ4dlg1emtZWmtzc3dKSkVWMW1uRUN2aVhIa3NYUTZEREY1VzdoaHBTY2JyRlIyM002MExRRU00RC9TUGUKMGxSb3lkVnA2OFdpN2tFTkl6SUtiV2JoRUNmblpZWHdjMkkyQ1ZxNHFqaUM1S0ZOTk00QWwzRlhST20rRC9mOApyZkg5VnFBRVlURk16b1hlY2czV3I2Uk1aTE5aaXlIc1J5YzArUCtDT1lra09yVVArVEE3b1ZSaW1OV2FGclloCjNlU2tvVno2aXlnK0JMUmZ3M2twVFkyS3J6b0FDVXl1QzBMUHEvZlJCRFRTS1poVytJbkhwQXVUUlhCcDZpbXgKQ2VDOU55SnpDS3BLQWY5VHVsMlRiY0NmbnBUUUJDYnM2czduSUJEV1pacjJKb2dNUE1YMVJlVGtTeGNYRUJVMAo3WnQ5SHZYa0VOTDUxK3djMDIrY1g3T2o5MjQ4RU95SWFyWDRjMWRxQ29BY3Q2Vi9ZVmozU1FGRTJiUTBEL0xDCldrbjQwRS9Uc3RqY2pHQkM2bUVjOElOblhiY1dxQVVmbk1rWEN3Mm4wd2V5NkxsdUN5ajMyWlpieHgrVFNDN0cKdWl5ZzhYTXFpTldoSFkyV3pkRzc3cmtDRFFSZ21wb1lBUkFBdGVOMVY2eHdYM1FZSDZOdHIxVW9JVlBBcURUSgpEVjdHQURVNWp6ejBiekNnOTRMeERkTXdwdVVkb0hXZk9Xamp2N1g1L0pUdE5IQTE2TjNYbGJWcVg1aDhUU0RvCklmbGpyb3hTeUNqVVNDVG13bDQ4ZEUxZkozMVFrZVIrd3lUdWxUQXNjSG9nMDJNMXZNRFM4aFpTMUJ2UC8ydTIKSWtVNk5zQm1UM3JWT1hCNXNweVVBYVh6aW9wcTlMSUNaTnFuMXdZK3hadktRSFIyd0wvdzE2Q0hYMXMzZmJBOApTbkNPejAvYnF6WTdEQ2tyTDRuMmR1bkNTdWV2OHpOVDFpV3EwK0hnenZYRnN4N094RFB4VWlnNGpVTEpmdmlyCm0wN0prUDN3MDVJTmxjL1JGaHZIam5OaW1SMFp2ejVacUpEL05Rbk44WFkvSmVCS2FpMWwzWkdqS2paZHZjSisKUlhqd2M4WmtSdGp6a0g4NWt0Q0g4c3VUaWp1aTJzd0xOQWVPVUtaRjFBRUt6UmJKSDJiYmRncTc5Y3U1aFpJSQp3bHZJVy95cERkWHY5UVdQRFo1T3dwWlkrYXZGak42dldmOG1UTW1VbjVTaFIrRmNCdjd1c2ZrRXBUYysxWWZrClpET0tGRUYyZnpyOFVTQXA5T2xWVjdBMGNXclhkejdSTFZtaHV1eVcwVEY1U3BKM1hvQnBXQnoraXhSWlEvaXUKeTdVcEYvNHpNVXVvbGduTndaOVFHMUhEalR4SHZGZmdCTzVJNVRNdG9jSkhHYlVPaThucGJBbG5Qd1NxSVBMNApQTU1uZU5McmF6aUJsZkFoMmNQWGJwYjJOWjFGS0hScDd2TWF2eU83R2JOeVlTWVRLSlkzWStGcTg2cysxb010CnU3YkI0bEUrY3praHZMY0FFUUVBQVlrRVJBUVlBUW9BRHdVQ1lKcWFHQVVKRHdtY0FBSWJMZ0lwQ1JBS2x6YmMKMVdDVWlzRmRJQVFaQVFvQUJnVUNZSnFhR0FBS0NSQTBDQVN1NXErY055WUlEL3NIeDVYZXk3LzNkRDhqUDJ4ZQo1bjVDQjJDZzZFOURkTkJMc1ZHNjliYlFtS25iTFFOaDJKQlh1eVRDQnpMK0pMaEo2NU9xZ0puMUl2Q1owT1ZlCmJTb3JhTElQcVVUQi9EL2M2UHl0cDJySzlpZXdGRmtMc2NDV0hFbnk1d2tRbStZd2NhTitycFQ4TCtCN3ZBdGIKWk82ZkM4UTBWRGxiSUlrWktaOGtpc0NxeVd2MnVmRHRkU0liWmJuTkkzSGdES09nL2JNZzRwZ0hYcms4Z3p6NQpTR29WaDBGY2lNeXdDajZxTUFCUmlveDJFcUc2b3dKN1IwaGNhUUZucXlyZUpRNXJqVUhZaXh1dVJ0enpvWkdiCm1wa09BQXdQa1VHcUlNTEJZcGhzZHhxSGZVZUtLNFFWaGxIdGFIVzdiUFI0YXZQNjgwallaaEQyTUZQZzVTcGsKWGoyQkZyWmw1Ny9zM01SdWo5VUFWMXArQmNadURtOFZVdnc1OTdHbnkrcTIwQVRQZWhIUUdtN0lyWHIwd3BrRwpkL3JGbmtTdFY2YnNkdE53R3VsM3BJditFdDFZSWM5VnNJMnhQSHptdDFBVjYzUyt1R0VtNmwyUUtrWDRVVE1nCm1OK3psd1R6VHN4Z1AwR1oxZHYwWWpiNy9WWFRpRGJyUUtBUjZxamRlbFpSYVRTVEpWTU1Bai9EeE04MnVjQjgKbmhzSm5KYVBtYy90aFJ5MEpKWnp5Z2NKR3BoUWp6WWZOWFhxcHNiZGFPU2xCaGN6bVNxbEN4QXBzSkR0RGlkbwpIb3ZiSHdvMEpHemhHNXYrOWdjNk1STkF0U2l5LzNJL0VjOHhEdGw3eEE3SC91bnEwMWNGbWRHQWxad1RSM2VBCk45aXgwdmFoaGVqbHRJZXpDTzdubVYvcC9jajNELzlnbzBnYVo4UHJKaU9Ja0JzbkgrbFU1SHZNRFZTZkZkNlUKenR2TzV1MnkzZi9zNnFVYTFFUFViQzc5MEVLT3FzNGYwQXo2NFJNbTRZeWoxdWdySVRpUXdBSi9uVGNPUDdoUgpaMysxeE9nZ21OM2NtbGlDcW1Fd1NmOFFvVkNUSlg5alpCOFdGN1V1cWkvc2cveS9zdjE5KzN2NnMxaWZyZEZzCjYwVk5UZk1jRFh1UVpGQ0FKOGg4SFNRSnhuRnd5bkhyT2U2WkVYclRPUHRCdStyNlIxZ05BNHNQdE9kWkR2WDcKWDNreStaZWMyMWVlVDJJaEx1SnlZUDNZS2hXbUUzWWNQbEh6SDJ4SVptd1pLNG1QeStwWk9EMmdDRUJlOFRLZgpKQnpkajNDbzRBMVZYZ0tRVUM4aHE1Z1hndTIxLzVpcFZDdmd2Zm1aUEUxeXViWWZXcWFNWDJUMUFBT1h6L3ZGCmxFL0VaNFpEbW5BbnhuTWwwS3dmK1FhZTVaNDBEOGMwZm5zeHg0amthekZ1aFV4VC81bnlvNGg3QUY4UDJLdlYKVllMWG4vQjhwekZSMFhEbENGbTZ4TCtvMDhtK2FVM2pLcXJ2VlY4OHB3eXF2YlpVQUZwS2s2NFhzamRVMlRGbgpJVWNqVmN6Tmd1YlZRM0JIdnovbW85VDVKUk1IZnFQclRmZjZ0cURWOTFrc3NKTXdyQk5ZbThPYUxoK3kzNGU3ClM3K3hBQXAyeHI0YlptRVk2L3ZkUWhYczFjQ1RGcGY1SldITDRYM0RwNnVob0ZJS09VSVZOVEV3aDRRVGI1ZkMKZUR4Z1lFNzZMdjZiMW4zcXZRNkl0WXkvME0rRjBTSG5TM0YySFpoL3ZyNHlYcVI1a2FpbXlJdFNwN1FNOXJJZAo4TTBwb1N1ZGtia0NEUVJnbXBvWUFSQUF5VzdIcVhXcUxPSzVpa3R4UHNTWXpCKzY0dHFzY1IvKzFxVmhKSzB2Cm9rWC9PVnlyd0Y4d25uS0xIS0kyUDZ4aVpYczd6Nnk0YjhTcHdZTkZ1b0pCUDBQcVN5TWExNXVqdGNlcmJZWVUKSFhWaW9zNVRIcmhrY3hNcTFSQ0tiR2pPNDR1T3c5NklTcXdTU0xTTWxuN2JxUWtDeVBabzdiVXdyRjQ2QldHTQpyQ2oyNjNTd1VIOUdSRDBzbjc1aXNSTmZnVFlUTHJwUkltKzRBVlRnVmpFWkVFSFY1VWY3aFNxVGJWUzgrVVJzCm9WR0Z5eUU0cWFyekpVc1FQOE1adjJMc3pOS0dqQ0szc205YzhyRkpnRFF6M3h4Ukl4anJ1aE50dVFkcHkzYUMKclBwMnduQnRKTEl2ME90WDZRekJIRVJQMGhwLzhpQjlLUDBqRWtxZkNLUFNhdkZVN05OdmlJbWdyaWhnNDAyVwpRQXhZd0Y3cE50eXdkSnFOUU11RWRNVWpRR2lwUDZEdml6N2xHNk9CUUE3ckYvM25LZjVHcXc2NjRSTk9WbnovCklSV0ljNDVxQUxLSko4Tzd5b2ppSHl6SEdLVzBmdExYc1FYQU03czRXQVV3MDhseVhOLzlRTjdSa0dLL0g4WGoKWlcrKzVjaFVNeXRQS0hOZjVrTHpuQzVGODFIV1ptNnBWVDFqbkpHWEd5VlVmNGZpWVB1Z1RERko5Q2tKZlBtagpRR2prdHcrOG5TWTBCdGp5THl4a1RDOVl4WktNSFI3cUJydCsxTnVZZzdyMGlBM0JmUEgrbjBNcG5rWk9LSXcxCktWaVEzZkkzUC9ucW9ocUdQWWx5R1lGM0h3Z0lKeW1idVovZlY0UW1tSGIrcmtFaXRvMmx0R0gwTnBMeGw3NTkKVXJFQUVRRUFBWWtFUkFRWUFRb0FEd1VDWUpxYUdBVUpEd21jQUFJYkxnSXBDUkFLbHpiYzFXQ1Vpc0ZkSUFRWgpBUW9BQmdVQ1lKcWFHQUFLQ1JDcC9FTlVRWk5YRUFMWUQvOTZYQVd2cHpjVE92MTZhVm1OdVpMbGZvQklkcWZyCnVreitQZ3dIcmhJLzBqYlVVUDlhcDZaOTlYTjZJNlk2QWRyeGFncE9XSklVaDgzaXA3SmVHcXBRdThuZmN6WW4KYTQwWnk5SGFidUU2Wk1UR2E4TndTYWppa2UvUDBnRzFIVkFobzVpZEV1Z1h2MUFvb09kaTYwMVNqS1J0U1U2WQpaZ3FWWWJtWTI1eEZWbXh6ZXlSdWdiTC90OGNCYWFOVUlHY1JnSmNZVFRLbGxUekdqRU1hTUJEb1NMbS80Sm56CmpJdWpqY1FEbzUyMWFpN0tmYmFSUHRJUFdmcnV1MnRaRjBWVm1yYmJxV3ZmTnZSejBRTCtnY2QxWk42bjd4SEYKeUhFOTJNUGdlTU1rRmtWTHhONCtOQzJhQ0ZZYkxxYXE3ZEJsWEdvZUI1QUQveVpTZWo4eDltYnhWSDNTSkdIUAoxRGhXOXhadHNDV0grNmdPV21HZCtoY1JPWXJVMVhpL3k0TGE5LzRLbFdod3dSNjJlNVVIY0N4cUYvTnZnbDJFClRlOGY0Vm4ycXZYTUQwUGdNMmF2OVVvSWlYUk9pRlF0NVV2R0pKRE9vVTBybjNodWRickNKcXh0MGltT2gyaHEKVGNBcEgxdTd4T0JnTytLY2EyNjRSdldKZURxZ3ZXd0l3clE2dll3T0UrQ2xjS3Z4SjlHeFFmUCt3QTZqYkNpdgpwNXIxUEZhRWdXWCtYZnVUL2pYRXBuRGxoZjZOd2lMRXVZZDBJUFc2eDBBbW1lbE1EMmxpTElLY0RSaS9RcnozCjVhckJsQWlYWlVRdGZGTXVRS1ZzOXlKZG14VUhYWXBtWGNSSmtBZmpKeGZicFpFQzlaQzBzdmdid1VQODRiRWYKOUtLYTk3MG9RaiszRENKY0QvMFVlaUN2S3ZXT3NqZFFsYnRmWnBSL0FCNXFMOW5STnhpaGh0WGwwT3RBbFJ2NApiWVNyZ2gzM3BLek1nMkNSamlhY1NoMzVMNVFxZGxWcHE0ZkgzdlVtWG5LQ0lWMXlrcnlxSFlFUEx6dHdCajJDClVsQmVuQXdvMFM4RjNDUWpIOW4zWnEzeHVMSlNCMkMwVUxhR2JlNXZPdno0cTFHZWkvU2IzTDJMTTRiQXdNWWsKU3NhT211ZWhOQUF1REhLd2lIK2hVUmV3aGN5Mjh6YWN0dXNkblB4OXJCajJ3bXp2Q2lWcnhsOHcwQnZablRRVgpQOW10aEtOK1g5bGVrK2VmVnBQaWV0c2dGMTJZeDQ2M2tUM3VKelJyM2QyRDk1MWhVbXJyNHhsZXF0Z1hBUkwrCk9pRFNYbmFhV2QwVWtkWjlGUHFOOHlsbU5JQUZ0S3NFd2V1SFpKb1BCeW9XZTlSZjZHeDROS0VHdGRVYjZvbkYKdUNQYThTNEpXNERYRTdaVHFlNkpmbXFFMmpiTTVHT1U5Tmp3b01YaDFsbVlwcEY4Wk02QXhWSjNxaUlnc0hFQwo5RTU5RnFrM05nYmhSUXBRZGZHR0VMUU80TVhuSVFTYk50KzVGZ1FIalZDRG1YY0VDVDBGcXNteXk4MmFYRDR2CjJvV0xlY2h1YklwYUdOa0M0SE9lMVU2QTZHTWt4Vzc0RjdObXh1c2lTQ1R4UFl0UTZMZVpLMDRCcDVpQmg2bUYKQXdFWGRXb05RQ1lBeTE1VW40TFZBQzlNaElmRy9tU3BHRjl3bjRobVVCRVNVRlpKbU1SY1FteGJyYXk2aVZsSAp6NGVKRzk5Qlk2bzgxaEpHZUNuS1YzNGRrckgxdVNGR1dwNWRicVdCNzl6MGUwWmpQZWczR2lUREpvcTBwdz09Cj00clFQCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K -users: -- githubUsername: kkatare -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/test/OWNERS b/charts/partners/redhat-sp/test/OWNERS deleted file mode 100644 index 17f7d09c43..0000000000 --- a/charts/partners/redhat-sp/test/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/test45/OWNERS b/charts/partners/redhat-sp/test45/OWNERS deleted file mode 100644 index 68c9d4333d..0000000000 --- a/charts/partners/redhat-sp/test45/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test45 - shortDescription: null -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-sp/testchart-prod/OWNERS b/charts/partners/redhat-sp/testchart-prod/OWNERS deleted file mode 100644 index 8a3cd2d641..0000000000 --- a/charts/partners/redhat-sp/testchart-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testchart-prod - shortDescription: Short Description -publicPgpKey: null -users: -- githubUsername: diwanshi -vendor: - label: redhat-sp - name: Red Hat INC diff --git a/charts/partners/redhat-test/1946/OWNERS b/charts/partners/redhat-test/1946/OWNERS deleted file mode 100644 index 0292b31341..0000000000 --- a/charts/partners/redhat-test/1946/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: '1946' - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/3e4r5/OWNERS b/charts/partners/redhat-test/3e4r5/OWNERS deleted file mode 100644 index 5bf481abbc..0000000000 --- a/charts/partners/redhat-test/3e4r5/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: 3e4r5 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/chart1/OWNERS b/charts/partners/redhat-test/chart1/OWNERS deleted file mode 100644 index 15cd88c5f8..0000000000 --- a/charts/partners/redhat-test/chart1/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chart1 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/chart4-11/OWNERS b/charts/partners/redhat-test/chart4-11/OWNERS deleted file mode 100644 index 21bbb302ed..0000000000 --- a/charts/partners/redhat-test/chart4-11/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: chart4-11 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: testuser -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/chartnor/OWNERS b/charts/partners/redhat-test/chartnor/OWNERS deleted file mode 100644 index 7f31976e5f..0000000000 --- a/charts/partners/redhat-test/chartnor/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chartnor - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/.helmignore b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/.helmignore deleted file mode 100644 index 4007e24350..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/.helmignore +++ /dev/null @@ -1,28 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.terraform/ -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -# CI and test -.circleci/ -.github/ -.gitlab-ci.yml -test/ diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CHANGELOG.md deleted file mode 100644 index 45d7168d52..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CHANGELOG.md +++ /dev/null @@ -1,417 +0,0 @@ -## Unreleased - -## 0.21.0 (August 10th, 2022) - -CHANGES: -* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771) -* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) -* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) -* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) - -Features: -* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) -* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) -* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) - -## 0.20.1 (May 25th, 2022) -CHANGES: -* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739) - -Improvements: -* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736) - -Bugs: -* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737) - -## 0.20.0 (May 16th, 2022) - -CHANGES: -* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703) -* Vault default image to 1.10.3 -* CSI provider default image to 1.1.0 -* Vault K8s default image to 0.16.0 -* Earliest Kubernetes version tested is now 1.16 -* Helm 3.6+ now required - -Features: -* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652) - -Improvements: -* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) -* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) -* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) -* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) -* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694) -* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684) -* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692) - -## 0.19.0 (January 20th, 2022) - -CHANGES: -* Vault image default 1.9.2 -* Vault K8s image default 0.14.2 - -Features: -* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653) -* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659) -* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661) -* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670) - -Improvements: -* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) -* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) -* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686) - -## 0.18.0 (November 17th, 2021) - -CHANGES: -* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649) -* Vault image default 1.9.0 -* Vault K8s image default 0.14.1 - -Improvements: -* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621) - -## 0.17.1 (October 25th, 2021) - -Improvements: - * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634) - -## 0.17.0 (October 21st, 2021) - -KNOWN ISSUES: -* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set - -CHANGES: -* Vault image default 1.8.4 -* Vault K8s image default 0.14.0 - -Improvements: -* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590) -* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626) -* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630) - -Bugs: -* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628) - -## 0.16.1 (September 29th, 2021) - -CHANGES: -* Vault image default 1.8.3 -* Vault K8s image default 0.13.1 - -## 0.16.0 (September 16th, 2021) - -CHANGES: -* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`. - -Improvements: - * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603) - * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607) - -## 0.15.0 (August 23rd, 2021) - -Improvements: -* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572) -* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584) - -## 0.14.0 (July 28th, 2021) - -Features: -* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560) - -Improvements: -* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565) -* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567) -* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570) -* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576) - - -## 0.13.0 (June 17th, 2021) - -Improvements: -* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531) -* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547) -* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549) - -Bugs: -* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537) -* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535) -* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545) - -## 0.12.0 (May 25th, 2021) - -Features: -* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526) - -Improvements: -* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510) -* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513) -* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521) -* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437) - -Bugs: -* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519) - -## 0.11.0 (April 14th, 2021) - -Features: -* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486) -* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471) -* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489) -* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493) -* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460) -* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488) - -Improvements: -* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495) - -Bugs: -* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486) - -## 0.10.0 (March 25th, 2021) - -Features: -* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461) - -Improvements: -* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456) - -## 0.9.1 (February 2nd, 2021) - -Bugs: -* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442) -* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446) - -## 0.9.0 (January 5th, 2021) - -Features: -* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436) -* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436) - -Improvements: -* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421) -* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415) -* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395) -* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408) -* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425) -* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428) -* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429) -* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389) - -## 0.8.0 (October 20th, 2020) - -Improvements: -* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381) -* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387) -* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393) -* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394) -* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400) -* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398) -* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392) - -Bugs: -* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378) - -## 0.7.0 (August 24th, 2020) - -Features: -* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314). -* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372) - -Improvements: -* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321) -* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177) -* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290) -* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363) -* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199) -* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367) -* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371) -* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364) -* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285) - -Bugs: -* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337) -* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352) -* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358) - -## 0.6.0 (June 3rd, 2020) - -Features: -* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258) -* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315) -* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319) - -Improvements: -* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213) -* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)] -* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)] -* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)] -* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)] -* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)] -* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)] -* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317) - -Bugs: -* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)] -* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)] -* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)] -* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)] -* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298) - -## 0.5.0 (April 9th, 2020) - -Features: - -* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)] -* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] -* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)] - -* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)] -* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)] -* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)] -* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)] -* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)] - -## 0.4.0 (February 21st, 2020) - -Improvements: - -* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)] -* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)] -* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)] -* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)] -* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)] - -Bugs: - -* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)] - -## 0.3.3 (January 14th, 2020) - -Security: - -* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175) - -Bugs: - -* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files - -## 0.3.2 (January 8th, 2020) - -Bugs: - -* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35] - -## 0.3.1 (January 2nd, 2020) - -Bugs: - -* Fixed injection bug causing kube-system pods to be rejected [VK8S-14] - -## 0.3.0 (December 19th, 2019) - -Features: - -* Extra containers can now be added to the Vault pods -* Added configurability of pod probes -* Added Vault Agent Injector - -Improvements: - -* Moved `global.image` to `server.image` -* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true` -* Added better HTTP/HTTPS scheme support to http probes -* Added configurable node port for Vault service -* `server.authDelegator` is now enabled by default - -Bugs: - -* Fixed upgrade bug by removing chart label which contained the version -* Fixed typo on `serviceAccount` (was `serviceaccount`) -* Fixed readiness/liveliness HTTP probe default to accept standbys - -## 0.2.1 (November 12th, 2019) - -Bugs: - -* Removed `readOnlyRootFilesystem` causing issues when validating deployments - -## 0.2.0 (October 29th, 2019) - -Features: - -* Added load balancer support -* Added ingress support -* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc) -* Removed root requirements, now runs as Vault user - -Improvements: - -* Added namespace value to all rendered objects -* Made ports configurable in services -* Added the ability to add custom annotations to services -* Added docker image for running bats test in CircleCI -* Removed restrictions around `dev` mode such as annotations -* `readOnlyRootFilesystem` is now configurable -* Image Pull Policy is now configurable - -Bugs: - -* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption) -* Fixed bug where audit storage was not being mounted in HA mode -* Fixed bug where Vault pod wasn't receiving SIGTERM signals - - -## 0.1.2 (August 22nd, 2019) - -Features: - -* Added `extraSecretEnvironmentVars` to allow users to mount secrets as - environment variables -* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS - depending on the value -* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` - to "NodePort" - -Improvements: - -* Changed UI port to 8200 for better HTTP protocol support -* Added `path` to `extraVolumes` to define where the volume should be - mounted. Defaults to `/vault/userconfig` -* Upgraded Vault to 1.2.2 - -Bugs: - -* Fixed bug where upgrade would fail because immutable labels were being - changed (Helm Version label) -* Fixed bug where UI service used wrong selector after updating helm labels -* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks - Consul is the active node -* Removed `step-down` preStop since it requires authentication. Shutdown signal - sent by Kube acts similar to `step-down` - - -## 0.1.1 (August 7th, 2019) - -Features: - -* Added `authDelegator` Cluster Role Binding to Vault service account for - bootstrapping Kube auth method - -Improvements: - -* Added `server.service.clusterIP` to `values.yml` so users can toggle - the Vault service to headless by using the value `None`. -* Upgraded Vault to 1.2.1 - -## 0.1.0 (August 6th, 2019) - -Initial release diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CONTRIBUTING.md deleted file mode 100644 index ad31ac92d1..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/CONTRIBUTING.md +++ /dev/null @@ -1,247 +0,0 @@ -# Contributing to Vault Helm - -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. - -**First:** if you're unsure or afraid of _anything_, just ask or submit the -issue or pull request anyways. You won't be yelled at for giving it your best -effort. The worst that can happen is that you'll be politely asked to change -something. We appreciate any sort of contributions, and don't want a wall of -rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. - -This document will cover what we're looking for in terms of reporting issues. -By addressing all the points we're looking for, it raises the chances we can -quickly merge or address your contributions. - -[1]: https://discuss.hashicorp.com/c/vault - -## Issues - -### Reporting an Issue - -* Make sure you test against the latest released version. It is possible - we already fixed the bug you're experiencing. Even better is if you can test - against `main`, as bugs are fixed regularly but new versions are only - released every few months. - -* Provide steps to reproduce the issue, and if possible include the expected - results as well as the actual results. Please provide text, not screen shots! - -* Respond as promptly as possible to any questions made by the Vault - team to your issue. Stale issues will be closed periodically. - -### Issue Lifecycle - -1. The issue is reported. - -2. The issue is verified and categorized by a Vault Helm collaborator. - Categorization is done via tags. For example, bugs are marked as "bugs". - -3. Unless it is critical, the issue may be left for a period of time (sometimes - many weeks), giving outside contributors -- maybe you!? -- a chance to - address the issue. - -4. The issue is addressed in a pull request or commit. The issue will be - referenced in the commit message so that the code that fixes it is clearly - linked. - -5. The issue is closed. Sometimes, valid issues will be closed to keep - the issue tracker clean. The issue is still indexed and available for - future viewers, or can be re-opened if necessary. - -## Testing - -The Helm chart ships with both unit and acceptance tests. - -The unit tests don't require any active Kubernetes cluster and complete -very quickly. These should be used for fast feedback during development. -The acceptance tests require a Kubernetes cluster with a configured `kubectl`. - -### Test Using Docker Container - -The following are the instructions for running bats tests using a Docker container. - -#### Prerequisites - -* Docker installed -* `vault-helm` checked out locally - -#### Test - -**Note:** the following commands should be run from the `vault-helm` directory. - -First, build the Docker image for running the tests: - -```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test -``` -Next, execute the tests with the following commands: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -``` -It's possible to only run specific bats tests using regular expressions. -For example, the following will run only tests with "injector" in the name: -```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" -``` - -### Test Manually -The following are the instructions for running bats tests on your workstation. -#### Prerequisites -* [Bats](https://github.com/bats-core/bats-core) - ```bash - brew install bats-core - ``` -* [yq](https://pypi.org/project/yq/) - ```bash - brew install python-yq - ``` -* [helm](https://helm.sh) - ```bash - brew install kubernetes-helm - ``` - -#### Test - -To run the unit tests: - - bats ./test/unit - -To run the acceptance tests: - - bats ./test/acceptance - -If the acceptance tests fail, deployed resources in the Kubernetes cluster -may not be properly cleaned up. We recommend recycling the Kubernetes cluster to -start from a clean slate. - -**Note:** There is a Terraform configuration in the -[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory -that can be used to quickly bring up a GKE cluster and configure -`kubectl` and `helm` locally. This can be used to quickly spin up a test -cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes -cluster. - -### Writing Unit Tests - -Changes to the Helm chart should be accompanied by appropriate unit tests. - -#### Formatting - -- Put tests in the test file in the same order as the variables appear in the `values.yaml`. -- Start tests for a chart value with a header that says what is being tested, like this: - ``` - #-------------------------------------------------------------------- - # annotations - ``` - -- Name the test based on what it's testing in the following format (this will be its first line): - ``` - @test "
: " { - ``` - - When adding tests to an existing file, the first section will be the same as the other tests in the file. - -#### Test Details - -[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way. -In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output. -In this way, we're able to test that the various conditionals in the templates render as we would expect. - -Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well. -The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/). -`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length). -The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match. - -The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of `helm template` piped to `yq`. - -The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`. - -#### Test Examples - -Here are some examples of common test patterns: - -- Check that a value is disabled by default - - ``` - @test "ui/Service: no type by default" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "null" ] - } - ``` - - In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`. - This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`. - - -- Check that a template value is rendered to a specific value - ``` - @test "ui/Service: specified type" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/ui-service.yaml \ - --set 'ui.serviceType=LoadBalancer' \ - . | tee /dev/stderr | - yq -r '.spec.type' | tee /dev/stderr) - [ "${actual}" = "LoadBalancer" ] - } - ``` - - This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value. - -- Check that a template value contains several values - ``` - @test "server/standalone-StatefulSet: custom resources" { - cd `chart_dir` - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.requests.memory=256Mi' \ - --set 'server.resources.requests.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - - local actual=$(helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'server.standalone.enabled=true' \ - --set 'server.resources.limits.memory=256Mi' \ - --set 'server.resources.limits.cpu=250m' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr) - [ "${actual}" = "256Mi" ] - ``` - - *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work. - -- Check that an entire template file is not rendered - ``` - @test "syncCatalog/Deployment: disabled by default" { - cd `chart_dir` - local actual=$( (helm template \ - --show-only templates/server-statefulset.yaml \ - --set 'global.enabled=false' \ - . || echo "---") | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] - } - ``` - Here we are check the length of the command output to see if the anything is rendered. - This style can easily be switched to check that a file is rendered instead. - -## Contributor License Agreement - -We require that all contributors sign our Contributor License Agreement ("CLA") -before we can accept the contribution. - -[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla) diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Chart.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Chart.yaml deleted file mode 100644 index 7071546aa1..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -appVersion: 1.11.2 -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: -- vault -- security -- encryption -- secrets -- management -- automation -- infrastructure -kubeVersion: '>= 1.16.0-0' -name: chartprodhelm -sources: -- https://github.com/hashicorp/vault -- https://github.com/hashicorp/vault-helm -- https://github.com/hashicorp/vault-k8s -- https://github.com/hashicorp/vault-csi-provider -version: 0.21.0 -annotations: - charts.openshift.io/name: chartprodhelm \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/LICENSE.md b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/LICENSE.md deleted file mode 100644 index 82b4de97c7..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/LICENSE.md +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Makefile b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Makefile deleted file mode 100644 index 49799e919d..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/Makefile +++ /dev/null @@ -1,101 +0,0 @@ -TEST_IMAGE?=vault-helm-test -GOOGLE_CREDENTIALS?=vault-helm-test.json -CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 -# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats -ACCEPTANCE_TESTS?=acceptance - -# filter bats unit tests to run. -UNIT_TESTS_FILTER?='.*' - -# set to 'true' to run acceptance tests locally in a kind cluster -LOCAL_ACCEPTANCE_TESTS?=false - -# kind cluster name -KIND_CLUSTER_NAME?=vault-helm - -# kind k8s version -KIND_K8S_VERSION?=v1.24.1 - -# Generate json schema for chart values. See test/README.md for more details. -values-schema: - helm schema-gen values.yaml > values.schema.json - -test-image: - @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) - -test-unit: - @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit - -test-bats: test-unit test-acceptance - -test: test-image test-bats - -# run acceptance tests on GKE -# set google project/credential vars above -test-acceptance: -ifeq ($(LOCAL_ACCEPTANCE_TESTS),true) - make setup-kind acceptance -else - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make acceptance -endif - -# destroy GKE cluster using terraform -test-destroy: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -w /helm-test \ - $(TEST_IMAGE) \ - make destroy-cluster - -# provision GKE cluster using terraform -test-provision: - @docker run -it -v ${PWD}:/helm-test \ - -e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \ - -e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \ - -e KUBECONFIG=/helm-test/.kube/config \ - -w /helm-test \ - $(TEST_IMAGE) \ - make provision-cluster - -# this target is for running the acceptance tests -# it is run in the docker container above when the test-acceptance target is invoked -acceptance: -ifneq ($(LOCAL_ACCEPTANCE_TESTS),true) - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} -endif - bats test/${ACCEPTANCE_TESTS} - -# this target is for provisioning the GKE cluster -# it is run in the docker container above when the test-provision target is invoked -provision-cluster: - gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS} - terraform init test/terraform - terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform - -# this target is for removing the GKE cluster -# it is run in the docker container above when the test-destroy target is invoked -destroy-cluster: - terraform destroy -auto-approve - -# create a kind cluster for running the acceptance tests locally -setup-kind: - kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \ - kind create cluster \ - --image kindest/node:${KIND_K8S_VERSION} \ - --name ${KIND_CLUSTER_NAME} \ - --config $(CURDIR)/test/kind/config.yaml - kubectl config use-context kind-${KIND_CLUSTER_NAME} - -# delete the kind cluster -delete-kind: - kind delete cluster --name ${KIND_CLUSTER_NAME} || : - -.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/README.md b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/README.md deleted file mode 100644 index c9971ff41b..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Vault Helm Chart - -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). - -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. - -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - - * **Helm 3.6+** - * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested. - It is possible that this chart works with earlier versions but it is - untested. - -## Usage - -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: - -```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories - -$ helm install vault hashicorp/vault -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more -detailed installation instructions. diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/NOTES.txt deleted file mode 100644 index 8e267121c8..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing HashiCorp Vault! - -Now that you have deployed Vault, you should look over the docs on using -Vault with Kubernetes available here: - -https://www.vaultproject.io/docs/ - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/_helpers.tpl deleted file mode 100644 index 38973910ad..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,953 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "vault.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vault.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "vault.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compute if the csi driver is enabled. -*/}} -{{- define "vault.csiEnabled" -}} -{{- $_ := set . "csiEnabled" (or - (eq (.Values.csi.enabled | toString) "true") - (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the injector is enabled. -*/}} -{{- define "vault.injectorEnabled" -}} -{{- $_ := set . "injectorEnabled" (or - (eq (.Values.injector.enabled | toString) "true") - (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server is enabled. -*/}} -{{- define "vault.serverEnabled" -}} -{{- $_ := set . "serverEnabled" (or - (eq (.Values.server.enabled | toString) "true") - (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverServiceAccountEnabled" -}} -{{- $_ := set . "serverServiceAccountEnabled" - (and - (eq (.Values.server.serviceAccount.create | toString) "true" ) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server auth delegator serviceaccount is enabled. -*/}} -{{- define "vault.serverAuthDelegator" -}} -{{- $_ := set . "serverAuthDelegator" - (and - (eq (.Values.server.authDelegator.enabled | toString) "true" ) - (or (eq (.Values.server.serviceAccount.create | toString) "true") - (not (eq .Values.server.serviceAccount.name ""))) - (or - (eq (.Values.server.enabled | toString) "true") - (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute if the server service is enabled. -*/}} -{{- define "vault.serverServiceEnabled" -}} -{{- template "vault.serverEnabled" . -}} -{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}} -{{- end -}} - -{{/* -Compute if the ui is enabled. -*/}} -{{- define "vault.uiEnabled" -}} -{{- $_ := set . "uiEnabled" (or - (eq (.Values.ui.enabled | toString) "true") - (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}} -{{- end -}} - -{{/* -Compute the maximum number of unavailable replicas for the PodDisruptionBudget. -This defaults to (n/2)-1 where n is the number of members of the server cluster. -Add a special case for replicas=1, where it should default to 0 as well. -*/}} -{{- define "vault.pdb.maxUnavailable" -}} -{{- if eq (int .Values.server.ha.replicas) 1 -}} -{{ 0 }} -{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{ .Values.server.ha.disruptionBudget.maxUnavailable -}} -{{- else -}} -{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Set the variable 'mode' to the server mode requested by the user to simplify -template logic. -*/}} -{{- define "vault.mode" -}} - {{- template "vault.serverEnabled" . -}} - {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}} - {{- $_ := set . "mode" "external" -}} - {{- else if not .serverEnabled -}} - {{- $_ := set . "mode" "external" -}} - {{- else if eq (.Values.server.dev.enabled | toString) "true" -}} - {{- $_ := set . "mode" "dev" -}} - {{- else if eq (.Values.server.ha.enabled | toString) "true" -}} - {{- $_ := set . "mode" "ha" -}} - {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}} - {{- $_ := set . "mode" "standalone" -}} - {{- else -}} - {{- $_ := set . "mode" "" -}} - {{- end -}} -{{- end -}} - -{{/* -Set's the replica count based on the different modes configured by user -*/}} -{{- define "vault.replicas" -}} - {{ if eq .mode "standalone" }} - {{- default 1 -}} - {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} - {{ else }} - {{- default 1 -}} - {{ end }} -{{- end -}} - -{{/* -Set's up configmap mounts if this isn't a dev deployment and the user -defined a custom configuration. Additionally iterates over any -extra volumes the user may have specified (such as a secret with TLS). -*/}} -{{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - configMap: - name: {{ template "vault.fullname" . }}-config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - defaultMode: {{ .defaultMode | default 420 }} - {{- end }} - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 8}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} -{{- end -}} - -{{/* -Set's the args for custom command to render the Vault configuration -file with IP addresses to make the out of box experience easier -for users looking to use this chart with Consul Helm. -*/}} -{{- define "vault.args" -}} - {{ if or (eq .mode "standalone") (eq .mode "ha") }} - - | - cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl; - [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl; - [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl; - [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl; - [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl; - /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }} - {{ else if eq .mode "dev" }} - - | - /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }} - {{ end }} -{{- end -}} - -{{/* -Set's additional environment variables based on the mode. -*/}} -{{- define "vault.envs" -}} - {{ if eq .mode "dev" }} - - name: VAULT_DEV_ROOT_TOKEN_ID - value: {{ .Values.server.dev.devRootToken }} - - name: VAULT_DEV_LISTEN_ADDRESS - value: "[::]:8200" - {{ end }} -{{- end -}} - -{{/* -Set's which additional volumes should be mounted to the container -based on the mode configured. -*/}} -{{- define "vault.mounts" -}} - {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - name: audit - mountPath: {{ .Values.server.auditStorage.mountPath }} - {{ end }} - {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true")) }} - {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - name: data - mountPath: {{ .Values.server.dataStorage.mountPath }} - {{ end }} - {{ end }} - {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - - name: config - mountPath: /vault/config - {{ end }} - {{- range .Values.server.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }} - {{- end }} - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 12}} - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} -{{- end -}} - -{{/* -Set's up the volumeClaimTemplates when data or audit storage is required. HA -might not use data storage since Consul is likely it's backend, however, audit -storage might be desired by the user. -*/}} -{{- define "vault.volumeclaims" -}} - {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }} - volumeClaimTemplates: - {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }} - - metadata: - name: data - {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.dataStorage.size }} - {{- if .Values.server.dataStorage.storageClass }} - storageClassName: {{ .Values.server.dataStorage.storageClass }} - {{- end }} - {{ end }} - {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }} - - metadata: - name: audit - {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} - spec: - accessModes: - - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} - resources: - requests: - storage: {{ .Values.server.auditStorage.size }} - {{- if .Values.server.auditStorage.storageClass }} - storageClassName: {{ .Values.server.auditStorage.storageClass }} - {{- end }} - {{ end }} - {{ end }} -{{- end -}} - -{{/* -Set's the affinity for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.affinity" -}} - {{- if and (ne .mode "dev") .Values.server.affinity }} - affinity: - {{ $tp := typeOf .Values.server.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the injector affinity for pod placement -*/}} -{{- define "injector.affinity" -}} - {{- if .Values.injector.affinity }} - affinity: - {{ $tp := typeOf .Values.injector.affinity }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.affinity . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.affinity | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the topologySpreadConstraints when running in standalone and HA modes. -*/}} -{{- define "vault.topologySpreadConstraints" -}} - {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.server.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - - -{{/* -Sets the injector topologySpreadConstraints for pod placement -*/}} -{{- define "injector.topologySpreadConstraints" -}} - {{- if .Values.injector.topologySpreadConstraints }} - topologySpreadConstraints: - {{ $tp := typeOf .Values.injector.topologySpreadConstraints }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{ end }} -{{- end -}} - -{{/* -Sets the toleration for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.tolerations" -}} - {{- if and (ne .mode "dev") .Values.server.tolerations }} - tolerations: - {{- $tp := typeOf .Values.server.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "injector.tolerations" -}} - {{- if .Values.injector.tolerations }} - tolerations: - {{- $tp := typeOf .Values.injector.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the node selector for pod placement when running in standalone and HA modes. -*/}} -{{- define "vault.nodeselector" -}} - {{- if and (ne .mode "dev") .Values.server.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.server.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector node selector for pod placement -*/}} -{{- define "injector.nodeselector" -}} - {{- if .Values.injector.nodeSelector }} - nodeSelector: - {{- $tp := typeOf .Values.injector.nodeSelector }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.injector.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets the injector deployment update strategy -*/}} -{{- define "injector.strategy" -}} - {{- if .Values.injector.strategy }} - strategy: - {{- $tp := typeOf .Values.injector.strategy }} - {{- if eq $tp "string" }} - {{ tpl .Values.injector.strategy . | nindent 4 | trim }} - {{- else }} - {{- toYaml .Values.injector.strategy | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra pod annotations -*/}} -{{- define "vault.annotations" -}} - {{- if .Values.server.annotations }} - annotations: - {{- $tp := typeOf .Values.server.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector pod annotations -*/}} -{{- define "injector.annotations" -}} - {{- if .Values.injector.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector service annotations -*/}} -{{- define "injector.service.annotations" -}} - {{- if .Values.injector.service.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector pod level. -*/}} -{{- define "injector.securityContext.pod" -}} - {{- if .Values.injector.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.injector.gid | default 1000 }} - runAsUser: {{ .Values.injector.uid | default 100 }} - fsGroup: {{ .Values.injector.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the injector container level. -*/}} -{{- define "injector.securityContext.container" -}} - {{- if .Values.injector.securityContext.container}} - securityContext: - {{- $tp := typeOf .Values.injector.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.injector.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset pod template. -*/}} -{{- define "server.statefulSet.securityContext.pod" -}} - {{- if .Values.server.statefulSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - runAsNonRoot: true - runAsGroup: {{ .Values.server.gid | default 1000 }} - runAsUser: {{ .Values.server.uid | default 100 }} - fsGroup: {{ .Values.server.gid | default 1000 }} - {{- end }} -{{- end -}} - -{{/* -securityContext for the statefulset vault container -*/}} -{{- define "server.statefulSet.securityContext.container" -}} - {{- if .Values.server.statefulSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }} - {{- end }} - {{- else if not .Values.global.openshift }} - securityContext: - allowPrivilegeEscalation: false - {{- end }} -{{- end -}} - - -{{/* -Sets extra injector service account annotations -*/}} -{{- define "injector.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.injector.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra injector webhook annotations -*/}} -{{- define "injector.webhookAnnotations" -}} - {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations) }} - annotations: - {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }} - {{- if eq $tp "string" }} - {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }} - {{- else }} - {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the injector webhook objectSelector -*/}} -{{- define "injector.objectSelector" -}} - {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}} - {{ if $v }} - objectSelector: - {{- $tp := typeOf $v -}} - {{ if eq $tp "string" }} - {{ tpl $v . | indent 6 | trim }} - {{ else }} - {{ toYaml $v | indent 6 | trim }} - {{ end }} - {{ end }} -{{ end }} - -{{/* -Sets extra ui service annotations -*/}} -{{- define "vault.ui.annotations" -}} - {{- if .Values.ui.annotations }} - annotations: - {{- $tp := typeOf .Values.ui.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.ui.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.ui.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "vault.serviceAccount.name" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Sets extra service account annotations -*/}} -{{- define "vault.serviceAccount.annotations" -}} - {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.server.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra ingress annotations -*/}} -{{- define "vault.ingress.annotations" -}} - {{- if .Values.server.ingress.annotations }} - annotations: - {{- $tp := typeOf .Values.server.ingress.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.ingress.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.ingress.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra route annotations -*/}} -{{- define "vault.route.annotations" -}} - {{- if .Values.server.route.annotations }} - annotations: - {{- $tp := typeOf .Values.server.route.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.route.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.route.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra vault server Service annotations -*/}} -{{- define "vault.service.annotations" -}} - {{- if .Values.server.service.annotations }} - {{- $tp := typeOf .Values.server.service.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.service.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.service.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets PodSecurityPolicy annotations -*/}} -{{- define "vault.psp.annotations" -}} - {{- if .Values.global.psp.annotations }} - annotations: - {{- $tp := typeOf .Values.global.psp.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.global.psp.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.global.psp.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra statefulset annotations -*/}} -{{- define "vault.statefulSet.annotations" -}} - {{- if .Values.server.statefulSet.annotations }} - annotations: - {{- $tp := typeOf .Values.server.statefulSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for data volume -*/}} -{{- define "vault.dataVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.dataStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets VolumeClaim annotations for audit volume -*/}} -{{- define "vault.auditVolumeClaim.annotations" -}} - {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }} - annotations: - {{- $tp := typeOf .Values.server.auditStorage.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Set's the container resources if the user has set any. -*/}} -{{- define "vault.resources" -}} - {{- if .Values.server.resources -}} - resources: -{{ toYaml .Values.server.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "injector.resources" -}} - {{- if .Values.injector.resources -}} - resources: -{{ toYaml .Values.injector.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets the container resources if the user has set any. -*/}} -{{- define "csi.resources" -}} - {{- if .Values.csi.resources -}} - resources: -{{ toYaml .Values.csi.resources | indent 12}} - {{ end }} -{{- end -}} - -{{/* -Sets extra CSI daemonset annotations -*/}} -{{- define "csi.daemonSet.annotations" -}} - {{- if .Values.csi.daemonSet.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.daemonSet.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for pod template -*/}} -{{- define "csi.daemonSet.securityContext.pod" -}} - {{- if .Values.csi.daemonSet.securityContext.pod }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets CSI daemonset securityContext for container -*/}} -{{- define "csi.daemonSet.securityContext.container" -}} - {{- if .Values.csi.daemonSet.securityContext.container }} - securityContext: - {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }} - {{- else }} - {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }} - {{- end }} - {{- end }} -{{- end -}} - - -{{/* -Sets the injector toleration for pod placement -*/}} -{{- define "csi.pod.tolerations" -}} - {{- if .Values.csi.pod.tolerations }} - tolerations: - {{- $tp := typeOf .Values.csi.pod.tolerations }} - {{- if eq $tp "string" }} - {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} - {{- else }} - {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI provider pod annotations -*/}} -{{- define "csi.pod.annotations" -}} - {{- if .Values.csi.pod.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.pod.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.pod.annotations . | nindent 8 }} - {{- else }} - {{- toYaml .Values.csi.pod.annotations | nindent 8 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Sets extra CSI service account annotations -*/}} -{{- define "csi.serviceAccount.annotations" -}} - {{- if .Values.csi.serviceAccount.annotations }} - annotations: - {{- $tp := typeOf .Values.csi.serviceAccount.annotations }} - {{- if eq $tp "string" }} - {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }} - {{- else }} - {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "vault.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ printf "%s" $key | replace "." "_" | upper | quote }} - value: {{ $value | quote }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Inject extra environment populated by secrets, if populated -*/}} -{{- define "vault.extraSecretEnvironmentVars" -}} -{{- if .extraSecretEnvironmentVars -}} -{{- range .extraSecretEnvironmentVars }} -- name: {{ .envName }} - valueFrom: - secretKeyRef: - name: {{ .secretName }} - key: {{ .secretKey }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Scheme for health check and local endpoint */}} -{{- define "vault.scheme" -}} -{{- if .Values.global.tlsDisable -}} -{{ "http" }} -{{- else -}} -{{ "https" }} -{{- end -}} -{{- end -}} - -{{/* -imagePullSecrets generates pull secrets from either string or map values. -A map value must be indexable by the key 'name'. -*/}} -{{- define "imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets -}} -imagePullSecrets: -{{- range . -}} -{{- if typeIs "string" . }} - - name: {{ . }} -{{- else if index . "name" }} - - name: {{ .name }} -{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable. -Supported inputs are Values.server.service and Values.ui -*/}} -{{- define "service.externalTrafficPolicy" -}} -{{- $type := "" -}} -{{- if .serviceType -}} -{{- $type = .serviceType -}} -{{- else if .type -}} -{{- $type = .type -}} -{{- end -}} -{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }} - externalTrafficPolicy: {{ .externalTrafficPolicy }} -{{- else }} -{{- end }} -{{- end -}} - -{{/* -loadBalancer configuration for the the UI service. -Supported inputs are Values.ui -*/}} -{{- define "service.loadBalancer" -}} -{{- if eq (.serviceType | toString) "LoadBalancer" }} -{{- if .loadBalancerIP }} - loadBalancerIP: {{ .loadBalancerIP }} -{{- end }} -{{- with .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{- range . }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end }} -{{- end -}} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrole.yaml deleted file mode 100644 index ec6a3d2b9f..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml deleted file mode 100644 index d5b62a5f09..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-csi-provider-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-daemonset.yaml deleted file mode 100644 index d131aac5f5..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-daemonset.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.daemonSet.extraLabels -}} - {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.daemonSet.annotations" . }} -spec: - updateStrategy: - type: {{ .Values.csi.daemonSet.updateStrategy.type }} - {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - rollingUpdate: - maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.csi.pod.extraLabels -}} - {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "csi.pod.annotations" . }} - spec: - {{ template "csi.daemonSet.securityContext.pod" . }} - {{- if .Values.csi.priorityClassName }} - priorityClassName: {{ .Values.csi.priorityClassName }} - {{- end }} - serviceAccountName: {{ template "vault.fullname" . }}-csi-provider - {{- template "csi.pod.tolerations" . }} - containers: - - name: {{ include "vault.name" . }}-csi-provider - {{ template "csi.resources" . }} - {{ template "csi.daemonSet.securityContext.container" . }} - image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}" - imagePullPolicy: {{ .Values.csi.image.pullPolicy }} - args: - - --endpoint=/provider/vault.sock - - --debug={{ .Values.csi.debug }} - {{- if .Values.csi.extraArgs }} - {{- toYaml .Values.csi.extraArgs | nindent 12 }} - {{- end }} - env: - - name: VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - volumeMounts: - - name: providervol - mountPath: "/provider" - - name: mountpoint-dir - mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - mountPropagation: HostToContainer - {{- if .Values.csi.volumeMounts }} - {{- toYaml .Values.csi.volumeMounts | nindent 12}} - {{- end }} - livenessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }} - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.csi.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} - volumes: - - name: providervol - hostPath: - path: {{ .Values.csi.daemonSet.providersDir }} - - name: mountpoint-dir - hostPath: - path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods - {{- if .Values.csi.volumes }} - {{- toYaml .Values.csi.volumes | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-serviceaccount.yaml deleted file mode 100644 index 8d6fa5329c..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/csi-serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- template "vault.csiEnabled" . -}} -{{- if .csiEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.csi.serviceAccount.extraLabels -}} - {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}} - {{- end -}} - {{ template "csi.serviceAccount.annotations" . }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-certs-secret.yaml deleted file mode 100644 index e88685b5eb..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-certs-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: v1 -kind: Secret -metadata: - name: vault-injector-certs - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrole.yaml deleted file mode 100644 index 6a0d6be1ae..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: - - "get" - - "list" - - "watch" - - "patch" -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml deleted file mode 100644 index 4c193f8a2e..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-binding - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "vault.fullname" . }}-agent-injector-clusterrole -subjects: -- kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-deployment.yaml deleted file mode 100644 index f0605599ed..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -# Deployment for the injector -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - replicas: {{ .Values.injector.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{ template "injector.strategy" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- if .Values.injector.extraLabels -}} - {{- toYaml .Values.injector.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "injector.annotations" . }} - spec: - {{ template "injector.affinity" . }} - {{ template "injector.topologySpreadConstraints" . }} - {{ template "injector.tolerations" . }} - {{ template "injector.nodeselector" . }} - {{- if .Values.injector.priorityClassName }} - priorityClassName: {{ .Values.injector.priorityClassName }} - {{- end }} - serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector" - {{ template "injector.securityContext.pod" . -}} - {{- if not .Values.global.openshift }} - hostNetwork: {{ .Values.injector.hostNetwork }} - {{- end }} - containers: - - name: sidecar-injector - {{ template "injector.resources" . }} - image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" - imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" - {{- template "injector.securityContext.container" . }} - env: - - name: AGENT_INJECT_LISTEN - value: {{ printf ":%v" .Values.injector.port }} - - name: AGENT_INJECT_LOG_LEVEL - value: {{ .Values.injector.logLevel | default "info" }} - - name: AGENT_INJECT_VAULT_ADDR - {{- if .Values.global.externalVaultAddr }} - value: "{{ .Values.global.externalVaultAddr }}" - {{- else if .Values.injector.externalVaultAddr }} - value: "{{ .Values.injector.externalVaultAddr }}" - {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- end }} - - name: AGENT_INJECT_VAULT_AUTH_PATH - value: {{ .Values.injector.authPath }} - - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" - {{- if .Values.injector.certs.secretName }} - - name: AGENT_INJECT_TLS_CERT_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" - - name: AGENT_INJECT_TLS_KEY_FILE - value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}" - {{- else }} - - name: AGENT_INJECT_TLS_AUTO - value: {{ template "vault.fullname" . }}-agent-injector-cfg - - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc - {{- end }} - - name: AGENT_INJECT_LOG_FORMAT - value: {{ .Values.injector.logFormat | default "standard" }} - - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN - value: "{{ .Values.injector.revokeOnShutdown | default false }}" - {{- if .Values.global.openshift }} - - name: AGENT_INJECT_SET_SECURITY_CONTEXT - value: "false" - {{- end }} - {{- if .Values.injector.metrics.enabled }} - - name: AGENT_INJECT_TELEMETRY_PATH - value: "/metrics" - {{- end }} - {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} - - name: AGENT_INJECT_USE_LEADER_ELECTOR - value: "true" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: AGENT_INJECT_CPU_REQUEST - value: "{{ .Values.injector.agentDefaults.cpuRequest }}" - - name: AGENT_INJECT_CPU_LIMIT - value: "{{ .Values.injector.agentDefaults.cpuLimit }}" - - name: AGENT_INJECT_MEM_REQUEST - value: "{{ .Values.injector.agentDefaults.memRequest }}" - - name: AGENT_INJECT_MEM_LIMIT - value: "{{ .Values.injector.agentDefaults.memLimit }}" - - name: AGENT_INJECT_DEFAULT_TEMPLATE - value: "{{ .Values.injector.agentDefaults.template }}" - - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" - {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }} - - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL - value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}" - {{- end }} - {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - agent-inject - - 2>&1 - livenessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: {{ .Values.injector.port }} - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 5 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.injector.certs.secretName }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true -{{- end }} -{{- if .Values.injector.certs.secretName }} - volumes: - - name: webhook-certs - secret: - secretName: "{{ .Values.injector.certs.secretName }}" -{{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-disruptionbudget.yaml deleted file mode 100644 index b44fd7300b..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-disruptionbudget.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.injector.podDisruptionBudget }} -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - component: webhook -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }} -{{- end -}} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-mutating-webhook.yaml deleted file mode 100644 index 3d3fd36786..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-mutating-webhook.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} -apiVersion: admissionregistration.k8s.io/v1 -{{- else }} -apiVersion: admissionregistration.k8s.io/v1beta1 -{{- end }} -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-cfg - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "injector.webhookAnnotations" . }} -webhooks: - - name: vault.hashicorp.com - failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }} - matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }} - sideEffects: None - timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }} - admissionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ .Values.injector.certs.caBundle | quote }} - rules: - - operations: ["CREATE", "UPDATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }} - namespaceSelector: -{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}} -{{ end }} -{{- template "injector.objectSelector" . -}} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-network-policy.yaml deleted file mode 100644 index 68892d23b2..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-network-policy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.openshift | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP -{{ end }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-role.yaml deleted file mode 100644 index 5d23c7556e..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml deleted file mode 100644 index 4f6b0a851c..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp.yaml deleted file mode 100644 index 1eee2fcd04..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if eq (.Values.global.psp.enable | toString) "true" }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-role.yaml deleted file mode 100644 index 08c8264ccb..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-role.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps"] - verbs: - - "create" - - "get" - - "watch" - - "list" - - "update" - - apiGroups: [""] - resources: ["pods"] - verbs: - - "get" - - "patch" - - "delete" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-rolebinding.yaml deleted file mode 100644 index ea0db11b94..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-service.yaml deleted file mode 100644 index 5e747d6f10..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.service.annotations" . }} -spec: - ports: - - name: https - port: 443 - targetPort: {{ .Values.injector.port }} - selector: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - component: webhook -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-serviceaccount.yaml deleted file mode 100644 index d1919b9366..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/injector-serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- template "vault.injectorEnabled" . -}} -{{- if .injectorEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "injector.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-clusterrolebinding.yaml deleted file mode 100644 index 8cdd611430..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ template "vault.serverAuthDelegator" . }} -{{- if .serverAuthDelegator -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: {{ template "vault.fullname" . }}-server-binding - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-config-configmap.yaml deleted file mode 100644 index f40c69608e..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-config-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if ne .mode "dev" -}} -{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - extraconfig-from-values.hcl: |- - {{- if or (eq .mode "ha") (eq .mode "standalone") }} - {{- $type := typeOf (index .Values.server .mode).config }} - {{- if eq $type "string" }} - disable_mlock = true - {{- if eq .mode "standalone" }} - {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }} - {{ tpl .Values.server.ha.config . | nindent 4 | trim }} - {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} - {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} - {{ end }} - {{- else }} - {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} - {{- else }} -{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-role.yaml deleted file mode 100644 index 9ca23dd4c6..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }} - name: {{ template "vault.fullname" . }}-discovery-role - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list", "update", "patch"] -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml deleted file mode 100644 index 6e22e4c2b7..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -{{- if eq .mode "ha" }} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- end }} -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "vault.fullname" . }}-discovery-role -subjects: -- kind: ServiceAccount - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-disruptionbudget.yaml deleted file mode 100644 index d940fa4dac..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-disruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" -}} -{{- if .serverEnabled -}} -{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}} -# PodDisruptionBudget to prevent degrading the server cluster through -# voluntary cluster changes. -apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }} -kind: PodDisruptionBudget -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-active-service.yaml deleted file mode 100644 index e15d40ab0b..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-active-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for active Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.activeNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "true" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-standby-service.yaml deleted file mode 100644 index e6d66af847..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ha-standby-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if eq .mode "ha" }} -# Service for standby Vault pod -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.standbyNodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - vault-active: "false" -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-headless-service.yaml deleted file mode 100644 index fffaaacbbb..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-headless-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: "{{ include "vault.scheme" . }}" - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ingress.yaml deleted file mode 100644 index c81e5f5cee..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if not .Values.global.openshift }} -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .Values.server.ingress.enabled -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -{{- $servicePort := .Values.server.service.port -}} -{{- $pathType := .Values.server.ingress.pathType -}} -{{- $kubeVersion := .Capabilities.KubeVersion.Version }} -{{ if semverCompare ">= 1.19.0-0" $kubeVersion }} -apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end }} -kind: Ingress -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.ingress.annotations" . }} -spec: -{{- if .Values.server.ingress.tls }} - tls: - {{- range .Values.server.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} -{{- if .Values.server.ingress.ingressClassName }} - ingressClassName: {{ .Values.server.ingress.ingressClassName }} -{{- end }} - rules: - {{- range .Values.server.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - {{- range (.paths | default (list "/")) }} - - path: {{ . }} - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - pathType: {{ $pathType }} - {{ end }} - backend: - {{ if semverCompare ">= 1.19.0-0" $kubeVersion }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{ else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{ end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-network-policy.yaml deleted file mode 100644 index 5f4c21a4b5..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-network-policy.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq (.Values.server.networkPolicy.enabled | toString) "true" }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP - {{- if .Values.server.networkPolicy.egress }} - egress: - {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-role.yaml deleted file mode 100644 index b8eb897e5e..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-rolebinding.yaml deleted file mode 100644 index fded9fbc62..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - kind: Role - name: {{ template "vault.fullname" . }}-psp - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "vault.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp.yaml deleted file mode 100644 index d210af3513..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ template "vault.mode" . }} -{{- if .serverEnabled -}} -{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "vault.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- template "vault.psp.annotations" . }} -spec: - privileged: false - # Required to prevent escalations to root. - allowPrivilegeEscalation: false - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }} - - persistentVolumeClaim - {{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: MustRunAsNonRoot - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: RunAsAny - supplementalGroups: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: MustRunAs - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-route.yaml deleted file mode 100644 index e122d936ba..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-route.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - {{- toYaml .Values.server.route.tls | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-service.yaml deleted file mode 100644 index 3a9b0e7e52..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.serverServiceEnabled" . -}} -{{- if .serverServiceEnabled -}} -# Service for Vault cluster -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: -{{ template "vault.service.annotations" .}} -spec: - {{- if .Values.server.service.type}} - type: {{ .Values.server.service.type }} - {{- end}} - {{- if .Values.server.service.clusterIP }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- include "service.externalTrafficPolicy" .Values.server.service }} - # We want the servers to become available even if they're not ready - # since this DNS is also used for join operations. - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.service.targetPort }} - {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - nodePort: {{ .Values.server.service.nodePort }} - {{- end }} - - name: https-internal - port: 8201 - targetPort: 8201 - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-serviceaccount.yaml deleted file mode 100644 index c0d32d190c..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ template "vault.serverServiceAccountEnabled" . }} -{{- if .serverServiceAccountEnabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ template "vault.serviceAccount.annotations" . }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-statefulset.yaml deleted file mode 100644 index afc48d695d..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/server-statefulset.yaml +++ /dev/null @@ -1,206 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if ne .mode "" }} -{{- if .serverEnabled -}} -# StatefulSet to run the actual vault server cluster. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.statefulSet.annotations" . }} -spec: - serviceName: {{ template "vault.fullname" . }}-internal - podManagementPolicy: Parallel - replicas: {{ template "vault.replicas" . }} - updateStrategy: - type: {{ .Values.server.updateStrategyType }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - template: - metadata: - labels: - helm.sh/chart: {{ template "vault.chart" . }} - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if .Values.server.extraLabels -}} - {{- toYaml .Values.server.extraLabels | nindent 8 -}} - {{- end -}} - {{ template "vault.annotations" . }} - spec: - {{ template "vault.affinity" . }} - {{ template "vault.topologySpreadConstraints" . }} - {{ template "vault.tolerations" . }} - {{ template "vault.nodeselector" . }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} - serviceAccountName: {{ template "vault.serviceAccount.name" . }} - {{ if .Values.server.shareProcessNamespace }} - shareProcessNamespace: true - {{ end }} - {{- template "server.statefulSet.securityContext.pod" . }} - volumes: - {{ template "vault.volumes" . }} - - name: home - emptyDir: {} - {{- if .Values.server.extraInitContainers }} - initContainers: - {{ toYaml .Values.server.extraInitContainers | nindent 8}} - {{- end }} - containers: - - name: vault - {{ template "vault.resources" . }} - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - "/bin/sh" - - "-ec" - args: {{ template "vault.args" . }} - {{- template "server.statefulSet.securityContext.container" . }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: VAULT_K8S_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VAULT_ADDR - value: "{{ include "vault.scheme" . }}://127.0.0.1:8200" - - name: VAULT_API_ADDR - {{- if .Values.server.ha.apiAddr }} - value: {{ .Values.server.ha.apiAddr }} - {{- else }} - value: "{{ include "vault.scheme" . }}://$(POD_IP):8200" - {{- end }} - - name: SKIP_CHOWN - value: "true" - - name: SKIP_SETCAP - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: VAULT_CLUSTER_ADDR - {{- if .Values.server.ha.clusterAddr }} - value: {{ .Values.server.ha.clusterAddr }} - {{- else }} - value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" - {{- end }} - {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - - name: VAULT_RAFT_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - - name: HOME - value: "/home/vault" - {{- if .Values.server.logLevel }} - - name: VAULT_LOG_LEVEL - value: "{{ .Values.server.logLevel }}" - {{- end }} - {{- if .Values.server.logFormat }} - - name: VAULT_LOG_FORMAT - value: "{{ .Values.server.logFormat }}" - {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} - {{ template "vault.envs" . }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} - {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} - volumeMounts: - {{ template "vault.mounts" . }} - - name: home - mountPath: /home/vault - ports: - - containerPort: 8200 - name: {{ include "vault.scheme" . }} - - containerPort: 8201 - name: https-internal - - containerPort: 8202 - name: {{ include "vault.scheme" . }}-rep - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - {{- if .Values.server.readinessProbe.path }} - httpGet: - path: {{ .Values.server.readinessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - {{- else }} - # Check status; unsealed vault servers return 0 - # The exit code reflects the seal status: - # 0 - unsealed - # 1 - error - # 2 - sealed - exec: - command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] - {{- end }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.server.livenessProbe.path | quote }} - port: 8200 - scheme: {{ include "vault.scheme" . | upper }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - {{- end }} - lifecycle: - # Vault container doesn't receive SIGTERM from Kubernetes - # and after the grace period ends, Kube sends SIGKILL. This - # causes issues with graceful shutdowns such as deregistering itself - # from Consul (zombie services). - preStop: - exec: - command: [ - "/bin/sh", "-c", - # Adding a sleep here to give the pod eviction a - # chance to propagate, so requests will not be made - # to this pod while it's terminating - "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)", - ] - {{- if .Values.server.postStart }} - postStart: - exec: - command: - {{- range (.Values.server.postStart) }} - - {{ . | quote }} - {{- end }} - {{- end }} - {{- if .Values.server.extraContainers }} - {{ toYaml .Values.server.extraContainers | nindent 8}} - {{- end }} - {{- include "imagePullSecrets" . | nindent 6 }} - {{ template "vault.volumeclaims" . }} -{{ end }} -{{ end }} -{{ end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/tests/server-test.yaml deleted file mode 100644 index 56dbee78cd..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/tests/server-test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- if .serverEnabled -}} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: - {{- include "imagePullSecrets" . | nindent 2 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - env: - - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} - {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} - command: - - /bin/sh - - -c - - | - echo "Checking for sealed info in 'vault status' output" - ATTEMPTS=10 - n=0 - until [ "$n" -ge $ATTEMPTS ] - do - echo "Attempt" $n... - vault status -format yaml | grep -E '^sealed: (true|false)' && break - n=$((n+1)) - sleep 5 - done - if [ $n -ge $ATTEMPTS ]; then - echo "timed out looking for sealed info in 'vault status' output" - exit 1 - fi - - exit 0 - volumeMounts: - {{- if .Values.server.volumeMounts }} - {{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - volumes: - {{- if .Values.server.volumes }} - {{- toYaml .Values.server.volumes | nindent 4}} - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/ui-service.yaml deleted file mode 100644 index d45afdda4f..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/templates/ui-service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ template "vault.mode" . }} -{{- if ne .mode "external" }} -{{- template "vault.uiEnabled" . -}} -{{- if .uiEnabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }}-ui - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- template "vault.ui.annotations" . }} -spec: - selector: - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - component: server - {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }} - vault-active: "true" - {{- end }} - publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }} - ports: - - name: {{ include "vault.scheme" . }} - port: {{ .Values.ui.externalPort }} - targetPort: {{ .Values.ui.targetPort }} - {{- if .Values.ui.serviceNodePort }} - nodePort: {{ .Values.ui.serviceNodePort }} - {{- end }} - type: {{ .Values.ui.serviceType }} - {{- include "service.externalTrafficPolicy" .Values.ui }} - {{- include "service.loadBalancer" .Values.ui }} -{{- end -}} -{{- end }} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.openshift.yaml deleted file mode 100644 index a1c48f02f2..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.openshift.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# These overrides are appropriate defaults for deploying this chart on OpenShift - -global: - openshift: true - -injector: - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.17.0-ubi" - - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - -server: - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.schema.json b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.schema.json deleted file mode 100644 index aad7ee7fcc..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.schema.json +++ /dev/null @@ -1,1027 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "csi": { - "type": "object", - "properties": { - "daemonSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "kubeletRootDir": { - "type": "string" - }, - "providersDir": { - "type": "string" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "updateStrategy": { - "type": "object", - "properties": { - "maxUnavailable": { - "type": "string" - }, - "type": { - "type": "string" - } - } - } - } - }, - "debug": { - "type": "boolean" - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "extraArgs": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "pod": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - } - } - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "extraLabels": { - "type": "object" - } - } - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "global": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "externalVaultAddr": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array" - }, - "openshift": { - "type": "boolean" - }, - "psp": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enable": { - "type": "boolean" - } - } - }, - "tlsDisable": { - "type": "boolean" - } - } - }, - "injector": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "agentDefaults": { - "type": "object", - "properties": { - "cpuLimit": { - "type": "string" - }, - "cpuRequest": { - "type": "string" - }, - "memLimit": { - "type": "string" - }, - "memRequest": { - "type": "string" - }, - "template": { - "type": "string" - }, - "templateConfig": { - "type": "object", - "properties": { - "exitOnRetryFailure": { - "type": "boolean" - }, - "staticSecretRenderInterval": { - "type": "string" - } - } - } - } - }, - "agentImage": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "authPath": { - "type": "string" - }, - "certs": { - "type": "object", - "properties": { - "caBundle": { - "type": "string" - }, - "certName": { - "type": "string" - }, - "keyName": { - "type": "string" - }, - "secretName": { - "type": [ - "null", - "string" - ] - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalVaultAddr": { - "type": "string" - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraLabels": { - "type": "object" - }, - "failurePolicy": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "leaderElector": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "namespaceSelector": { - "type": "object" - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "podDisruptionBudget": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "revokeOnShutdown": { - "type": "boolean" - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "strategy": { - "type": [ - "object", - "string" - ] - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "webhook": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "failurePolicy": { - "type": "string" - }, - "matchPolicy": { - "type": "string" - }, - "namespaceSelector": { - "type": "object" - }, - "objectSelector": { - "type": [ - "object", - "string" - ] - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "webhookAnnotations": { - "type": [ - "object", - "string" - ] - } - } - }, - "server": { - "type": "object", - "properties": { - "affinity": { - "type": [ - "object", - "string" - ] - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "auditStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "authDelegator": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "dataStorage": { - "type": "object", - "properties": { - "accessMode": { - "type": "string" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "mountPath": { - "type": "string" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": [ - "null", - "string" - ] - } - } - }, - "dev": { - "type": "object", - "properties": { - "devRootToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" - } - } - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "enterpriseLicense": { - "type": "object", - "properties": { - "secretKey": { - "type": "string" - }, - "secretName": { - "type": "string" - } - } - }, - "extraArgs": { - "type": "string" - }, - "extraContainers": { - "type": [ - "null", - "array" - ] - }, - "extraEnvironmentVars": { - "type": "object" - }, - "extraInitContainers": { - "type": [ - "null", - "array" - ] - }, - "extraLabels": { - "type": "object" - }, - "extraSecretEnvironmentVars": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "ha": { - "type": "object", - "properties": { - "apiAddr": { - "type": [ - "null", - "string" - ] - }, - "clusterAddr": { - "type": [ - "null", - "string" - ] - }, - "config": { - "type": [ - "string", - "object" - ] - }, - "disruptionBudget": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxUnavailable": { - "type": [ - "null", - "integer" - ] - } - } - }, - "enabled": { - "type": "boolean" - }, - "raft": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": "boolean" - }, - "setNodeId": { - "type": "boolean" - } - } - }, - "replicas": { - "type": "integer" - } - } - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "ingress": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "extraPaths": { - "type": "array" - }, - "hosts": { - "type": "array", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string" - }, - "paths": { - "type": "array" - } - } - } - }, - "ingressClassName": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "pathType": { - "type": "string" - }, - "tls": { - "type": "array" - } - } - }, - "livenessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "path": { - "type": "string" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "logFormat": { - "type": "string" - }, - "logLevel": { - "type": "string" - }, - "networkPolicy": { - "type": "object", - "properties": { - "egress": { - "type": "array" - }, - "enabled": { - "type": "boolean" - } - } - }, - "nodeSelector": { - "type": [ - "null", - "object", - "string" - ] - }, - "postStart": { - "type": "array" - }, - "preStopSleepSeconds": { - "type": "integer" - }, - "priorityClassName": { - "type": "string" - }, - "readinessProbe": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "failureThreshold": { - "type": "integer" - }, - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - } - }, - "resources": { - "type": "object" - }, - "route": { - "type": "object", - "properties": { - "activeService": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "labels": { - "type": "object" - }, - "tls": { - "type": "object" - } - } - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": "boolean" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "targetPort": { - "type": "integer" - }, - "nodePort": { - "type": "integer" - }, - "activeNodePort": { - "type": "integer" - }, - "standbyNodePort": { - "type": "integer" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } - }, - "shareProcessNamespace": { - "type": "boolean" - }, - "standalone": { - "type": "object", - "properties": { - "config": { - "type": [ - "string", - "object" - ] - }, - "enabled": { - "type": [ - "string", - "boolean" - ] - } - } - }, - "statefulSet": { - "type": "object", - "properties": { - "annotations": { - "type": [ - "object", - "string" - ] - }, - "securityContext": { - "type": "object", - "properties": { - "container": { - "type": [ - "object", - "string" - ] - }, - "pod": { - "type": [ - "object", - "string" - ] - } - } - } - } - }, - "terminationGracePeriodSeconds": { - "type": "integer" - }, - "tolerations": { - "type": [ - "null", - "array", - "string" - ] - }, - "topologySpreadConstraints": { - "type": [ - "null", - "array", - "string" - ] - }, - "updateStrategyType": { - "type": "string" - }, - "volumeMounts": { - "type": [ - "null", - "array" - ] - }, - "volumes": { - "type": [ - "null", - "array" - ] - } - } - }, - "ui": { - "type": "object", - "properties": { - "activeVaultPodOnly": { - "type": "boolean" - }, - "annotations": { - "type": [ - "object", - "string" - ] - }, - "enabled": { - "type": [ - "boolean", - "string" - ] - }, - "externalPort": { - "type": "integer" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "publishNotReadyAddresses": { - "type": "boolean" - }, - "serviceNodePort": { - "type": [ - "null", - "integer" - ] - }, - "serviceType": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - } -} diff --git a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.yaml b/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.yaml deleted file mode 100644 index b7721cdac5..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/0.21.0/src/values.yaml +++ /dev/null @@ -1,898 +0,0 @@ -# Available parameters and their default values for the Vault chart. -global: - # enabled is the master enabled switch. Setting this to true or false - # will enable or disable all the components within this chart by default. - enabled: true - # Image pull secret to use for registry authentication. - # Alternatively, the value may be specified as an array of strings. - imagePullSecrets: [] - # imagePullSecrets: - # - name: image-pull-secret - - # TLS for end-to-end encrypted transport - tlsDisable: true - # External vault server address for the injector and CSI provider to use. - # Setting this will disable deployment of a vault server. - externalVaultAddr: "" - # If deploying to OpenShift - openshift: true - # Create PodSecurityPolicy for pods - psp: - enable: false - # Annotation for PodSecurityPolicy. - # This is a multi-line templated string map, and can also be set as YAML. - annotations: | - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -injector: - # True if you want to enable vault agent injection. - # @default: global.enabled - enabled: "-" - replicas: 1 - # Configures the port the injector should listen on - port: 8080 - # If multiple replicas are specified, by default a leader will be determined - # so that only one injector attempts to create TLS certificates. - leaderElector: - enabled: true - # If true, will enable a node exporter metrics endpoint at /metrics. - metrics: - enabled: false - # Deprecated: Please use global.externalVaultAddr instead. - externalVaultAddr: "" - # image sets the repo and tag of the vault-k8s image to use for the injector. - image: - repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "0.17.0-ubi" - pullPolicy: IfNotPresent - # agentImage sets the repo and tag of the Vault image to use for the Vault Agent - # containers. This should be set to the official Vault image. Vault 1.3.1+ is - # required. - agentImage: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - # The default values for the injected Vault Agent containers. - agentDefaults: - # For more information on configuring resources, see the K8s documentation: - # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - cpuLimit: "500m" - cpuRequest: "250m" - memLimit: "128Mi" - memRequest: "64Mi" - # Default template type for secrets when no custom template is specified. - # Possible values include: "json" and "map". - template: "map" - # Default values within Agent's template_config stanza. - templateConfig: - exitOnRetryFailure: true - staticSecretRenderInterval: "" - # Mount Path of the Vault Kubernetes Auth Method. - authPath: "auth/kubernetes" - # Configures the log verbosity of the injector. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "info" - # Configures the log format of the injector. Supported log formats: "standard", "json". - logFormat: "standard" - # Configures all Vault Agent sidecars to revoke their token when shutting down - revokeOnShutdown: false - webhook: - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # matchPolicy specifies the approach to accepting changes based on the rules of - # the MutatingWebhookConfiguration. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy - # for more details. - # - matchPolicy: Exact - # timeoutSeconds is the amount of seconds before the webhook request will be ignored - # or fails. - # If it is ignored or fails depends on the failurePolicy - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts - # for more details. - # - timeoutSeconds: 30 - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: | - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - {{ template "vault.name" . }}-agent-injector - # Extra annotations to attach to the webhook - annotations: {} - # Deprecated: please use 'webhook.failurePolicy' instead - # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the - # API Version of the WebHook. - # To block pod creation while webhook is unavailable, set the policy to `Fail` below. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy - # - failurePolicy: Ignore - # Deprecated: please use 'webhook.namespaceSelector' instead - # namespaceSelector is the selector for restricting the webhook to only - # specific namespaces. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector - # for more details. - # Example: - # namespaceSelector: - # matchLabels: - # sidecar-injector: enabled - namespaceSelector: {} - # Deprecated: please use 'webhook.objectSelector' instead - # objectSelector is the selector for restricting the webhook to only - # specific labels. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector - # for more details. - # Example: - # objectSelector: - # matchLabels: - # vault-sidecar-injector: enabled - objectSelector: {} - # Deprecated: please use 'webhook.annotations' instead - # Extra annotations to attach to the webhook - webhookAnnotations: {} - certs: - # secretName is the name of the secret that has the TLS certificate and - # private key to serve the injector webhook. If this is null, then the - # injector will default to its automatic management mode that will assign - # a service account to the injector to generate its own certificates. - secretName: null - # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA - # that signed the TLS certificate that the webhook serves. This must be set - # if secretName is non-null, unless an external service like cert-manager is - # keeping the caBundle updated. - caBundle: "" - # certName and keyName are the names of the files within the secret for - # the TLS cert and private key, respectively. These have reasonable - # defaults but can be customized if necessary. - certName: tls.crt - keyName: tls.key - # Security context for the pod template and the injector container - # The default pod securityContext is: - # runAsNonRoot: true - # runAsGroup: {{ .Values.injector.gid | default 1000 }} - # runAsUser: {{ .Values.injector.uid | default 100 }} - # fsGroup: {{ .Values.injector.gid | default 1000 }} - # and for container is - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - ALL - securityContext: - pod: {} - container: {} - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # extraEnvironmentVars is a list of extra environment variables to set in the - # injector deployment. - extraEnvironmentVars: {} - # KUBERNETES_SERVICE_HOST: kubernetes.default.svc - - # Affinity Settings for injector pods - # This can either be multi-line string or YAML matching the PodSpec's affinity field. - # Commenting out or setting as empty the affinity variable, will allow - # deployment of multiple replicas to single node services such as Minikube. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: webhook - topologyKey: kubernetes.io/hostname - # Topology settings for injector pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for injector pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Priority class for injector pods - priorityClassName: "" - # Extra annotations to attach to the injector pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the injector pods - annotations: {} - # Extra labels to attach to the agent-injector - # This should be a YAML map of the labels to apply to the injector - extraLabels: {} - # Should the injector pods run on the host network (useful when using - # an alternate CNI in EKS) - hostNetwork: false - # Injector service specific config - service: - # Extra annotations to attach to the injector service - annotations: {} - # Injector serviceAccount specific config - serviceAccount: - # Extra annotations to attach to the injector serviceAccount - annotations: {} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - podDisruptionBudget: {} - # podDisruptionBudget: - # maxUnavailable: 1 - - # strategy for updating the deployment. This can be a multi-line string or a - # YAML map. - strategy: {} - # strategy: | - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - # type: RollingUpdate -server: - # If true, or "-" with global.enabled true, Vault server will be installed. - # See vault.mode in _helpers.tpl for implementation details. - enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This - # should map directly to the value of the resources field for a PodSpec. - # By default no direct resource request is made. - image: - repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.11.2-ubi" - # Overrides the default Image Pull Policy - pullPolicy: IfNotPresent - # Configure the Update Strategy Type for the StatefulSet - # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - updateStrategyType: "OnDelete" - # Configure the logging verbosity for the Vault server. - # Supported log levels include: trace, debug, info, warn, error - logLevel: "" - # Configure the logging format for the Vault server. - # Supported log formats include: standard, json - logFormat: "" - resources: {} - # resources: - # requests: - # memory: 256Mi - # cpu: 250m - # limits: - # memory: 256Mi - # cpu: 250m - - # Ingress allows ingress services to be created to allow external access - # from Kubernetes to access Vault pods. - # If deployment is on OpenShift, the following block is ignored. - # In order to expose the service, use the route section below - ingress: - enabled: false - labels: {} - # traffic: external - annotations: {} - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # or - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # Optionally use ingressClassName instead of deprecated annotation. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation - ingressClassName: "" - # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases. - # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values. - pathType: Prefix - # When HA mode is enabled and K8s service registration is being used, - # configure the ingress to point to the Vault active service. - activeService: true - hosts: - - host: chart-example.local - paths: [] - ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # service: - # name: ssl-redirect - # port: - # number: use-annotation - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - # OpenShift only - create a route to expose the service - # By default the created route will be of type passthrough - route: - enabled: false - # When HA mode is enabled and K8s service registration is being used, - # configure the route to point to the Vault active service. - activeService: true - labels: {} - annotations: {} - host: chart-example.local - # tls will be passed directly to the route's TLS config, which - # can be used to configure other termination methods that terminate - # TLS at the router - tls: - termination: passthrough - # authDelegator enables a cluster role binding to be attached to the service - # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html - authDelegator: - enabled: true - # extraInitContainers is a list of init containers. Specified as a YAML list. - # This is useful if you need to run a script to provision TLS certificates or - # write out configuration files in a dynamic way. - extraInitContainers: null - # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, - # # which is defined in the volumes value. - # - name: oauthapp - # image: "alpine" - # command: [sh, -c] - # args: - # - cd /tmp && - # wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz && - # tar -xf oauthapp.xz && - # mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp && - # chmod +x /usr/local/libexec/vault/oauthapp - # volumeMounts: - # - name: plugins - # mountPath: /usr/local/libexec/vault - - # extraContainers is a list of sidecar containers. Specified as a YAML list. - extraContainers: null - # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers - # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation - shareProcessNamespace: false - # extraArgs is a string containing additional Vault server arguments. - extraArgs: "" - # Used to define custom readinessProbe settings - readinessProbe: - enabled: true - # If you need to use a http path instead of the default exec - # path: /v1/sys/health?standbyok=true - - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to enable a livenessProbe for the pods - livenessProbe: - enabled: false - path: "/v1/sys/health?standbyok=true" - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Optional duration in seconds the pod needs to terminate gracefully. - # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - terminationGracePeriodSeconds: 10 - # Used to set the sleep time during the preStop step - preStopSleepSeconds: 5 - # Used to define commands to run after the pod is ready. - # This can be used to automate processes such as initialization - # or boostrapping auth methods. - postStart: [] - # - /bin/sh - # - -c - # - /vault/userconfig/myscript/run.sh - - # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be - # used to include variables required for auto-unseal. - extraEnvironmentVars: {} - # GOOGLE_REGION: global - # GOOGLE_PROJECT: myproject - # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json - - # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. - # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: [] - # - envName: AWS_SECRET_ACCESS_KEY - # secretName: vault - # secretKey: AWS_SECRET_ACCESS_KEY - - # Deprecated: please use 'volumes' instead. - # extraVolumes is a list of extra volumes to mount. These will be exposed - # to Vault in the path `/vault/userconfig//`. The value below is - # an array of objects, examples are shown below. - extraVolumes: [] - # - type: secret (or "configMap") - # name: my-secret - # path: null # default is `/vault/userconfig` - - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: plugins - # emptyDir: {} - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - mountPath: /usr/local/libexec/vault - # name: plugins - # readOnly: true - - # Affinity Settings - # Commenting out or setting as empty the affinity variable, will allow - # deployment to single node services such as Minikube - # This should be either a multi-line string or YAML matching the PodSpec's affinity field. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - # Topology settings for server pods - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # This should be either a multi-line string or YAML matching the topologySpreadConstraints array - # in a PodSpec. - topologySpreadConstraints: [] - # Toleration Settings for server pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - # Example: - # nodeSelector: - # beta.kubernetes.io/arch: amd64 - nodeSelector: {} - # Enables network policy for server pods - networkPolicy: - enabled: false - egress: [] - # egress: - # - to: - # - ipBlock: - # cidr: 10.0.0.0/24 - # ports: - # - protocol: TCP - # port: 443 - # Priority class for server pods - priorityClassName: "" - # Extra labels to attach to the server pods - # This should be a YAML map of the labels to apply to the server pods - extraLabels: {} - # Extra annotations to attach to the server pods - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the server pods - annotations: {} - # Enables a headless service to be used by the Vault Statefulset - service: - enabled: true - # clusterIP controls whether a Cluster IP address is attached to the - # Vault service within Kubernetes. By default the Vault service will - # be given a Cluster IP address, set to None to disable. When disabled - # Kubernetes will create a "headless" service. Headless services can be - # used to communicate with pods directly through DNS instead of a round robin - # load balancer. - # clusterIP: None - - # Configures the service type for the main Vault service. Can be ClusterIP - # or NodePort. - #type: ClusterIP - - # Do not wait for pods to be ready - publishNotReadyAddresses: true - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #nodePort: 30000 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #activeNodePort: 30001 - - # When HA mode is enabled - # If type is set to "NodePort", a specific nodePort value can be configured, - # will be random if left blank. - #standbyNodePort: 30002 - - # Port on which Vault server is listening - port: 8200 - # Target port to which the service should be mapped to - targetPort: 8200 - # Extra annotations for the service definition. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the service. - annotations: {} - # This configures the Vault Statefulset to create a PVC for data - # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more - dataStorage: - enabled: true - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/data" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # This configures the Vault Statefulset to create a PVC for audit - # logs. Once Vault is deployed, initialized and unsealed, Vault must - # be configured to use this for audit logs. This will be mounted to - # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more - auditStorage: - enabled: false - # Size of the PVC created - size: 10Gi - # Location where the PVC will be mounted. - mountPath: "/vault/audit" - # Name of the storage class to use. If null it will use the - # configured default Storage Class. - storageClass: null - # Access Mode of the storage device being used for the PVC - accessMode: ReadWriteOnce - # Annotations to apply to the PVC - annotations: {} - # Run Vault in "dev" mode. This requires no further setup, no state management, - # and no initialization. This is useful for experimenting with Vault without - # needing to unseal, store keys, et. al. All data is lost on restart - do not - # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more - dev: - enabled: false - # Set VAULT_DEV_ROOT_TOKEN_ID value - devRootToken: "root" - # Run Vault in "standalone" mode. This is the default mode that will deploy if - # no arguments are given to helm. This requires a PVC for data storage to use - # the "file" backend. This mode is not highly available and should not be scaled - # past a single replica. - standalone: - enabled: "-" - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data - # and store data there. This is only used when using a Replica count of 1, and - # using a stateful set. This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "file" { - path = "/vault/data" - } - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # Run Vault in "HA" mode. There are no storage requirements unless audit log - # persistence is required. In HA mode Vault will configure itself to use Consul - # for its storage backend. The default configuration provided will work the Consul - # Helm project by default. It is possible to manually configure Vault to use a - # different HA backend. - ha: - enabled: false - replicas: 3 - # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr - # If set to null, this will be set to the Pod IP Address - apiAddr: null - # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr - # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 - clusterAddr: null - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create - # persistent volumes for Vault to store data according to the configuration under server.dataStorage. - # The Vault cluster will coordinate leader elections and failovers internally. - raft: - # Enables Raft integrated storage - enabled: false - # Set the Node Raft ID to the name of the pod - setNodeId: false - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - - storage "raft" { - path = "/vault/data" - } - - service_registration "kubernetes" {} - # config is a raw string of default configuration when using a Stateful - # deployment. Default is to use a Consul for its HA storage backend. - # This should be HCL. - - # Note: Configuration files are stored in ConfigMaps so sensitive data - # such as passwords should be either mounted through extraSecretEnvironmentVars - # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations - config: | - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - cluster_address = "[::]:8201" - } - storage "consul" { - path = "vault" - address = "HOST_IP:8500" - } - - service_registration "kubernetes" {} - - # Example configuration for using auto-unseal, using Google Cloud KMS. The - # GKMS keys must already exist, and the cluster must have a service account - # that is authorized to access GCP KMS. - #seal "gcpckms" { - # project = "vault-helm-dev-246514" - # region = "global" - # key_ring = "vault-helm-unseal-kr" - # crypto_key = "vault-helm-unseal-key" - #} - # A disruption budget limits the number of pods of a replicated application - # that are down simultaneously from voluntary disruptions - disruptionBudget: - enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. - maxUnavailable: null - # Definition of the serviceAccount used to run Vault. - # These options are also used when using an external Vault server to validate - # Kubernetes tokens. - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Settings for the statefulSet used to run Vault. - statefulSet: - # Extra annotations for the statefulSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the statefulSet. - annotations: {} - # Set the pod and container security contexts. - # If not set, these will default to, and for *not* OpenShift: - # pod: - # runAsNonRoot: true - # runAsGroup: {{ .Values.server.gid | default 1000 }} - # runAsUser: {{ .Values.server.uid | default 100 }} - # fsGroup: {{ .Values.server.gid | default 1000 }} - # container: {} - # - # If not set, these will default to, and for OpenShift: - # pod: {} - # container: - # allowPrivilegeEscalation: false - securityContext: - pod: {} - container: {} -# Vault UI -ui: - # True if you want to create a Service entry for the Vault UI. - # - # serviceType can be used to control the type of service created. For - # example, setting this to "LoadBalancer" will create an external load - # balancer (for supported K8S installations) to access the UI. - enabled: false - publishNotReadyAddresses: true - # The service should only contain selectors for active Vault pod - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - # The externalTrafficPolicy can be set to either Cluster or Local - # and is only valid for LoadBalancer and NodePort service types. - # The default value is Cluster. - # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy - externalTrafficPolicy: Cluster - #loadBalancerSourceRanges: - # - 10.0.0.0/16 - # - 1.78.23.3/32 - - # loadBalancerIP: - - # Extra annotations to attach to the ui service - # This can either be YAML or a YAML-formatted multi-line templated string map - # of the annotations to apply to the ui service - annotations: {} -# secrets-store-csi-driver-provider-vault -csi: - # True if you want to install a secrets-store-csi-driver-provider-vault daemonset. - # - # Requires installing the secrets-store-csi-driver separately, see: - # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver - # - # With the driver and provider installed, you can mount Vault secrets into volumes - # similar to the Vault Agent injector, and you can also sync those secrets into - # Kubernetes secrets. - enabled: false - image: - repository: "hashicorp/vault-csi-provider" - tag: "1.2.0" - pullPolicy: IfNotPresent - # volumes is a list of volumes made available to all containers. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumes: null - # - name: tls - # secret: - # secretName: vault-tls - - # volumeMounts is a list of volumeMounts for the main server container. These are rendered - # via toYaml rather than pre-processed like the extraVolumes value. - # The purpose is to make it easy to share volumes between containers. - volumeMounts: null - # - name: tls - # mountPath: "/vault/tls" - # readOnly: true - - resources: {} - # resources: - # requests: - # cpu: 50m - # memory: 128Mi - # limits: - # cpu: 50m - # memory: 128Mi - - # Settings for the daemonSet used to run the provider. - daemonSet: - updateStrategy: - type: RollingUpdate - maxUnavailable: "" - # Extra annotations for the daemonSet. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the daemonSet. - annotations: {} - # Provider host path (must match the CSI provider's path) - providersDir: "/etc/kubernetes/secrets-store-csi-providers" - # Kubelet host path - kubeletRootDir: "/var/lib/kubelet" - # Extra labels to attach to the vault-csi-provider daemonSet - # This should be a YAML map of the labels to apply to the csi provider daemonSet - extraLabels: {} - # security context for the pod template and container in the csi provider daemonSet - securityContext: - pod: {} - container: {} - pod: - # Extra annotations for the provider pods. This can either be YAML or a - # YAML-formatted multi-line templated string map of the annotations to apply - # to the pod. - annotations: {} - # Toleration Settings for provider pods - # This should be either a multi-line string or YAML matching the Toleration array - # in a PodSpec. - tolerations: [] - # Extra labels to attach to the vault-csi-provider pod - # This should be a YAML map of the labels to apply to the csi provider pod - extraLabels: {} - # Priority class for csi pods - priorityClassName: "" - serviceAccount: - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # Extra labels to attach to the vault-csi-provider serviceAccount - # This should be a YAML map of the labels to apply to the csi provider serviceAccount - extraLabels: {} - # Used to configure readinessProbe for the pods. - readinessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Used to configure livenessProbe for the pods. - livenessProbe: - # When a probe fails, Kubernetes will try failureThreshold times before giving up - failureThreshold: 2 - # Number of seconds after the container has started before probe initiates - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # Number of seconds after which the probe times out. - timeoutSeconds: 3 - # Enables debug logging. - debug: false - # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments - # for the available command line flags. - extraArgs: [] diff --git a/charts/partners/redhat-test/chartprodhelm/OWNERS b/charts/partners/redhat-test/chartprodhelm/OWNERS deleted file mode 100644 index 176e6d507e..0000000000 --- a/charts/partners/redhat-test/chartprodhelm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: chartprodhelm - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: Aishwarya-Urne -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/check-1946/OWNERS b/charts/partners/redhat-test/check-1946/OWNERS deleted file mode 100644 index ddfdbca92a..0000000000 --- a/charts/partners/redhat-test/check-1946/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: check-1946 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/check1946/OWNERS b/charts/partners/redhat-test/check1946/OWNERS deleted file mode 100644 index b833d3ed0b..0000000000 --- a/charts/partners/redhat-test/check1946/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: check1946 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/delete/OWNERS b/charts/partners/redhat-test/delete/OWNERS deleted file mode 100644 index b13751bbbe..0000000000 --- a/charts/partners/redhat-test/delete/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: delete - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/extchart/OWNERS b/charts/partners/redhat-test/extchart/OWNERS deleted file mode 100644 index 401cd7ce73..0000000000 --- a/charts/partners/redhat-test/extchart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: extchart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: testuserrr -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/extprodhelm/OWNERS b/charts/partners/redhat-test/extprodhelm/OWNERS deleted file mode 100644 index ce7deb67a0..0000000000 --- a/charts/partners/redhat-test/extprodhelm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: extprodhelm - shortDescription: test -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: Aishwarya-Urne -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helm-project/OWNERS b/charts/partners/redhat-test/helm-project/OWNERS deleted file mode 100644 index 22b759ed1b..0000000000 --- a/charts/partners/redhat-test/helm-project/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: helm-project - shortDescription: test short desc -providerDelivery: false -publicPgpKey: LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdDYW1oZ0JFQUNhbFVuZU10Mm5lMDIwTHVsVnU0Q3FZV1NNME83TTdMY01UTEIwcGFKMlZlOGNTNFVzCnpQcUMveS9rTmo4dkJVbG1TNzFMY25zdGIxVVJiTGJic1pTd1lXUU5oT1FWenJIRWF2clZ5ckNCT3hGTzVOUC8KSTMwNWlnSDh1RVBXb2JDcXhLT0J1VjdaUzJrcUN5RlhxYkp1c2Zzc2NqTHNFTW51SmJkWTU5M2h5VklabmIrZwpaam5SajVEb0RBNWZEZ25sci9KSzdZRnVoYmxReFBIcTBLS1dDR3JEdGNQL095NkdpeWQvRHo3UXh1WU9wcy85CndRYnNzOS8ybXB1TWpNWDF6VGtKdEVwdHZDa2F3WGtwL0EySnc1UjRtTjFwczhOaXU5M1RmcUpzRHUyZUo4M1oKK3lBanRLbWpOVEhrUUNsZ0xxaXZ5dUliZklMaHJoYzhCYVBGZUUvcnoyNXYvTjNDcytpYjVwcGR1Qk5KRllVWgpSZmJIdElabUJuVzNCU0Z1Q3ErNG9EZHZFU1Ryam1oWGhvN0k1TEtHYUFOMWJYRUpLSURxTTdZS2xNbkJlWGhXCnR2NDk1K2locy84Q3EwVjY4ejJCc2Zwa0pXbTVwN3VOSXZFeUs4UFd5UDlTT3BWYVROb2ZneUVGNCs0N2NOQkYKeXBQSzZ2UzlUYkRmOHFDOGdXbTlFZ2tobGRyRGlVejR2UC9jZVhoNzM5NXc1WitYQ2Z1bUgybFo2dHBZQk1GMgoxaC9HSDZFZjhISUNqajlJSTA1VEthTWRIeDJNZDhGbmlRT3RuWUdzWG5wVDdYZTFHYU9sK3IzTHUxZXQ3Rlk1CitEbVkzazh6Q2MxcGtvTEZDTTRjbW1yMG9mSk5wcjFwSjVsbWVtVXNQS2RCSjE3QndiblZHUjVXdlFBUkFRQUIKdEI1U1pXUWdTR0YwSUZSbGMzUWdQSFJsYzNSQWNtVmthR0YwTG1OdmJUNkpBaTBFRXdFS0FCY0ZBbUNhbWhnQwpHeThEQ3drSEF4VUtDQUllQVFJWGdBQUtDUkFLbHpiYzFXQ1VpbWdoRUFDVnpQU0hWOUZIR0Q0RjRKMy9BcXlpClZocFdGWGFNUWVhM2Z4dFNzR2FOelM4dklvZGd4K2M1RmFxQnNUVFluRm8yTjJrSzhWSHlTbEVEMlYwSEt2N1MKSnEvVnFMamJpR05nSTFBRWhTMmVuUTVpS0MvMExSMWhGY2NnTUFNSGN6M0NmVE9nbDJKcmJ6RjlXdiswM3Bzegp6UE1GckZpamVkbEE5UVkvQlRsOU9tc3FRc3hMTURpSUtFSmdkTElEZEdiZ2FEbVhRaVI1dTc1Vy85S2RYV1NuCkxtZHZ4dlg1emtZWmtzc3dKSkVWMW1uRUN2aVhIa3NYUTZEREY1VzdoaHBTY2JyRlIyM002MExRRU00RC9TUGUKMGxSb3lkVnA2OFdpN2tFTkl6SUtiV2JoRUNmblpZWHdjMkkyQ1ZxNHFqaUM1S0ZOTk00QWwzRlhST20rRC9mOApyZkg5VnFBRVlURk16b1hlY2czV3I2Uk1aTE5aaXlIc1J5YzArUCtDT1lra09yVVArVEE3b1ZSaW1OV2FGclloCjNlU2tvVno2aXlnK0JMUmZ3M2twVFkyS3J6b0FDVXl1QzBMUHEvZlJCRFRTS1poVytJbkhwQXVUUlhCcDZpbXgKQ2VDOU55SnpDS3BLQWY5VHVsMlRiY0NmbnBUUUJDYnM2czduSUJEV1pacjJKb2dNUE1YMVJlVGtTeGNYRUJVMAo3WnQ5SHZYa0VOTDUxK3djMDIrY1g3T2o5MjQ4RU95SWFyWDRjMWRxQ29BY3Q2Vi9ZVmozU1FGRTJiUTBEL0xDCldrbjQwRS9Uc3RqY2pHQkM2bUVjOElOblhiY1dxQVVmbk1rWEN3Mm4wd2V5NkxsdUN5ajMyWlpieHgrVFNDN0cKdWl5ZzhYTXFpTldoSFkyV3pkRzc3cmtDRFFSZ21wb1lBUkFBdGVOMVY2eHdYM1FZSDZOdHIxVW9JVlBBcURUSgpEVjdHQURVNWp6ejBiekNnOTRMeERkTXdwdVVkb0hXZk9Xamp2N1g1L0pUdE5IQTE2TjNYbGJWcVg1aDhUU0RvCklmbGpyb3hTeUNqVVNDVG13bDQ4ZEUxZkozMVFrZVIrd3lUdWxUQXNjSG9nMDJNMXZNRFM4aFpTMUJ2UC8ydTIKSWtVNk5zQm1UM3JWT1hCNXNweVVBYVh6aW9wcTlMSUNaTnFuMXdZK3hadktRSFIyd0wvdzE2Q0hYMXMzZmJBOApTbkNPejAvYnF6WTdEQ2tyTDRuMmR1bkNTdWV2OHpOVDFpV3EwK0hnenZYRnN4N094RFB4VWlnNGpVTEpmdmlyCm0wN0prUDN3MDVJTmxjL1JGaHZIam5OaW1SMFp2ejVacUpEL05Rbk44WFkvSmVCS2FpMWwzWkdqS2paZHZjSisKUlhqd2M4WmtSdGp6a0g4NWt0Q0g4c3VUaWp1aTJzd0xOQWVPVUtaRjFBRUt6UmJKSDJiYmRncTc5Y3U1aFpJSQp3bHZJVy95cERkWHY5UVdQRFo1T3dwWlkrYXZGak42dldmOG1UTW1VbjVTaFIrRmNCdjd1c2ZrRXBUYysxWWZrClpET0tGRUYyZnpyOFVTQXA5T2xWVjdBMGNXclhkejdSTFZtaHV1eVcwVEY1U3BKM1hvQnBXQnoraXhSWlEvaXUKeTdVcEYvNHpNVXVvbGduTndaOVFHMUhEalR4SHZGZmdCTzVJNVRNdG9jSkhHYlVPaThucGJBbG5Qd1NxSVBMNApQTU1uZU5McmF6aUJsZkFoMmNQWGJwYjJOWjFGS0hScDd2TWF2eU83R2JOeVlTWVRLSlkzWStGcTg2cysxb010CnU3YkI0bEUrY3praHZMY0FFUUVBQVlrRVJBUVlBUW9BRHdVQ1lKcWFHQVVKRHdtY0FBSWJMZ0lwQ1JBS2x6YmMKMVdDVWlzRmRJQVFaQVFvQUJnVUNZSnFhR0FBS0NSQTBDQVN1NXErY055WUlEL3NIeDVYZXk3LzNkRDhqUDJ4ZQo1bjVDQjJDZzZFOURkTkJMc1ZHNjliYlFtS25iTFFOaDJKQlh1eVRDQnpMK0pMaEo2NU9xZ0puMUl2Q1owT1ZlCmJTb3JhTElQcVVUQi9EL2M2UHl0cDJySzlpZXdGRmtMc2NDV0hFbnk1d2tRbStZd2NhTitycFQ4TCtCN3ZBdGIKWk82ZkM4UTBWRGxiSUlrWktaOGtpc0NxeVd2MnVmRHRkU0liWmJuTkkzSGdES09nL2JNZzRwZ0hYcms4Z3p6NQpTR29WaDBGY2lNeXdDajZxTUFCUmlveDJFcUc2b3dKN1IwaGNhUUZucXlyZUpRNXJqVUhZaXh1dVJ0enpvWkdiCm1wa09BQXdQa1VHcUlNTEJZcGhzZHhxSGZVZUtLNFFWaGxIdGFIVzdiUFI0YXZQNjgwallaaEQyTUZQZzVTcGsKWGoyQkZyWmw1Ny9zM01SdWo5VUFWMXArQmNadURtOFZVdnc1OTdHbnkrcTIwQVRQZWhIUUdtN0lyWHIwd3BrRwpkL3JGbmtTdFY2YnNkdE53R3VsM3BJditFdDFZSWM5VnNJMnhQSHptdDFBVjYzUyt1R0VtNmwyUUtrWDRVVE1nCm1OK3psd1R6VHN4Z1AwR1oxZHYwWWpiNy9WWFRpRGJyUUtBUjZxamRlbFpSYVRTVEpWTU1Bai9EeE04MnVjQjgKbmhzSm5KYVBtYy90aFJ5MEpKWnp5Z2NKR3BoUWp6WWZOWFhxcHNiZGFPU2xCaGN6bVNxbEN4QXBzSkR0RGlkbwpIb3ZiSHdvMEpHemhHNXYrOWdjNk1STkF0U2l5LzNJL0VjOHhEdGw3eEE3SC91bnEwMWNGbWRHQWxad1RSM2VBCk45aXgwdmFoaGVqbHRJZXpDTzdubVYvcC9jajNELzlnbzBnYVo4UHJKaU9Ja0JzbkgrbFU1SHZNRFZTZkZkNlUKenR2TzV1MnkzZi9zNnFVYTFFUFViQzc5MEVLT3FzNGYwQXo2NFJNbTRZeWoxdWdySVRpUXdBSi9uVGNPUDdoUgpaMysxeE9nZ21OM2NtbGlDcW1Fd1NmOFFvVkNUSlg5alpCOFdGN1V1cWkvc2cveS9zdjE5KzN2NnMxaWZyZEZzCjYwVk5UZk1jRFh1UVpGQ0FKOGg4SFNRSnhuRnd5bkhyT2U2WkVYclRPUHRCdStyNlIxZ05BNHNQdE9kWkR2WDcKWDNreStaZWMyMWVlVDJJaEx1SnlZUDNZS2hXbUUzWWNQbEh6SDJ4SVptd1pLNG1QeStwWk9EMmdDRUJlOFRLZgpKQnpkajNDbzRBMVZYZ0tRVUM4aHE1Z1hndTIxLzVpcFZDdmd2Zm1aUEUxeXViWWZXcWFNWDJUMUFBT1h6L3ZGCmxFL0VaNFpEbW5BbnhuTWwwS3dmK1FhZTVaNDBEOGMwZm5zeHg0amthekZ1aFV4VC81bnlvNGg3QUY4UDJLdlYKVllMWG4vQjhwekZSMFhEbENGbTZ4TCtvMDhtK2FVM2pLcXJ2VlY4OHB3eXF2YlpVQUZwS2s2NFhzamRVMlRGbgpJVWNqVmN6Tmd1YlZRM0JIdnovbW85VDVKUk1IZnFQclRmZjZ0cURWOTFrc3NKTXdyQk5ZbThPYUxoK3kzNGU3ClM3K3hBQXAyeHI0YlptRVk2L3ZkUWhYczFjQ1RGcGY1SldITDRYM0RwNnVob0ZJS09VSVZOVEV3aDRRVGI1ZkMKZUR4Z1lFNzZMdjZiMW4zcXZRNkl0WXkvME0rRjBTSG5TM0YySFpoL3ZyNHlYcVI1a2FpbXlJdFNwN1FNOXJJZAo4TTBwb1N1ZGtia0NEUVJnbXBvWUFSQUF5VzdIcVhXcUxPSzVpa3R4UHNTWXpCKzY0dHFzY1IvKzFxVmhKSzB2Cm9rWC9PVnlyd0Y4d25uS0xIS0kyUDZ4aVpYczd6Nnk0YjhTcHdZTkZ1b0pCUDBQcVN5TWExNXVqdGNlcmJZWVUKSFhWaW9zNVRIcmhrY3hNcTFSQ0tiR2pPNDR1T3c5NklTcXdTU0xTTWxuN2JxUWtDeVBabzdiVXdyRjQ2QldHTQpyQ2oyNjNTd1VIOUdSRDBzbjc1aXNSTmZnVFlUTHJwUkltKzRBVlRnVmpFWkVFSFY1VWY3aFNxVGJWUzgrVVJzCm9WR0Z5eUU0cWFyekpVc1FQOE1adjJMc3pOS0dqQ0szc205YzhyRkpnRFF6M3h4Ukl4anJ1aE50dVFkcHkzYUMKclBwMnduQnRKTEl2ME90WDZRekJIRVJQMGhwLzhpQjlLUDBqRWtxZkNLUFNhdkZVN05OdmlJbWdyaWhnNDAyVwpRQXhZd0Y3cE50eXdkSnFOUU11RWRNVWpRR2lwUDZEdml6N2xHNk9CUUE3ckYvM25LZjVHcXc2NjRSTk9WbnovCklSV0ljNDVxQUxLSko4Tzd5b2ppSHl6SEdLVzBmdExYc1FYQU03czRXQVV3MDhseVhOLzlRTjdSa0dLL0g4WGoKWlcrKzVjaFVNeXRQS0hOZjVrTHpuQzVGODFIV1ptNnBWVDFqbkpHWEd5VlVmNGZpWVB1Z1RERko5Q2tKZlBtagpRR2prdHcrOG5TWTBCdGp5THl4a1RDOVl4WktNSFI3cUJydCsxTnVZZzdyMGlBM0JmUEgrbjBNcG5rWk9LSXcxCktWaVEzZkkzUC9ucW9ocUdQWWx5R1lGM0h3Z0lKeW1idVovZlY0UW1tSGIrcmtFaXRvMmx0R0gwTnBMeGw3NTkKVXJFQUVRRUFBWWtFUkFRWUFRb0FEd1VDWUpxYUdBVUpEd21jQUFJYkxnSXBDUkFLbHpiYzFXQ1Vpc0ZkSUFRWgpBUW9BQmdVQ1lKcWFHQUFLQ1JDcC9FTlVRWk5YRUFMWUQvOTZYQVd2cHpjVE92MTZhVm1OdVpMbGZvQklkcWZyCnVreitQZ3dIcmhJLzBqYlVVUDlhcDZaOTlYTjZJNlk2QWRyeGFncE9XSklVaDgzaXA3SmVHcXBRdThuZmN6WW4KYTQwWnk5SGFidUU2Wk1UR2E4TndTYWppa2UvUDBnRzFIVkFobzVpZEV1Z1h2MUFvb09kaTYwMVNqS1J0U1U2WQpaZ3FWWWJtWTI1eEZWbXh6ZXlSdWdiTC90OGNCYWFOVUlHY1JnSmNZVFRLbGxUekdqRU1hTUJEb1NMbS80Sm56CmpJdWpqY1FEbzUyMWFpN0tmYmFSUHRJUFdmcnV1MnRaRjBWVm1yYmJxV3ZmTnZSejBRTCtnY2QxWk42bjd4SEYKeUhFOTJNUGdlTU1rRmtWTHhONCtOQzJhQ0ZZYkxxYXE3ZEJsWEdvZUI1QUQveVpTZWo4eDltYnhWSDNTSkdIUAoxRGhXOXhadHNDV0grNmdPV21HZCtoY1JPWXJVMVhpL3k0TGE5LzRLbFdod3dSNjJlNVVIY0N4cUYvTnZnbDJFClRlOGY0Vm4ycXZYTUQwUGdNMmF2OVVvSWlYUk9pRlF0NVV2R0pKRE9vVTBybjNodWRickNKcXh0MGltT2gyaHEKVGNBcEgxdTd4T0JnTytLY2EyNjRSdldKZURxZ3ZXd0l3clE2dll3T0UrQ2xjS3Z4SjlHeFFmUCt3QTZqYkNpdgpwNXIxUEZhRWdXWCtYZnVUL2pYRXBuRGxoZjZOd2lMRXVZZDBJUFc2eDBBbW1lbE1EMmxpTElLY0RSaS9RcnozCjVhckJsQWlYWlVRdGZGTXVRS1ZzOXlKZG14VUhYWXBtWGNSSmtBZmpKeGZicFpFQzlaQzBzdmdid1VQODRiRWYKOUtLYTk3MG9RaiszRENKY0QvMFVlaUN2S3ZXT3NqZFFsYnRmWnBSL0FCNXFMOW5STnhpaGh0WGwwT3RBbFJ2NApiWVNyZ2gzM3BLek1nMkNSamlhY1NoMzVMNVFxZGxWcHE0ZkgzdlVtWG5LQ0lWMXlrcnlxSFlFUEx6dHdCajJDClVsQmVuQXdvMFM4RjNDUWpIOW4zWnEzeHVMSlNCMkMwVUxhR2JlNXZPdno0cTFHZWkvU2IzTDJMTTRiQXdNWWsKU3NhT211ZWhOQUF1REhLd2lIK2hVUmV3aGN5Mjh6YWN0dXNkblB4OXJCajJ3bXp2Q2lWcnhsOHcwQnZablRRVgpQOW10aEtOK1g5bGVrK2VmVnBQaWV0c2dGMTJZeDQ2M2tUM3VKelJyM2QyRDk1MWhVbXJyNHhsZXF0Z1hBUkwrCk9pRFNYbmFhV2QwVWtkWjlGUHFOOHlsbU5JQUZ0S3NFd2V1SFpKb1BCeW9XZTlSZjZHeDROS0VHdGRVYjZvbkYKdUNQYThTNEpXNERYRTdaVHFlNkpmbXFFMmpiTTVHT1U5Tmp3b01YaDFsbVlwcEY4Wk02QXhWSjNxaUlnc0hFQwo5RTU5RnFrM05nYmhSUXBRZGZHR0VMUU80TVhuSVFTYk50KzVGZ1FIalZDRG1YY0VDVDBGcXNteXk4MmFYRDR2CjJvV0xlY2h1YklwYUdOa0M0SE9lMVU2QTZHTWt4Vzc0RjdObXh1c2lTQ1R4UFl0UTZMZVpLMDRCcDVpQmg2bUYKQXdFWGRXb05RQ1lBeTE1VW40TFZBQzlNaElmRy9tU3BHRjl3bjRobVVCRVNVRlpKbU1SY1FteGJyYXk2aVZsSAp6NGVKRzk5Qlk2bzgxaEpHZUNuS1YzNGRrckgxdVNGR1dwNWRicVdCNzl6MGUwWmpQZWczR2lUREpvcTBwdz09Cj00clFQCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K -users: -- githubUsername: kanchan04katare -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helm24/OWNERS b/charts/partners/redhat-test/helm24/OWNERS deleted file mode 100644 index 24dde7ab37..0000000000 --- a/charts/partners/redhat-test/helm24/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm24 - shortDescription: test -publicPgpKey: dGVzdA== -users: -- githubUsername: test -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helm27/OWNERS b/charts/partners/redhat-test/helm27/OWNERS deleted file mode 100644 index 8bcccaf6a6..0000000000 --- a/charts/partners/redhat-test/helm27/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm27 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helm6557/OWNERS b/charts/partners/redhat-test/helm6557/OWNERS deleted file mode 100644 index 9e6bcd2521..0000000000 --- a/charts/partners/redhat-test/helm6557/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helm6557 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmchnf/OWNERS b/charts/partners/redhat-test/helmchnf/OWNERS deleted file mode 100644 index 82a905b178..0000000000 --- a/charts/partners/redhat-test/helmchnf/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmchnf - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmcnftest/OWNERS b/charts/partners/redhat-test/helmcnftest/OWNERS deleted file mode 100644 index 17cd45a74a..0000000000 --- a/charts/partners/redhat-test/helmcnftest/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmcnftest - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmext/OWNERS b/charts/partners/redhat-test/helmext/OWNERS deleted file mode 100644 index 93e8087170..0000000000 --- a/charts/partners/redhat-test/helmext/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helmext - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmext0209/OWNERS b/charts/partners/redhat-test/helmext0209/OWNERS deleted file mode 100644 index 718d68ac5b..0000000000 --- a/charts/partners/redhat-test/helmext0209/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helmext0209 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmext1605/OWNERS b/charts/partners/redhat-test/helmext1605/OWNERS deleted file mode 100644 index 80c0a266d4..0000000000 --- a/charts/partners/redhat-test/helmext1605/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helmext1605 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmext345/OWNERS b/charts/partners/redhat-test/helmext345/OWNERS deleted file mode 100644 index d1eb8394b8..0000000000 --- a/charts/partners/redhat-test/helmext345/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmext345 - shortDescription: vcvffdvdv -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helminternal/OWNERS b/charts/partners/redhat-test/helminternal/OWNERS deleted file mode 100644 index d7d97dd89e..0000000000 --- a/charts/partners/redhat-test/helminternal/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helminternal - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmmprodd/OWNERS b/charts/partners/redhat-test/helmmprodd/OWNERS deleted file mode 100644 index 1acd0f8d36..0000000000 --- a/charts/partners/redhat-test/helmmprodd/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: helmmprodd - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmprod02/OWNERS b/charts/partners/redhat-test/helmprod02/OWNERS deleted file mode 100644 index f2418035af..0000000000 --- a/charts/partners/redhat-test/helmprod02/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmprod02 - shortDescription: null -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmtest1711/OWNERS b/charts/partners/redhat-test/helmtest1711/OWNERS deleted file mode 100644 index e1c4fda9a8..0000000000 --- a/charts/partners/redhat-test/helmtest1711/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmtest1711 - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/helmtest782/OWNERS b/charts/partners/redhat-test/helmtest782/OWNERS deleted file mode 100644 index 39c6ad5ba2..0000000000 --- a/charts/partners/redhat-test/helmtest782/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helmtest782 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/normalchart/OWNERS b/charts/partners/redhat-test/normalchart/OWNERS deleted file mode 100644 index dfc0899461..0000000000 --- a/charts/partners/redhat-test/normalchart/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: normalchart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/prodhelmweb/OWNERS b/charts/partners/redhat-test/prodhelmweb/OWNERS deleted file mode 100644 index 55cb9c9c33..0000000000 --- a/charts/partners/redhat-test/prodhelmweb/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: prodhelmweb - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: Aishwarya-Urne -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/prodwebonlyhelm/OWNERS b/charts/partners/redhat-test/prodwebonlyhelm/OWNERS deleted file mode 100644 index 6fdd8a05ea..0000000000 --- a/charts/partners/redhat-test/prodwebonlyhelm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: prodwebonlyhelm - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/redhathelm/OWNERS b/charts/partners/redhat-test/redhathelm/OWNERS deleted file mode 100644 index 6b8177ac8c..0000000000 --- a/charts/partners/redhat-test/redhathelm/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: redhathelm - shortDescription: test -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: Aishwarya-Urne -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/test-helm-chart-prod/OWNERS b/charts/partners/redhat-test/test-helm-chart-prod/OWNERS deleted file mode 100644 index 077da2e784..0000000000 --- a/charts/partners/redhat-test/test-helm-chart-prod/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart-prod - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/test-project-16/OWNERS b/charts/partners/redhat-test/test-project-16/OWNERS deleted file mode 100644 index d706aca2f3..0000000000 --- a/charts/partners/redhat-test/test-project-16/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-project-16 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/test123/OWNERS b/charts/partners/redhat-test/test123/OWNERS deleted file mode 100644 index 8f7f759b9e..0000000000 --- a/charts/partners/redhat-test/test123/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: test123 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/testhelmp/OWNERS b/charts/partners/redhat-test/testhelmp/OWNERS deleted file mode 100644 index 5e72250134..0000000000 --- a/charts/partners/redhat-test/testhelmp/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testhelmp - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/testhelmrepo/OWNERS b/charts/partners/redhat-test/testhelmrepo/OWNERS deleted file mode 100644 index 14d3a908f0..0000000000 --- a/charts/partners/redhat-test/testhelmrepo/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: testhelmrepo - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/redhat-test/undistributed-helm/OWNERS b/charts/partners/redhat-test/undistributed-helm/OWNERS deleted file mode 100644 index d75cc41229..0000000000 --- a/charts/partners/redhat-test/undistributed-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: undistributed-helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: redhat-test - name: Red Hat, Inc. diff --git a/charts/partners/runai/test/OWNERS b/charts/partners/runai/test/OWNERS deleted file mode 100644 index 9965f99355..0000000000 --- a/charts/partners/runai/test/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: test - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: test -vendor: - label: runai - name: Run:AI diff --git a/charts/partners/samsung/5g-amfmme/OWNERS b/charts/partners/samsung/5g-amfmme/OWNERS deleted file mode 100644 index 7c76722a6d..0000000000 --- a/charts/partners/samsung/5g-amfmme/OWNERS +++ /dev/null @@ -1,15 +0,0 @@ -chart: - name: 5g-amfmme - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: dyang -- githubUsername: elee -- githubUsername: jmyo -- githubUsername: mpark -- githubUsername: slee -- githubUsername: wkim -vendor: - label: samsung - name: Samsung Electronics Co., Ltd. diff --git a/charts/partners/sapiens/idit-runtime-umbrella-chart/OWNERS b/charts/partners/sapiens/idit-runtime-umbrella-chart/OWNERS deleted file mode 100644 index 16e0c29ce5..0000000000 --- a/charts/partners/sapiens/idit-runtime-umbrella-chart/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: idit-runtime-umbrella-chart - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: Digitalpit -vendor: - label: sapiens - name: SAPIENS SOFTWARE SOLUTIONS (IDIT) LTD diff --git a/charts/partners/sapiens/idit-runtime-umbrella/OWNERS b/charts/partners/sapiens/idit-runtime-umbrella/OWNERS deleted file mode 100644 index 8604d2ce6b..0000000000 --- a/charts/partners/sapiens/idit-runtime-umbrella/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: idit-runtime-umbrella - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: Digitalpit -vendor: - label: sapiens - name: SAPIENS SOFTWARE SOLUTIONS (IDIT) LTD diff --git a/charts/partners/sapiens/idit-runtime/1.0.18/report.yaml b/charts/partners/sapiens/idit-runtime/1.0.18/report.yaml deleted file mode 100644 index 124b52ad18..0000000000 --- a/charts/partners/sapiens/idit-runtime/1.0.18/report.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:3324966498429030865 - chart-uri: N/A - digests: - chart: sha256:fab6a4449f61299d573b79079e47fc5c680cb4c5dd4c0721ccf4216ce7816c02 - package: 7b826512e5ffaa235d68a8b036e360461bc748076a12ed544d1988d13339510a - lastCertifiedTimestamp: "2023-09-12T10:00:00.72244+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: 4.10 - 4.13 - webCatalogOnly: true - chart: - name: idit-runtime - home: "" - sources: [] - version: 1.0.18 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - app.idit/version: 19.2.0.2 - charts.openshift.io/name: IDITSuite 18. - kubeversion: '>=1.23.0 <=1.26.3' - dependencies: - - name: mono - version: 1.0.15 - repository: https://harbor.idit.sapiens.com/chartrepo/core - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: apache-active-mq - version: 1.0.10 - repository: https://harbor.idit.sapiens.com/chartrepo/infrastructure - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: sua - version: 1.0.7 - repository: https://harbor.idit.sapiens.com/chartrepo/core - condition: sua.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: couchbase-setup - version: 1.0.5 - repository: https://harbor.idit.sapiens.com/chartrepo/core - condition: sua.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : euaiditinfracr.azurecr.io/certified/active-mq:ubi-master-slave - Image is Red Hat certified : euaiditinfracr.azurecr.io/certified/fluent-bit:2.0.5 - Image is Red Hat certified : euaiditinfracr.azurecr.io/certified/idit-mono:ubilatest - Image is Red Hat certified : euaiditinfracr.azurecr.io/certified/test-connection:ubilatest - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - diff --git a/charts/partners/sapiens/idit-runtime/OWNERS b/charts/partners/sapiens/idit-runtime/OWNERS deleted file mode 100644 index 674381c345..0000000000 --- a/charts/partners/sapiens/idit-runtime/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: idit-runtime - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: Digitalpit -vendor: - label: sapiens - name: SAPIENS SOFTWARE SOLUTIONS (IDIT) LTD diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.0.0/pubsubplus-openshift-dev-3.0.0.tgz b/charts/partners/solace/pubsubplus-openshift-dev/3.0.0/pubsubplus-openshift-dev-3.0.0.tgz deleted file mode 100644 index 94b78136bd..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-dev/3.0.0/pubsubplus-openshift-dev-3.0.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/pubsubplus-openshift-dev-3.1.0.tgz b/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/pubsubplus-openshift-dev-3.1.0.tgz deleted file mode 100644 index 6640b0376b..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/pubsubplus-openshift-dev-3.1.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/report.yaml b/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/report.yaml deleted file mode 100644 index af6304f875..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-dev/3.1.0/report.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/pubsubplus-openshift-dev/3.1.0/pubsubplus-openshift-dev-3.1.0.tgz - digests: - chart: sha256:b0afa5fcaafbd7c909b60d49e413d40075c46ed63002a63de7dea7e76be2327c - package: b5b328607cf14414fde6b9ad1903b3d891c8aef619e4d2bbe2c6b8199afa9306 - lastCertifiedTimestamp: "2022-05-12T12:38:15.457807+00:00" - testedOpenShiftVersion: 4.10.6 - supportedOpenShiftVersions: '>=4.1' - chart: - name: pubsubplus-openshift-dev - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart - version: 3.1.0 - description: Deploy a minimum footprint single-node non-HA Solace PubSub+ Event Broker Software on OpenShift for development purposes - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker for Developers - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/pubsubplus-openshift-dev-3.3.1.tgz b/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/pubsubplus-openshift-dev-3.3.1.tgz deleted file mode 100644 index 5c79d845a8..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/pubsubplus-openshift-dev-3.3.1.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/report.yaml b/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/report.yaml deleted file mode 100644 index 8acf77dc5b..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-dev/3.3.1/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:3047719831612447623 - chart-uri: /charts/pubsubplus-openshift-dev/3.3.1/pubsubplus-openshift-dev-3.3.1.tgz - digests: - chart: sha256:62d193b32a48ace7c97a6fe5302948986f6492324d9fe722e52bc470d5767293 - package: 6cd39014c6a56390aec7680f777874a488eb75b947e94091fb5b2e8f72c236cf - lastCertifiedTimestamp: "2023-07-14T22:37:16.281755+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift-dev - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.1 - description: Deploy a minimum footprint single-node non-HA Solace PubSub+ Event Broker Software on OpenShift for development purposes - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker for Developers - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/pubsubplus-openshift-dev-3.3.2.tgz b/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/pubsubplus-openshift-dev-3.3.2.tgz deleted file mode 100644 index c8f0aea737..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/pubsubplus-openshift-dev-3.3.2.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/report.yaml b/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/report.yaml deleted file mode 100644 index d35cf95700..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-dev/3.3.2/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:3128725942284309562 - chart-uri: /charts/pubsubplus-openshift-dev/3.3.2/pubsubplus-openshift-dev-3.3.2.tgz - digests: - chart: sha256:dd7742c2a2f7475a1029d322928e336685f99b4d508b9434ee999af203d5fdd4 - package: 482e5e8f13e355180ae8d725ed6eecddaf7facbbf6faa5ec45c92ff874d34bf7 - lastCertifiedTimestamp: "2023-08-14T19:23:25.265065+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift-dev - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.2 - description: Deploy a minimum footprint single-node non-HA Solace PubSub+ Event Broker Software on OpenShift for development purposes - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker for Developers - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/solace/pubsubplus-openshift-dev/OWNERS b/charts/partners/solace/pubsubplus-openshift-dev/OWNERS deleted file mode 100644 index 80ddc70342..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-dev/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -chart: - name: pubsubplus-openshift-dev - shortDescription: Deploy a single-node non-HA Solace PubSub+ Event Broker Software - on OpenShift for development purposes -publicPgpKey: null -users: -- githubUsername: bczoma -- githubUsername: juddrobertson -- githubUsername: PhilippeKhalife -- githubUsername: paul-kondrat -- githubUsername: RagnarPaulson -vendor: - label: solace - name: Solace Corporation diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/pubsubplus-openshift-ha-3.0.0.tgz b/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/pubsubplus-openshift-ha-3.0.0.tgz deleted file mode 100644 index 3a2300af5a..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/pubsubplus-openshift-ha-3.0.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/report.yaml b/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/report.yaml deleted file mode 100644 index c0bb1bbf9f..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-ha/3.0.0/report.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/pubsubplus-openshift-ha-3.0.0.tgz - digests: - chart: sha256:00544736dcad0552b0adb2fa72275c9fd04783464b7c072ae35332ffc456d60f - package: 077c18cbe315616a7f12dcd656fd6a1b48671f973cdd47b69fa4a7a72975b187 - lastCertifiedTimestamp: "2022-02-07T12:23:57.040776+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.1' - chart: - name: pubsubplus-openshift-ha - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart - version: 3.0.0 - description: Deploy an HA redundancy group of Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/pubsubplus-openshift-ha-3.1.0.tgz b/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/pubsubplus-openshift-ha-3.1.0.tgz deleted file mode 100644 index d9696f4c57..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/pubsubplus-openshift-ha-3.1.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/report.yaml b/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/report.yaml deleted file mode 100644 index b2844da2ec..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-ha/3.1.0/report.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/pubsubplus-openshift-ha/3.1.0/pubsubplus-openshift-ha-3.1.0.tgz - digests: - chart: sha256:cc470f47da74ba72916be7237d2afae0838787985bd60ad0e7f8b4463b962e4f - package: 3cd82925efcd7a7543dafe2cb5c83f63e51bb50462ab8b7268a268102c72a8f2 - lastCertifiedTimestamp: "2022-05-12T16:31:14.529756+00:00" - testedOpenShiftVersion: "4.10" - supportedOpenShiftVersions: '>=4.1' - providerControlledDelivery: false - chart: - name: pubsubplus-openshift-ha - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart - version: 3.1.0 - description: Deploy an HA redundancy group of Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/pubsubplus-openshift-ha-3.3.1.tgz b/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/pubsubplus-openshift-ha-3.3.1.tgz deleted file mode 100644 index 76df97493c..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/pubsubplus-openshift-ha-3.3.1.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/report.yaml b/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/report.yaml deleted file mode 100644 index 49bfe82369..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-ha/3.3.1/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:4047394929691266010 - chart-uri: /charts/pubsubplus-openshift-ha/3.3.1/pubsubplus-openshift-ha-3.3.1.tgz - digests: - chart: sha256:c3a8e821594e6a8b86f12a7bf1f1ea3dfba5137eb6fa12e47ddd9eac994b9934 - package: 992c5410c81937e56732c792892cdbfab95533689e9343871e1a3e9641998a90 - lastCertifiedTimestamp: "2023-07-14T22:52:19.175827+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift-ha - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.1 - description: Deploy an HA redundancy group of Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/pubsubplus-openshift-ha-3.3.2.tgz b/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/pubsubplus-openshift-ha-3.3.2.tgz deleted file mode 100644 index 16f1687938..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/pubsubplus-openshift-ha-3.3.2.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/report.yaml b/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/report.yaml deleted file mode 100644 index 585d82b996..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-ha/3.3.2/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:10654093941371598741 - chart-uri: /charts/pubsubplus-openshift-ha/3.3.2/pubsubplus-openshift-ha-3.3.2.tgz - digests: - chart: sha256:129dd74918d4507afb1b6e0871ee54e4ca47588d8f92484fada5adcc52620d2f - package: 0c8d5f8293a6d8faf4d2f73e7e80867871bfc99e92360740b4c161fc77c2e3cb - lastCertifiedTimestamp: "2023-08-14T20:23:53.492458+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift-ha - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.2 - description: Deploy an HA redundancy group of Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - diff --git a/charts/partners/solace/pubsubplus-openshift-ha/OWNERS b/charts/partners/solace/pubsubplus-openshift-ha/OWNERS deleted file mode 100644 index 448e543dc9..0000000000 --- a/charts/partners/solace/pubsubplus-openshift-ha/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -chart: - name: pubsubplus-openshift-ha - shortDescription: Deploy an HA redundancy group of Solace PubSub+ Event Broker Software - on OpenShift -publicPgpKey: null -users: -- githubUsername: bczoma -- githubUsername: juddrobertson -- githubUsername: PhilippeKhalife -- githubUsername: paul-kondrat -- githubUsername: RagnarPaulson -vendor: - label: solace - name: Solace Corporation diff --git a/charts/partners/solace/pubsubplus-openshift/3.0.0/pubsubplus-openshift-3.0.0.tgz b/charts/partners/solace/pubsubplus-openshift/3.0.0/pubsubplus-openshift-3.0.0.tgz deleted file mode 100644 index 0e7dad6b51..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift/3.0.0/pubsubplus-openshift-3.0.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift/3.1.0/pubsubplus-openshift-3.1.0.tgz b/charts/partners/solace/pubsubplus-openshift/3.1.0/pubsubplus-openshift-3.1.0.tgz deleted file mode 100644 index 186830aec2..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift/3.1.0/pubsubplus-openshift-3.1.0.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift/3.1.0/report.yaml b/charts/partners/solace/pubsubplus-openshift/3.1.0/report.yaml deleted file mode 100644 index 30ddea224c..0000000000 --- a/charts/partners/solace/pubsubplus-openshift/3.1.0/report.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/pubsubplus-openshift/3.1.0/pubsubplus-openshift-3.1.0.tgz - digests: - chart: sha256:4f3bbe183b46ead61e308240d6f7db06295f040d4f41c5ade8eacfeb4774ce87 - package: 349d5abd23672825c62e1e68bb9dab8f759e07521b5fec956bd880d3e4c21bb8 - lastCertifiedTimestamp: "2022-05-12T12:45:00.973941+00:00" - testedOpenShiftVersion: 4.10.6 - supportedOpenShiftVersions: '>=4.1' - chart: - name: pubsubplus-openshift - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart - version: 3.1.0 - description: Deploy a single-node non-HA Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, non-HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - diff --git a/charts/partners/solace/pubsubplus-openshift/3.3.1/pubsubplus-openshift-3.3.1.tgz b/charts/partners/solace/pubsubplus-openshift/3.3.1/pubsubplus-openshift-3.3.1.tgz deleted file mode 100644 index 3973d5d2da..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift/3.3.1/pubsubplus-openshift-3.3.1.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift/3.3.1/report.yaml b/charts/partners/solace/pubsubplus-openshift/3.3.1/report.yaml deleted file mode 100644 index f718ce3b91..0000000000 --- a/charts/partners/solace/pubsubplus-openshift/3.3.1/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:6731590422410308378 - chart-uri: /charts/pubsubplus-openshift/3.3.1/pubsubplus-openshift-3.3.1.tgz - digests: - chart: sha256:986816ed7535a9e004944eb90e9e16b32626d3c114b9c9f96e028c4beeca55e5 - package: 2ccb0c7a727e71d420fc0deaa00f16fede3d1712ca35290ab242c026a7b1526e - lastCertifiedTimestamp: "2023-07-14T22:35:59.640808+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.1 - description: Deploy a single-node non-HA Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, non-HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - diff --git a/charts/partners/solace/pubsubplus-openshift/3.3.2/pubsubplus-openshift-3.3.2.tgz b/charts/partners/solace/pubsubplus-openshift/3.3.2/pubsubplus-openshift-3.3.2.tgz deleted file mode 100644 index ea2ba5b9a0..0000000000 Binary files a/charts/partners/solace/pubsubplus-openshift/3.3.2/pubsubplus-openshift-3.3.2.tgz and /dev/null differ diff --git a/charts/partners/solace/pubsubplus-openshift/3.3.2/report.yaml b/charts/partners/solace/pubsubplus-openshift/3.3.2/report.yaml deleted file mode 100644 index b274762ce4..0000000000 --- a/charts/partners/solace/pubsubplus-openshift/3.3.2/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:1348594914112270081 - chart-uri: /charts/pubsubplus-openshift/3.3.2/pubsubplus-openshift-3.3.2.tgz - digests: - chart: sha256:a801805c57b3a8a726c41b616b056c18c5982ffe7d25ac844adc34db63a5d177 - package: 5aed1044cf6a5bef1e0d0e47d16180da2188f689be832818dbddbdb77c6806a5 - lastCertifiedTimestamp: "2023-08-14T19:22:08.34738+00:00" - testedOpenShiftVersion: "4.13" - supportedOpenShiftVersions: '>=4.1' - webCatalogOnly: false - chart: - name: pubsubplus-openshift - home: https://dev.solace.com - sources: - - https://github.com/SolaceProducts/pubsubplus-kubernetes-helm-quickstart - version: 3.3.2 - description: Deploy a single-node non-HA Solace PubSub+ Event Broker Software on OpenShift - keywords: - - solace - - pubsubplus - - pubsub+ - - pubsub - - messaging - - advanced event broker - - event broker - - event mesh - - event streaming - - data streaming - - event integration - - middleware - maintainers: - - name: Solace Community Forum - email: "" - url: https://solace.community/ - - name: Solace Support - email: "" - url: https://solace.com/support/ - icon: https://solaceproducts.github.io/pubsubplus-kubernetes-helm-quickstart/images/PubSubPlus.png - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: - charts.openshift.io/name: PubSub+ Event Broker, non-HA - kubeversion: '>= 1.10.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/solace/pubsubplus-standard:latest' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - diff --git a/charts/partners/solace/pubsubplus-openshift/OWNERS b/charts/partners/solace/pubsubplus-openshift/OWNERS deleted file mode 100644 index 5773667de7..0000000000 --- a/charts/partners/solace/pubsubplus-openshift/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -chart: - name: pubsubplus-openshift - shortDescription: Deploy a single-node non-HA Solace PubSub+ Event Broker Software - on OpenShift -publicPgpKey: null -users: -- githubUsername: bczoma -- githubUsername: juddrobertson -- githubUsername: PhilippeKhalife -- githubUsername: paul-kondrat -- githubUsername: RagnarPaulson -vendor: - label: solace - name: Solace Corporation diff --git a/charts/partners/solo-io/gloo-ee-helm/OWNERS b/charts/partners/solo-io/gloo-ee-helm/OWNERS deleted file mode 100644 index f54ed263d2..0000000000 --- a/charts/partners/solo-io/gloo-ee-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: gloo-ee-helm - shortDescription: Gloo Edge Enterprise Helm Chart -publicPgpKey: null -users: -- githubUsername: djannot -vendor: - label: solo-io - name: Solo.io diff --git a/charts/partners/solo-io/gloo-mesh-enterprise/OWNERS b/charts/partners/solo-io/gloo-mesh-enterprise/OWNERS deleted file mode 100644 index e75b07dfbd..0000000000 --- a/charts/partners/solo-io/gloo-mesh-enterprise/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: gloo-mesh-enterprise - shortDescription: Gloo Mesh Enterprise Helm Chart -publicPgpKey: null -users: -- githubUsername: djannot -vendor: - label: solo-io - name: Solo.io diff --git a/charts/partners/srsran/srsran-5g/OWNERS b/charts/partners/srsran/srsran-5g/OWNERS deleted file mode 100644 index 2a12583a51..0000000000 --- a/charts/partners/srsran/srsran-5g/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: srsran-5g - shortDescription: srsRAN is an open-source 4G and 5G software radio suite developed - by Software Radio Systems (SRS) -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: ninjab3s -vendor: - label: srsran - name: SOFTWARE RADIO SYSTEMS LIMITED diff --git a/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/0.1.0/report.yaml b/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/0.1.0/report.yaml deleted file mode 100644 index cbfd608e25..0000000000 --- a/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/0.1.0/report.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5260882247318741426 - chart-uri: N/A - digests: - chart: sha256:b8f84b535f8c2ffae810fde86685b7b18c38acce57cf3f8cdb0f6a66eb63cc68 - package: 2f4bb8e7f997d4d126c217691dea3ecc3323a68f7e4d97c97df33d51b1b8adb4 - lastCertifiedTimestamp: "2023-09-13T18:22:08.477333+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.12' - webCatalogOnly: true - chart: - name: xcipio-helm-ccpag-0-1-0 - home: www.ss8.com - sources: [] - version: 0.1.0 - description: A Helm chart to deploy SS8 CCPAG micro-services in Kubernetes. SS8 CCPAG is scalable Mediation Communication Content (CC) aggregator function from POIs toward MDF3. - keywords: - - 5g - - mediation - - ccpag - maintainers: - - name: SS8 Networks Inc. - email: "" - url: https://www.ss8.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.1.1.0 - deprecated: false - annotations: - charts.openshift.io/name: xcipio-helm-ccpag - kubeversion: '>= 1.25.0-0' - dependencies: - - name: ss8-utils - version: 0.1.0 - repository: file://../ss8-utils/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/ss8inc/ccpag@sha256:d068119306b95975432b1b2d4e9c7e53f47683571b80c30d7495be5724c78b72 - Image is Red Hat certified : registry.connect.redhat.com/calyptia/fluent-bit@sha256:dc57292fbd061d5fd97c7cccb801b096f78ec87f31c55147ff741b760ee23dff - diff --git a/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/OWNERS b/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/OWNERS deleted file mode 100644 index b926169def..0000000000 --- a/charts/partners/ss8inc/xcipio-helm-ccpag-0-1-0/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: xcipio-helm-ccpag-0-1-0 - shortDescription: Helm Chart For SS8 CCPAG -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ss8inc -vendor: - label: ss8inc - name: SS8 Networks, Inc. diff --git a/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/0.1.0/report.yaml b/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/0.1.0/report.yaml deleted file mode 100644 index 8de8a8bb5a..0000000000 --- a/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/0.1.0/report.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:8954322319593679246 - chart-uri: N/A - digests: - chart: sha256:0e6f5dc3a351a25ea1162bd9a45688f3278d02322c3943f69cd4c9e6a567d340 - package: f384c7284f042324c1ba24828f1f69f229485eda05f8380b1f018aab25a56bab - lastCertifiedTimestamp: "2023-09-13T19:21:58.456727+00:00" - testedOpenShiftVersion: "4.12" - supportedOpenShiftVersions: '>=4.12' - webCatalogOnly: true - chart: - name: xcipio-helm-mdf3-0-1-0 - home: www.ss8.com - sources: [] - version: 0.1.0 - description: A Helm chart to deploy SS8 MDF3 micro-services in Kubernetes. SS8 MDF3 is scalable Mediation Function Communication Content (CC) processing function. - keywords: - - 5g - - mediation - - mdf3 - - loadbalancer - - erkupfx3 - - ccpc - maintainers: - - name: SS8 Networks Inc. - email: "" - url: https://www.ss8.com/ - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 9.1.1.0 - deprecated: false - annotations: - charts.openshift.io/name: xcipio-helm-mdf3 - kubeversion: '>= 1.25.0-0' - dependencies: - - name: ss8-utils - version: 0.1.0 - repository: file://../ss8-utils/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : quay.io/ss8inc/xcipio-img-5gcmdf3@sha256:2c83f5b1369af72ad937b16bd788dfa09bbbfc8f150fa03c66e3e937d217ebc7 - Image is Red Hat certified : registry.connect.redhat.com/calyptia/fluent-bit@sha256:dc57292fbd061d5fd97c7cccb801b096f78ec87f31c55147ff741b760ee23dff - diff --git a/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/OWNERS b/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/OWNERS deleted file mode 100644 index 3d893829bd..0000000000 --- a/charts/partners/ss8inc/xcipio-helm-mdf3-0-1-0/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: xcipio-helm-mdf3-0-1-0 - shortDescription: Helm Chart For SS8 MDF3 -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: ss8inc -vendor: - label: ss8inc - name: SS8 Networks, Inc. diff --git a/charts/partners/strata-identity/orchestrator/OWNERS b/charts/partners/strata-identity/orchestrator/OWNERS deleted file mode 100644 index 5e5d314b68..0000000000 --- a/charts/partners/strata-identity/orchestrator/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: orchestrator - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gramidt -vendor: - label: strata-identity - name: Strata Identity, Inc. diff --git a/charts/partners/streamnative/sn-platform/OWNERS b/charts/partners/streamnative/sn-platform/OWNERS deleted file mode 100644 index 4c379b4bd2..0000000000 --- a/charts/partners/streamnative/sn-platform/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: sn-platform - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: streamnative - name: Streamnative, Inc. diff --git a/charts/partners/streebo/streebo-chatbot/OWNERS b/charts/partners/streebo/streebo-chatbot/OWNERS deleted file mode 100644 index 9f428459d7..0000000000 --- a/charts/partners/streebo/streebo-chatbot/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: streebo-chatbot - shortDescription: Helm chart for Streebo Chatbot Builder. -publicPgpKey: null -users: -- githubUsername: abrarstreebo -vendor: - label: streebo - name: Streebo Inc. diff --git a/charts/partners/taylor-test-company/chart-test/OWNERS b/charts/partners/taylor-test-company/chart-test/OWNERS deleted file mode 100644 index fdc7a8c298..0000000000 --- a/charts/partners/taylor-test-company/chart-test/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chart-test - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: taylor-test-company - name: Taylor's Test Company diff --git a/charts/partners/telenity/canvas-alarmutils/OWNERS b/charts/partners/telenity/canvas-alarmutils/OWNERS deleted file mode 100644 index 0c1bd29566..0000000000 --- a/charts/partners/telenity/canvas-alarmutils/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-alarmutils - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-dgw/OWNERS b/charts/partners/telenity/canvas-dgw/OWNERS deleted file mode 100644 index e673fc08ca..0000000000 --- a/charts/partners/telenity/canvas-dgw/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-dgw - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-dmid/3.0.1/canvas-dmid-3.0.1.tgz b/charts/partners/telenity/canvas-dmid/3.0.1/canvas-dmid-3.0.1.tgz deleted file mode 100644 index 9b6a072bb9..0000000000 Binary files a/charts/partners/telenity/canvas-dmid/3.0.1/canvas-dmid-3.0.1.tgz and /dev/null differ diff --git a/charts/partners/telenity/canvas-dmid/OWNERS b/charts/partners/telenity/canvas-dmid/OWNERS deleted file mode 100644 index 7839c6ccdd..0000000000 --- a/charts/partners/telenity/canvas-dmid/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-dmid - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-flexiblelicensingserver/OWNERS b/charts/partners/telenity/canvas-flexiblelicensingserver/OWNERS deleted file mode 100644 index 75332ae1c7..0000000000 --- a/charts/partners/telenity/canvas-flexiblelicensingserver/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-flexiblelicensingserver - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-ipsmgw/OWNERS b/charts/partners/telenity/canvas-ipsmgw/OWNERS deleted file mode 100644 index 797de315dd..0000000000 --- a/charts/partners/telenity/canvas-ipsmgw/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-ipsmgw - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-jss7sgw/OWNERS b/charts/partners/telenity/canvas-jss7sgw/OWNERS deleted file mode 100644 index daea074851..0000000000 --- a/charts/partners/telenity/canvas-jss7sgw/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-jss7sgw - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-oamportal/3.0.24-SNAPSHOT/canvas-oamportal-3.0.24-SNAPSHOT.tgz b/charts/partners/telenity/canvas-oamportal/3.0.24-SNAPSHOT/canvas-oamportal-3.0.24-SNAPSHOT.tgz deleted file mode 100644 index 4d7f04b269..0000000000 Binary files a/charts/partners/telenity/canvas-oamportal/3.0.24-SNAPSHOT/canvas-oamportal-3.0.24-SNAPSHOT.tgz and /dev/null differ diff --git a/charts/partners/telenity/canvas-oamportal/OWNERS b/charts/partners/telenity/canvas-oamportal/OWNERS deleted file mode 100644 index 37797af5fd..0000000000 --- a/charts/partners/telenity/canvas-oamportal/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-oamportal - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-platform/3.1.5/canvas-platform-3.1.5.tgz b/charts/partners/telenity/canvas-platform/3.1.5/canvas-platform-3.1.5.tgz deleted file mode 100644 index fd9cc7a312..0000000000 Binary files a/charts/partners/telenity/canvas-platform/3.1.5/canvas-platform-3.1.5.tgz and /dev/null differ diff --git a/charts/partners/telenity/canvas-platform/3.1.5/report.yaml b/charts/partners/telenity/canvas-platform/3.1.5/report.yaml deleted file mode 100644 index b80b715321..0000000000 --- a/charts/partners/telenity/canvas-platform/3.1.5/report.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:17579788661490364015 - chart-uri: canvas-platform-3.1.5.tgz - digests: - chart: sha256:834a104fd3250558a8d838001f54fc398e6e72fda9e282342448738ae849264c - package: acead6e0ab12f430aa463b6a31d7f48ebe9cbd825d9f30ce18a4bd626186b4c0 - lastCertifiedTimestamp: "2023-05-16T17:48:34.588294-04:00" - testedOpenShiftVersion: "4.8" - supportedOpenShiftVersions: '>=4.8' - webCatalogOnly: false - chart: - name: canvas-platform - home: "" - sources: [] - version: 3.1.5 - description: Canvas Platform Helm Chart - keywords: [] - maintainers: - - name: Telenity - email: info@telenity.com - url: https://www.telenity.com - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 3.0.0 - deprecated: false - annotations: - charts.openshift.io/name: Canvas Platform Helm Chart - charts.openshift.io/provider: Telenity INC. - kubeversion: '>=1.21.0' - dependencies: - - name: canvas-dmid - version: ^3 - repository: https://nexus.telenity.com/repository/helm-telenity/ - condition: dmid.enabled - tags: [] - enabled: false - importvalues: [] - alias: dmid - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : docker.io/gurolakman/dmid:1.0.9 - Image is Red Hat certified : docker.io/gurolakman/platform:3.1 - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - diff --git a/charts/partners/telenity/canvas-platform/OWNERS b/charts/partners/telenity/canvas-platform/OWNERS deleted file mode 100644 index 119278fcc0..0000000000 --- a/charts/partners/telenity/canvas-platform/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-platform - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-smartalert/OWNERS b/charts/partners/telenity/canvas-smartalert/OWNERS deleted file mode 100644 index e3d0971ec1..0000000000 --- a/charts/partners/telenity/canvas-smartalert/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-smartalert - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-smsc/OWNERS b/charts/partners/telenity/canvas-smsc/OWNERS deleted file mode 100644 index abf73b5c84..0000000000 --- a/charts/partners/telenity/canvas-smsc/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-smsc - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurol.akman@telenity.com -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-smsoneapigw/OWNERS b/charts/partners/telenity/canvas-smsoneapigw/OWNERS deleted file mode 100644 index 80408bf75c..0000000000 --- a/charts/partners/telenity/canvas-smsoneapigw/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-smsoneapigw - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-tsn/OWNERS b/charts/partners/telenity/canvas-tsn/OWNERS deleted file mode 100644 index acf3833af9..0000000000 --- a/charts/partners/telenity/canvas-tsn/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-tsn - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/canvas-tsnmgfs/OWNERS b/charts/partners/telenity/canvas-tsnmgfs/OWNERS deleted file mode 100644 index 2be05fbd1e..0000000000 --- a/charts/partners/telenity/canvas-tsnmgfs/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: canvas-tsnmgfs - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/dmid/OWNERS b/charts/partners/telenity/dmid/OWNERS deleted file mode 100644 index 59f838922a..0000000000 --- a/charts/partners/telenity/dmid/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: dmid - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/platform/OWNERS b/charts/partners/telenity/platform/OWNERS deleted file mode 100644 index b7edec1bf5..0000000000 --- a/charts/partners/telenity/platform/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: platform - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smartalert/OWNERS b/charts/partners/telenity/smartalert/OWNERS deleted file mode 100644 index dde5b3796b..0000000000 --- a/charts/partners/telenity/smartalert/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: smartalert - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smsc/OWNERS b/charts/partners/telenity/smsc/OWNERS deleted file mode 100644 index 0db2bccb19..0000000000 --- a/charts/partners/telenity/smsc/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: smsc - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: gurolakman -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smsf-configuration/OWNERS b/charts/partners/telenity/smsf-configuration/OWNERS deleted file mode 100644 index b69d426534..0000000000 --- a/charts/partners/telenity/smsf-configuration/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: smsf-configuration - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smsf-dispatcher/OWNERS b/charts/partners/telenity/smsf-dispatcher/OWNERS deleted file mode 100644 index 39605b8f61..0000000000 --- a/charts/partners/telenity/smsf-dispatcher/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: smsf-dispatcher - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smsf-momt/OWNERS b/charts/partners/telenity/smsf-momt/OWNERS deleted file mode 100644 index 341298023f..0000000000 --- a/charts/partners/telenity/smsf-momt/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: smsf-momt - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/smsf-registration/OWNERS b/charts/partners/telenity/smsf-registration/OWNERS deleted file mode 100644 index 69e5f2512c..0000000000 --- a/charts/partners/telenity/smsf-registration/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: smsf-registration - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/ussigw-configuration/OWNERS b/charts/partners/telenity/ussigw-configuration/OWNERS deleted file mode 100644 index 50682de45a..0000000000 --- a/charts/partners/telenity/ussigw-configuration/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ussigw-configuration - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/telenity/ussigw-core/OWNERS b/charts/partners/telenity/ussigw-core/OWNERS deleted file mode 100644 index 036e63a0db..0000000000 --- a/charts/partners/telenity/ussigw-core/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: ussigw-core - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: telenity - name: Telenity Iletisim Sistemleri Sa diff --git a/charts/partners/test-prod-0905/test-helm/OWNERS b/charts/partners/test-prod-0905/test-helm/OWNERS deleted file mode 100644 index 09c90c64c2..0000000000 --- a/charts/partners/test-prod-0905/test-helm/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: test-prod-0905 - name: new-user-prod-0905 diff --git a/charts/partners/test/chartname-cnf/OWNERS b/charts/partners/test/chartname-cnf/OWNERS deleted file mode 100644 index 04915f00cf..0000000000 --- a/charts/partners/test/chartname-cnf/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: chartname-cnf - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: test - name: Oceanic diff --git a/charts/partners/test467/dvdv/OWNERS b/charts/partners/test467/dvdv/OWNERS deleted file mode 100644 index e4bdca9e1f..0000000000 --- a/charts/partners/test467/dvdv/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: dvdv - shortDescription: null -publicPgpKey: null -users: -- githubUsername: rnargotr -vendor: - label: test467 - name: rhn-support-test1710922225 diff --git a/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-external/OWNERS b/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-external/OWNERS deleted file mode 100644 index b1f7e327f9..0000000000 --- a/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-external/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart-external - shortDescription: TEST -publicPgpKey: dGVzdA== -users: -- githubUsername: sawalgiriraj -vendor: - label: test61bc576f84112e60431226fd - name: A AND COMPANY diff --git a/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-internal/OWNERS b/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-internal/OWNERS deleted file mode 100644 index 443cf1afc1..0000000000 --- a/charts/partners/test61bc576f84112e60431226fd/test-helm-chart-internal/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: test-helm-chart-internal - shortDescription: test -publicPgpKey: dGVzdA== -users: -- githubUsername: sawalgiriraj -vendor: - label: test61bc576f84112e60431226fd - name: A AND COMPANY diff --git a/charts/partners/testcontainber/helm-test-1/OWNERS b/charts/partners/testcontainber/helm-test-1/OWNERS deleted file mode 100644 index 5d3cea8814..0000000000 --- a/charts/partners/testcontainber/helm-test-1/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: helm-test-1 - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: [] -vendor: - label: testcontainber - name: prod-sub-6 diff --git a/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/0.1.8/report.yaml b/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/0.1.8/report.yaml deleted file mode 100644 index ca5f9e4695..0000000000 --- a/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/0.1.8/report.yaml +++ /dev/null @@ -1,108 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:14900475762016495688 - chart-uri: N/A - digests: - chart: sha256:19b9c77e0e1d74314c5f847f1079e608182e8f621279e8c373b1024b18aa9b44 - package: 0e8b0937e1e2089546f647bdfe1186b3b60fb01e5fc0321cc80c3f9e9dd0a26e - lastCertifiedTimestamp: "2022-11-16T16:24:03.450919+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: cdr-core-ehrbase-enterprise - home: "" - sources: [] - version: 0.1.8 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.8 - deprecated: false - annotations: - charts.openshift.io/name: EHRBase Enterprise - charts.openshift.io/provider: vitagroup AG - kubeversion: ^1.20.0 - dependencies: - - name: postgresql-ha - version: 9.4.1 - repository: https://charts.bitnami.com/bitnami - condition: postgresql-ha.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - - name: yugabyte - version: 2.14.1 - repository: https://charts.yugabyte.com - condition: yugabyte.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: Images are Red Hat certified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is signed : Signature verification skipped, a public key was not specified' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - diff --git a/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/OWNERS b/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/OWNERS deleted file mode 100644 index 6bdf6556ec..0000000000 --- a/charts/partners/vitagroupag/cdr-core-ehrbase-enterprise/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cdr-core-ehrbase-enterprise - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: bjoernpauli -vendor: - label: vitagroupag - name: Vitagroup AG diff --git a/charts/partners/vitagroupag/cdr-core-ehrbase/OWNERS b/charts/partners/vitagroupag/cdr-core-ehrbase/OWNERS deleted file mode 100644 index 80e7cbb466..0000000000 --- a/charts/partners/vitagroupag/cdr-core-ehrbase/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cdr-core-ehrbase - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: bjoernpauli -vendor: - label: vitagroupag - name: Vitagroup AG diff --git a/charts/partners/vitagroupag/ehrbase/0.1.12/report.yaml b/charts/partners/vitagroupag/ehrbase/0.1.12/report.yaml deleted file mode 100644 index 6169679bb4..0000000000 --- a/charts/partners/vitagroupag/ehrbase/0.1.12/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:13625605973800562018 - chart-uri: N/A - digests: - chart: sha256:556215013f4816d6ec8ee3233ff65944d7bebc4b1e3b0346eac2727408d57289 - package: 7e52cee0d93ab7df5fb01394db892025eb159771e9ac4bf82e26054ed89c7a94 - lastCertifiedTimestamp: "2023-01-11T15:32:49.944127+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: true - chart: - name: ehrbase - home: "" - sources: [] - version: 0.1.12 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.12 - deprecated: false - annotations: - charts.openshift.io/name: EHRBase Enterprise - kubeversion: ^1.20.0 - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.access.redhat.com/ubi8-minimal:latest - Image is Red Hat certified : registry.connect.redhat.com/vitagroupag/ehrbase:0.22.0-feat-PMK-40_RedHat-OpenShift-Compliance-8 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - diff --git a/charts/partners/vitagroupag/ehrbase/OWNERS b/charts/partners/vitagroupag/ehrbase/OWNERS deleted file mode 100644 index abc8df2dc7..0000000000 --- a/charts/partners/vitagroupag/ehrbase/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ehrbase - shortDescription: null -providerDelivery: true -publicPgpKey: null -users: -- githubUsername: bjoernpauli -vendor: - label: vitagroupag - name: Vitagroup AG diff --git a/charts/partners/vitagroupag/hip-cdr-core/OWNERS b/charts/partners/vitagroupag/hip-cdr-core/OWNERS deleted file mode 100644 index 06f8dc68c9..0000000000 --- a/charts/partners/vitagroupag/hip-cdr-core/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: hip-cdr-core - shortDescription: null -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: bjoernpauli -vendor: - label: vitagroupag - name: Vitagroup AG diff --git a/charts/partners/wavefronthq/wavefront/1.10.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.10.0/report.yaml deleted file mode 100644 index 90e8fe1ee3..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.10.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.10.0.tgz - digests: - chart: sha256:6c22e0057e2c106e0b7fe9751470560a511e299490b3316ea14362b2d8621e02 - package: d8be7c8f37a158cdaa6f7e328931834ba723e58aaedfdc169ece3bcd8b0fc295 - lastCertifiedTimestamp: "2022-03-16T21:13:23.960387+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.10.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.10.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl diff --git a/charts/partners/wavefronthq/wavefront/1.10.0/wavefront-1.10.0.tgz b/charts/partners/wavefronthq/wavefront/1.10.0/wavefront-1.10.0.tgz deleted file mode 100644 index c5254c4f72..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.10.0/wavefront-1.10.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.10.1/report.yaml b/charts/partners/wavefronthq/wavefront/1.10.1/report.yaml deleted file mode 100644 index 5b45b43758..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.10.1/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.10.1.tgz - digests: - chart: sha256:94689d8776682082c0c12baf1d598a1732187f0647a1410fbcd8cd3ff1d52272 - package: 799d16100087d8d42ba92d059322a2ee5691b6a2def22992c34fb138384046b2 - lastCertifiedTimestamp: "2022-03-28T22:30:55.899693+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.10.1 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.10.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.10.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.0 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/partners/wavefronthq/wavefront/1.10.1/wavefront-1.10.1.tgz b/charts/partners/wavefronthq/wavefront/1.10.1/wavefront-1.10.1.tgz deleted file mode 100644 index 39f16caceb..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.10.1/wavefront-1.10.1.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.10.2/report.yaml b/charts/partners/wavefronthq/wavefront/1.10.2/report.yaml deleted file mode 100644 index 19c0a7e4a3..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.10.2/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.10.2.tgz - digests: - chart: sha256:991758e9a00dcd6d99915fa47875153536deb80be296ec9b6c57b171912c31b2 - package: cdd1501e7a1b5bf5115a2c4510e20e72ddb74885f37f439281bdbb2935cb8d51 - lastCertifiedTimestamp: "2022-03-30T20:12:38.66561+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.10.2 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.10.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.10.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.0 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful diff --git a/charts/partners/wavefronthq/wavefront/1.10.2/wavefront-1.10.2.tgz b/charts/partners/wavefronthq/wavefront/1.10.2/wavefront-1.10.2.tgz deleted file mode 100644 index 9fe7b9b11b..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.10.2/wavefront-1.10.2.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.11.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.11.0/report.yaml deleted file mode 100644 index a394bfa34b..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.11.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.11.0.tgz - digests: - chart: sha256:1c34d13550dd3d1679c8e8b7e478505447bdaf9a346b54301adc7975864be654 - package: 5b4243216b9a3192bf65fc3a9ef2cb9c998b52ed2a3083bd80c2bab638a9c1f3 - lastCertifiedTimestamp: "2022-05-04T17:05:50.960603+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.11.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.11.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^4.7.0 - repository: https://prometheus-community.github.io/helm-charts - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.11.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.0 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl diff --git a/charts/partners/wavefronthq/wavefront/1.11.0/wavefront-1.11.0.tgz b/charts/partners/wavefronthq/wavefront/1.11.0/wavefront-1.11.0.tgz deleted file mode 100644 index 8ee5bcee5b..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.11.0/wavefront-1.11.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.11.1/report.yaml b/charts/partners/wavefronthq/wavefront/1.11.1/report.yaml deleted file mode 100644 index d4c117dea2..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.11.1/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.11.1.tgz - digests: - chart: sha256:7b05498c4b84cdb7591e6f10e4120ba4a370f546656aadd8619a5b97dad33bb8 - package: fb5ff2fef7f5bc69ebaa934c7ad8dba0a955f504bf659616e12ca4ab2ad2c73f - lastCertifiedTimestamp: "2022-05-05T17:29:12.435116+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.11.1 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.11.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^4.7.0 - repository: https://prometheus-community.github.io/helm-charts - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.11.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.0 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/wavefronthq/wavefront/1.11.1/wavefront-1.11.1.tgz b/charts/partners/wavefronthq/wavefront/1.11.1/wavefront-1.11.1.tgz deleted file mode 100644 index dbd11e0575..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.11.1/wavefront-1.11.1.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.12.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.12.0/report.yaml deleted file mode 100644 index 7ff1fcea69..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.12.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.12.0.tgz - digests: - chart: sha256:9f5cc3901d8a46e4b330d8e5cdac8c70411adee183b04215499f8efe61b46e82 - package: 1b04005a568e30fd8531d139d258746e1ffc401556e340109e9e5e3a49d6b3a5 - lastCertifiedTimestamp: "2022-08-31T20:58:58.588746+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.12.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.12.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^4.16.0 - repository: https://prometheus-community.github.io/helm-charts - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.12.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.3 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/wavefronthq/wavefront/1.12.0/wavefront-1.12.0.tgz b/charts/partners/wavefronthq/wavefront/1.12.0/wavefront-1.12.0.tgz deleted file mode 100644 index 312be9832a..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.12.0/wavefront-1.12.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.13.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.13.0/report.yaml deleted file mode 100644 index 8599e3dd48..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.13.0/report.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.13.0.tgz - digests: - chart: sha256:7c8f5d0ea4eb7f9672c7d49d59169adb7859ea8bc8837cb5f089704a84f7984f - package: fd3723819deaea72526da3225b8360a1acd94df1af49d450c424a01b36569fd9 - lastCertifiedTimestamp: "2022-12-21T00:08:46.958038+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.13.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.13.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^4.16.0 - repository: https://prometheus-community.github.io/helm-charts - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.13.0 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:11.3 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/wavefronthq/wavefront/1.13.0/wavefront-1.13.0.tgz b/charts/partners/wavefronthq/wavefront/1.13.0/wavefront-1.13.0.tgz deleted file mode 100644 index cb2e4f4af0..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.13.0/wavefront-1.13.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.13.1/report.yaml b/charts/partners/wavefronthq/wavefront/1.13.1/report.yaml deleted file mode 100644 index 6d5d6dec26..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.13.1/report.yaml +++ /dev/null @@ -1,132 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.0.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.13.1.tgz - digests: - chart: sha256:27d8a54382f1c39c55f9239bc7e17195d4c416742113fcaae1013b93b1689be0 - package: 16892309c6c0be3f669be955f0ca162e432de28af631ad8e781912dd6f7cead3 - lastCertifiedTimestamp: "2023-04-14T19:48:53.916688+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - providerControlledDelivery: false - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.13.1 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: ginwoopak - email: pginwoo@vmware.com - url: "" - - name: iplay88keys - email: jalvis@vmware.com - url: "" - - name: jerrybelmonte - email: bjerry@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: jyuqi - email: jyuqi@vmware.com - url: "" - - name: m25n - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^4.16.0 - repository: https://prometheus-community.github.io/helm-charts - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:12.3 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.13.0 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful diff --git a/charts/partners/wavefronthq/wavefront/1.13.1/wavefront-1.13.1.tgz b/charts/partners/wavefronthq/wavefront/1.13.1/wavefront-1.13.1.tgz deleted file mode 100644 index 95d3a7f6b8..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.13.1/wavefront-1.13.1.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.7.10/report.yaml b/charts/partners/wavefronthq/wavefront/1.7.10/report.yaml deleted file mode 100644 index a57c64728b..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.7.10/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.1 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.7.10.tgz - digests: - chart: sha256:663b50a03cf0adac0485f8731a1e0c8cb729b216f75ce9e43d1f09ffbe2faa1a - package: 89f74153cbe57e617a49a16993daf1a13eef31a375fbdbb4c3e501c28d0bb25a - lastCertifiedTimestamp: "2021-12-20T22:13:45.725332+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.7.10 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.7.5 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.7.5.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.12 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed diff --git a/charts/partners/wavefronthq/wavefront/1.7.10/wavefront-1.7.10.tgz b/charts/partners/wavefronthq/wavefront/1.7.10/wavefront-1.7.10.tgz deleted file mode 100644 index 5ee3d42ae7..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.7.10/wavefront-1.7.10.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.7.11/report.yaml b/charts/partners/wavefronthq/wavefront/1.7.11/report.yaml deleted file mode 100644 index 78d086618d..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.7.11/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.7.11.tgz - digests: - chart: sha256:9abe8f186f580e207339c9d4b0b91aa4d0fc6c74eb7d2179a1bb7fcde3a3305a - package: e7cd53c0fee52a945be756c99a76a0eaa42c5b167d39a9a55cd0f4cd1f2f2cdd - lastCertifiedTimestamp: "2021-12-22T18:22:43.246542+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.7.11 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.7.5 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.7.5.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.12 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 diff --git a/charts/partners/wavefronthq/wavefront/1.7.11/wavefront-1.7.11.tgz b/charts/partners/wavefronthq/wavefront/1.7.11/wavefront-1.7.11.tgz deleted file mode 100644 index c86dd1fbbb..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.7.11/wavefront-1.7.11.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.8.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.8.0/report.yaml deleted file mode 100644 index a45a5bece3..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.8.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.1 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.8.0.tgz - digests: - chart: sha256:40981445a294c734a9a6c3ef4f55cf277016c0fa53e7b50b410393d78ab664fb - package: 6dc73239df2510720357ef50025c472922126e24f04b5bd81e2568f48a4cbc4e - lastCertifiedTimestamp: "2022-01-14T22:07:21.267572+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.8.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.8.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.13 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.8.0 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful diff --git a/charts/partners/wavefronthq/wavefront/1.8.0/wavefront-1.8.0.tgz b/charts/partners/wavefronthq/wavefront/1.8.0/wavefront-1.8.0.tgz deleted file mode 100644 index 9329fc4301..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.8.0/wavefront-1.8.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.9.0/report.yaml b/charts/partners/wavefronthq/wavefront/1.9.0/report.yaml deleted file mode 100644 index 80a79eaacd..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.9.0/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.9.0.tgz - digests: - chart: sha256:40acfae48a20dfe8e0148ab2ec2f72e4a2a7345b5636302a75576edf2513db6d - package: 113d6a82051b13bce9697fdd1bc655ec054c4344044ad3bd0127f9c9a813934a - lastCertifiedTimestamp: "2022-03-02T19:28:52.5528+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.9.0 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.9.0.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist diff --git a/charts/partners/wavefronthq/wavefront/1.9.0/wavefront-1.9.0.tgz b/charts/partners/wavefronthq/wavefront/1.9.0/wavefront-1.9.0.tgz deleted file mode 100644 index 9457d37a09..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.9.0/wavefront-1.9.0.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.9.1/report.yaml b/charts/partners/wavefronthq/wavefront/1.9.1/report.yaml deleted file mode 100644 index fc5cee912f..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.9.1/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.9.1.tgz - digests: - chart: sha256:1163f80f6ee24b46e55d70dde7396688bfe226d02e72d57f28c6d80bb4b3544c - package: b6812e6d2f56038c0dc4718e66dfc894f62d32b158b27e65489dfa3452789c7f - lastCertifiedTimestamp: "2022-03-03T21:42:48.554479+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.9.1 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.9.0.1 diff --git a/charts/partners/wavefronthq/wavefront/1.9.1/wavefront-1.9.1.tgz b/charts/partners/wavefronthq/wavefront/1.9.1/wavefront-1.9.1.tgz deleted file mode 100644 index 909cc35eb7..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.9.1/wavefront-1.9.1.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.9.2/report.yaml b/charts/partners/wavefronthq/wavefront/1.9.2/report.yaml deleted file mode 100644 index 6aff04ba2c..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.9.2/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.9.2.tgz - digests: - chart: sha256:c75d054c3b61bcb3763aea3020f2c39a1fca2704ee70bc886691b4d58ca94e24 - package: 9dc0e84e0b0efaa59f4d35f38d84055f020e151bc0e1275e9ae1287c894d7271 - lastCertifiedTimestamp: "2022-03-03T22:21:27.665181+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.9.2 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.9.0.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl diff --git a/charts/partners/wavefronthq/wavefront/1.9.2/wavefront-1.9.2.tgz b/charts/partners/wavefronthq/wavefront/1.9.2/wavefront-1.9.2.tgz deleted file mode 100644 index 402d3c9d3d..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.9.2/wavefront-1.9.2.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.9.3/report.yaml b/charts/partners/wavefronthq/wavefront/1.9.3/report.yaml deleted file mode 100644 index 17f9a98336..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.9.3/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.9.3.tgz - digests: - chart: sha256:162df781b0e6277f53542cdc862d06952d885938d39a1c49b3cba6681b1f764d - package: f26d1c874546875e32cc27c480016beb0de8f1b32c2188f1a76450bcd85a4e04 - lastCertifiedTimestamp: "2022-03-07T22:12:50.850323+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.9.3 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.9.0.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present diff --git a/charts/partners/wavefronthq/wavefront/1.9.3/wavefront-1.9.3.tgz b/charts/partners/wavefronthq/wavefront/1.9.3/wavefront-1.9.3.tgz deleted file mode 100644 index fa2f5afa6e..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.9.3/wavefront-1.9.3.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/1.9.4/report.yaml b/charts/partners/wavefronthq/wavefront/1.9.4/report.yaml deleted file mode 100644 index b4f97449e2..0000000000 --- a/charts/partners/wavefronthq/wavefront/1.9.4/report.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /charts/_build/wavefront-1.9.4.tgz - digests: - chart: sha256:8e7e18f072370994f64499decdc00999ed049c50bad8821539dd79cebf72f0ad - package: 855fbc9e50863541e8a0df9faff2139dbd791f468077cf96fad6eea326ff1c9a - lastCertifiedTimestamp: "2022-03-08T22:10:34.893569+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.6' - chart: - name: wavefront - home: https://www.wavefront.com - sources: - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy - version: 1.9.4 - description: Wavefront Collector for Kubernetes - keywords: - - metric - - monitoring - - observability - - alerting - maintainers: - - name: akodali18 - email: akodali@vmware.com - url: "" - - name: johncornish - email: jcornish@vmware.com - url: "" - - name: josephgee - email: jgee@vmware.com - url: "" - - name: helen-shao - email: shaoh@vmware.com - url: "" - - name: mceldeen - email: matthewco@vmware.com - url: "" - - name: mmichael - email: mamichael@vmware.com - url: "" - - name: priyaselvaganesan - email: pselvaganesa@vmware.com - url: "" - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.9.0 - deprecated: false - annotations: - charts.openshift.io/name: wavefront - kubeversion: '>= 1.19' - dependencies: - - name: kube-state-metrics - version: ^2.2.1 - repository: https://charts.helm.sh/stable - condition: kubeStateMetrics.enabled - tags: [] - enabled: false - importvalues: [] - alias: "" - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/wavefront-kubernetes-collector:1.9.0.1 - Image is Red Hat certified : registry.connect.redhat.com/wavefronthq/proxy:10.14.1 - Image is Red Hat certified : registry.connect.redhat.com/seldonio/kubectl - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/partners/wavefronthq/wavefront/1.9.4/wavefront-1.9.4.tgz b/charts/partners/wavefronthq/wavefront/1.9.4/wavefront-1.9.4.tgz deleted file mode 100644 index cb496fd625..0000000000 Binary files a/charts/partners/wavefronthq/wavefront/1.9.4/wavefront-1.9.4.tgz and /dev/null differ diff --git a/charts/partners/wavefronthq/wavefront/OWNERS b/charts/partners/wavefronthq/wavefront/OWNERS deleted file mode 100644 index 554af07d5e..0000000000 --- a/charts/partners/wavefronthq/wavefront/OWNERS +++ /dev/null @@ -1,17 +0,0 @@ -chart: - name: wavefront - shortDescription: Deploys the Wavefront Collector for Kubernetes and Wavefront Proxy - to your Kubernetes cluster -publicPgpKey: null -users: -- githubUsername: akodali18 -- githubUsername: johncornish -- githubUsername: josephgee -- githubUsername: helen-shao -- githubUsername: mceldeen -- githubUsername: mmichael -- githubUsername: priyaselvaganesan -- githubUsername: wf-jenkins -vendor: - label: wavefronthq - name: VMWare diff --git a/charts/partners/whiteklay/izac-helm-charts/OWNERS b/charts/partners/whiteklay/izac-helm-charts/OWNERS deleted file mode 100644 index 1e4fe9c0a4..0000000000 --- a/charts/partners/whiteklay/izac-helm-charts/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: izac-helm-charts - shortDescription: unknown -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: https://github.com/arjunkumar999/izacinstaller.git -vendor: - label: whiteklay - name: Whiteklay Pvt. Ltd. diff --git a/charts/partners/yugabytedb/ybhelm1/OWNERS b/charts/partners/yugabytedb/ybhelm1/OWNERS deleted file mode 100644 index 65bdf86187..0000000000 --- a/charts/partners/yugabytedb/ybhelm1/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: ybhelm1 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: yugabytedb - name: YugaByte Inc diff --git a/charts/partners/yugabytedb/ybhelm2/OWNERS b/charts/partners/yugabytedb/ybhelm2/OWNERS deleted file mode 100644 index fcfb8a8731..0000000000 --- a/charts/partners/yugabytedb/ybhelm2/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -chart: - name: ybhelm2 - shortDescription: unknown -publicPgpKey: unknown -users: [] -vendor: - label: yugabytedb - name: YugaByte Inc diff --git a/charts/partners/yugabytedb/yugaware-openshift/2.14.4/report.yaml b/charts/partners/yugabytedb/yugaware-openshift/2.14.4/report.yaml deleted file mode 100644 index e42c637d3e..0000000000 --- a/charts/partners/yugabytedb/yugaware-openshift/2.14.4/report.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.9.0 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:76436689547436495 - chart-uri: https://charts.yugabyte.com/yugaware-openshift-2.14.4.tgz - digests: - chart: sha256:6e6edeb0cd098762e8e5c7ffc0c3005bdb61b2af6ed7b3725aeb3d6ac41d4806 - package: 413e8c1befc0ecabb0a894d774f129a867d594f825c43869a457eb338faeb909 - lastCertifiedTimestamp: "2022-11-17T10:21:33.625598+05:30" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.4' - providerControlledDelivery: false - chart: - name: yugaware-openshift - home: https://www.yugabyte.com - sources: [] - version: 2.14.4 - description: YugaWare is YugaByte Database's Orchestration and Management console. - keywords: [] - maintainers: - - name: Sanketh Indarapu - email: sanketh@yugabyte.com - url: "" - - name: Govardhan Reddy Jalla - email: gjalla@yugabyte.com - url: "" - icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 - apiversion: v2 - condition: "" - tags: "" - appversion: 2.14.4.0-b26 - deprecated: false - annotations: - charts.openshift.io/name: yugaware-openshift - kubeversion: '>=1.17.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : registry.redhat.io/rhscl/postgresql-13-rhel7:1-88.1661531722 : No images found for Registry/Repository: registry.redhat.io/rhscl/postgresql-13-rhel7 - Image is not Red Hat certified : registry.redhat.io/openshift4/ose-prometheus:v4.11.0 : No images found for Registry/Repository: registry.redhat.io/openshift4/ose-prometheus - Image is Red Hat certified : quay.io/yugabyte/yugaware-ubi:2.14.4.0-b26 - Image is Red Hat certified : registry.access.redhat.com/ubi8/nginx-120:1-60.1665590917 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - diff --git a/charts/partners/yugabytedb/yugaware-openshift/2.18.2/report.yaml b/charts/partners/yugabytedb/yugaware-openshift/2.18.2/report.yaml deleted file mode 100644 index d0fb11be8d..0000000000 --- a/charts/partners/yugabytedb/yugaware-openshift/2.18.2/report.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.2 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5183071511896837538 - chart-uri: https://charts.yugabyte.com/yugaware-openshift-2.18.2.tgz - digests: - chart: sha256:ddc9efea3fa5972062bbd15cd74964b6c5eaefa09ee7c1b6f1644b31cb495a45 - package: 3f2c6c13031abd5148a70f6d2871809067d4e9e8569e503a87636302cd9222d9 - lastCertifiedTimestamp: "2023-09-13T07:48:59.636956+00:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.4' - webCatalogOnly: false - chart: - name: yugaware-openshift - home: https://www.yugabyte.com - sources: [] - version: 2.18.2 - description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster with multiple pods provided by Kubernetes or OpenShift and logically grouped together to form one logical distributed database. - keywords: [] - maintainers: - - name: Sanketh Indarapu - email: sanketh@yugabyte.com - url: "" - - name: Govardhan Reddy Jalla - email: gjalla@yugabyte.com - url: "" - icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 - apiversion: v2 - condition: "" - tags: "" - appversion: 2.18.2.1-b1 - deprecated: false - annotations: - charts.openshift.io/name: yugaware-openshift - kubeversion: '>=1.17.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: |- - Image certification skipped : registry.redhat.io/rhscl/postgresql-13-rhel7:1-88.1661531722 - Image certification skipped : registry.redhat.io/openshift4/ose-prometheus:v4.11.0 - Image is Red Hat certified : quay.io/yugabyte/yugaware-ubi:2.18.2.1-b1 - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist \ No newline at end of file diff --git a/charts/partners/yugabytedb/yugaware-openshift/OWNERS b/charts/partners/yugabytedb/yugaware-openshift/OWNERS deleted file mode 100644 index 3cada73045..0000000000 --- a/charts/partners/yugabytedb/yugaware-openshift/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -chart: - name: yugaware-openshift - shortDescription: 'Use YugabyteDB Anywhere''s orchestration and monitoring to manage - YugabyteDB universes. ' -providerDelivery: false -publicPgpKey: null -users: -- githubUsername: baba230896 -- githubUsername: bhavin192 -vendor: - label: yugabytedb - name: YugaByte Inc diff --git a/charts/partners/zextras/carbonio-ce/OWNERS b/charts/partners/zextras/carbonio-ce/OWNERS deleted file mode 100644 index b224e2a963..0000000000 --- a/charts/partners/zextras/carbonio-ce/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: carbonio-ce - shortDescription: Zextras Carbonio Community Edition - The free and open source - email and collaboration -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: M0Rf30 -vendor: - label: zextras - name: Zextras Srl diff --git a/charts/partners/zextras/carbonio/23.2.0/.helmignore b/charts/partners/zextras/carbonio/23.2.0/.helmignore deleted file mode 100644 index 99effea608..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/zextras/carbonio/23.2.0/report.yaml b/charts/partners/zextras/carbonio/23.2.0/report.yaml deleted file mode 100644 index 54f7498fac..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:10706719544484384621 - chart-uri: ./src - digests: - chart: sha256:a93c347dd88ce22a68a4c2ecb7d6c05c211db6c297b57cdd912403ee5e578857 - lastCertifiedTimestamp: "2023-03-23T16:45:33.120585+01:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.2' - webCatalogOnly: false - chart: - name: carbonio - home: https://www.zextras.com/carbonio - sources: [] - version: 23.2.0 - description: Official Zextras Carbonio Chart - keywords: - - carbonio - - email - - collaboration - - groupware - maintainers: [] - icon: https://www.zextras.com/images/carbonio_white.webp - apiversion: v2 - condition: "" - tags: "" - appversion: 23.2.0 - deprecated: false - annotations: - charts.openshift.io/name: carbonio - kubeversion: '>= 1.14.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/zextras/carbonio:23.2.0-single' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful diff --git a/charts/partners/zextras/carbonio/23.2.0/src/Chart.yaml b/charts/partners/zextras/carbonio/23.2.0/src/Chart.yaml deleted file mode 100644 index 13ffe076a2..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: carbonio -apiVersion: v2 -appVersion: "23.2.0" -version: "23.2.0" -description: Official Zextras Carbonio Chart -home: https://www.zextras.com/carbonio -icon: https://www.zextras.com/images/carbonio_white.webp -keywords: - - carbonio - - email - - collaboration - - groupware -kubeVersion: ">= 1.14.0-0" -annotations: - charts.openshift.io/name: carbonio diff --git a/charts/partners/zextras/carbonio/23.2.0/src/README.md b/charts/partners/zextras/carbonio/23.2.0/src/README.md deleted file mode 100644 index b09c550fd9..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# Carbonio Helm Chart - -This repository contains the official Zextras Carbonio Helm chart for -installing and configuring Carbonio on Kubernetes. This chart supports -multiple use cases of Carbonio on Kubernetes depending on the values -provided. - -For full documentation on this Helm chart along with all the ways you can use -Carbonio with Kubernetes, please see the -[Carbonio and Kubernetes documentation](https://docs.zextras.com/carbonio/html). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - -- **Helm 3.0+** - This is the earliest version of Helm tested. It is possible it - works with earlier versions but this chart is untested for those versions. - -- **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. It - is possible that this chart works with earlier versions but it is untested. - -## Usage - -To install the latest version of this chart, add the Zextras helm repository and -run `helm install`: - -```console -$ helm repo add Zextras https://helm.releases.zextras.com -"Zextras" has been added to your repositories - -$ helm install carbonio zextras/carbonio -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Carbonio -website](https://docs.zextras.com/carbonio/html) along with more detailed -installation instructions. - -## NOTES for OpenShiftdeployment - -```sh -oc create sa --namespace carbonio-system sa-with-anyuid -oc adm policy add-scc-to-user anyuid -z sa-with-anyuid --namespace carbonio-system -``` diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/NOTES.txt b/charts/partners/zextras/carbonio/23.2.0/src/templates/NOTES.txt deleted file mode 100644 index 6aa6dbda17..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing Zextras Carbonio! - -Now that you have deployed Carbonio, you should look over the docs on using -Carbonio with Kubernetes available here: - -https://docs.zextras.com/carbonio/html/index.html - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/_helpers.tpl b/charts/partners/zextras/carbonio/23.2.0/src/templates/_helpers.tpl deleted file mode 100644 index 41a2aacd73..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "carbonio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "carbonio.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "carbonio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "carbonio.labels" -}} -helm.sh/chart: {{ include "carbonio.chart" . }} -{{ include "carbonio.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "carbonio.selectorLabels" -}} -app.kubernetes.io/name: {{ include "carbonio.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/deployment.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/deployment.yaml deleted file mode 100644 index b05362836f..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "carbonio.fullname" . }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} - namespace: carbonio-system -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "carbonio.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "carbonio.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{- toYaml .Values.serviceAccountName | nindent 8 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - command: - - /sbin/init - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - ports: - - containerPort: 25 - - containerPort: 110 - - containerPort: 443 - - containerPort: 465 - - containerPort: 587 - - containerPort: 6071 - - containerPort: 7071 - - containerPort: 8080 - livenessProbe: - exec: - command: - - /usr/bin/nc - - -z - - localhost - - "389" - failureThreshold: 10 - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/bin/nc - - -z - - localhost - - "389" - failureThreshold: 10 - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - restartPolicy: Always - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "carbonio.mail.local" - - "carbonio" - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -status: {} - diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/hpa.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/hpa.yaml deleted file mode 100644 index df5e7be0f4..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "carbonio.fullname" . }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "carbonio.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/ingress.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/ingress.yaml deleted file mode 100644 index 265c136ec1..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "carbonio.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/service.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/service.yaml deleted file mode 100644 index 2a633ade56..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "carbonio.fullname" . }} - namespace: carbonio-system - labels: - {{- include "carbonio.labels" . | nindent 4 }} -spec: - ports: - - name: smtp - port: 25 - targetPort: 25 - - name: pop3 - port: 110 - targetPort: 110 - - name: login-ui - port: 443 - targetPort: 443 - - name: smtp-tls - port: 587 - targetPort: 587 - - name: admin-ui - port: 6071 - targetPort: 6071 - - selector: - app.kubernetes.io/name: {{ include "carbonio.name" . }} diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/serviceaccount.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/serviceaccount.yaml deleted file mode 100644 index a4df9427fa..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "carbonio.fullname" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} - labels: - {{ include "carbonio.labels" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/zextras/carbonio/23.2.0/src/templates/tests/test-connection.yaml b/charts/partners/zextras/carbonio/23.2.0/src/templates/tests/test-connection.yaml deleted file mode 100644 index 18ef8e5805..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-server-test - labels: - {{- include "carbonio.labels" . | nindent 4 }} - namespace: carbonio-system - annotations: - "helm.sh/hook": test -spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{- toYaml .Values.serviceAccountName | nindent 8 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - command: - - /bin/sh - - -c - - | - /opt/zextras/bin/zmcontrol -v - - restartPolicy: Never diff --git a/charts/partners/zextras/carbonio/23.2.0/src/values.schema.json b/charts/partners/zextras/carbonio/23.2.0/src/values.schema.json deleted file mode 100644 index 862cdc36e4..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/values.schema.json +++ /dev/null @@ -1,338 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-06/schema#", - "$ref": "#/definitions/Welcome10", - "definitions": { - "Welcome10": { - "type": "object", - "additionalProperties": false, - "properties": { - "nameOverride": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "service": { - "$ref": "#/definitions/Service" - }, - "serviceAccount": { - "$ref": "#/definitions/ServiceAccount" - }, - "serviceAccountName": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array", - "items": {} - }, - "deployment": { - "$ref": "#/definitions/Deployment" - }, - "autoscaling": { - "$ref": "#/definitions/Autoscaling" - }, - "route": { - "$ref": "#/definitions/Route" - }, - "ingress": { - "$ref": "#/definitions/Ingress" - }, - "podAnnotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "podSecurityContext": { - "$ref": "#/definitions/PodAnnotations" - }, - "securityContext": { - "$ref": "#/definitions/SecurityContext" - }, - "resources": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "autoscaling", - "deployment", - "fullnameOverride", - "imagePullSecrets", - "ingress", - "nameOverride", - "podAnnotations", - "podSecurityContext", - "resources", - "route", - "securityContext", - "service", - "serviceAccount", - "serviceAccountName" - ], - "title": "Welcome10" - }, - "Autoscaling": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "minReplicas": { - "type": "integer" - }, - "maxReplicas": { - "type": "integer" - }, - "metrics": { - "type": "array", - "items": {} - } - }, - "required": [ - "enabled", - "maxReplicas", - "metrics", - "minReplicas" - ], - "title": "Autoscaling" - }, - "Deployment": { - "type": "object", - "additionalProperties": false, - "properties": { - "replicaCount": { - "type": "integer" - }, - "revisionHistoryLimit": { - "type": "integer" - }, - "updateStrategy": { - "$ref": "#/definitions/UpdateStrategy" - }, - "image": { - "$ref": "#/definitions/Image" - }, - "additionalLabels": { - "$ref": "#/definitions/PodAnnotations" - }, - "additionalAnnotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "nodeSelector": { - "$ref": "#/definitions/PodAnnotations" - }, - "tolerations": { - "type": "array", - "items": {} - }, - "affinity": { - "$ref": "#/definitions/PodAnnotations" - }, - "livenessProbe": { - "$ref": "#/definitions/NessProbe" - }, - "readinessProbe": { - "$ref": "#/definitions/NessProbe" - }, - "sidecars": { - "type": "array", - "items": {} - }, - "volumes": { - "type": "array", - "items": {} - } - }, - "required": [ - "additionalAnnotations", - "additionalLabels", - "affinity", - "image", - "livenessProbe", - "nodeSelector", - "readinessProbe", - "replicaCount", - "revisionHistoryLimit", - "sidecars", - "tolerations", - "updateStrategy", - "volumes" - ], - "title": "Deployment" - }, - "PodAnnotations": { - "type": "object", - "additionalProperties": false, - "title": "PodAnnotations" - }, - "Image": { - "type": "object", - "additionalProperties": false, - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - }, - "pullPolicy": { - "type": "string" - } - }, - "required": [ - "pullPolicy", - "repository", - "tag" - ], - "title": "Image" - }, - "NessProbe": { - "type": "object", - "additionalProperties": false, - "properties": { - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - }, - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "title": "NessProbe" - }, - "UpdateStrategy": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/definitions/RollingUpdate" - } - }, - "required": [ - "rollingUpdate", - "type" - ], - "title": "UpdateStrategy" - }, - "RollingUpdate": { - "type": "object", - "additionalProperties": false, - "properties": { - "maxSurge": { - "type": "integer" - }, - "maxUnavailable": { - "type": "integer" - } - }, - "required": [ - "maxSurge", - "maxUnavailable" - ], - "title": "RollingUpdate" - }, - "Ingress": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "hosts": { - "type": "array", - "items": {} - }, - "tls": { - "type": "array", - "items": {} - } - }, - "required": [ - "annotations", - "enabled", - "hosts", - "tls" - ], - "title": "Ingress" - }, - "Route": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "tls": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "annotations", - "enabled", - "tls" - ], - "title": "Route" - }, - "SecurityContext": { - "type": "object", - "additionalProperties": false, - "properties": { - "runAsUser": { - "type": "integer" - } - }, - "required": [ - "runAsUser" - ], - "title": "SecurityContext" - }, - "Service": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "type": "string" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "annotations", - "type" - ], - "title": "Service" - }, - "ServiceAccount": { - "type": "object", - "additionalProperties": false, - "properties": { - "create": { - "type": "boolean" - } - }, - "required": [ - "create" - ], - "title": "ServiceAccount" - } - } -} diff --git a/charts/partners/zextras/carbonio/23.2.0/src/values.yaml b/charts/partners/zextras/carbonio/23.2.0/src/values.yaml deleted file mode 100644 index 5133c8f240..0000000000 --- a/charts/partners/zextras/carbonio/23.2.0/src/values.yaml +++ /dev/null @@ -1,172 +0,0 @@ -# Default values for carbonio. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- option to override the name config in the _helpers.tpl -nameOverride: "" -# -- option to override the fullname config in the _helpers.tpl -fullnameOverride: "" - -## configuration for the k8s service to access carbonio -service: - # -- service type - type: ClusterIP - # -- addtional annotations, if required - annotations: {} - -# -- if a specific service account should be used, it can be configured here -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - # -- specifies if the account should be created - create: false - # -- specifies the account name -serviceAccountName: "sa-with-anyuid" - -# Image pull secret to use for registry authentication. -imagePullSecrets: [] - -## deployment specific configuration -deployment: - # -- initial number of target replications, can be different if autoscaling is enabled - replicaCount: 1 - # -- number of old replicas to be retained - revisionHistoryLimit: 3 - ## configuration of the carbonio update strategy - updateStrategy: - # -- type of the update - type: RollingUpdate - # -- new pods will be added gradually - rollingUpdate: - # -- number of pods that can be created above the desired amount while updating - maxSurge: 1 - # -- number of pods that can be unavailable while updating - maxUnavailable: 0 - ## configuration of the image to be used - image: - # -- carbonio image name - repository: registry.connect.redhat.com/zextras/carbonio - # -- tag of the image to be used - tag: "23.2.0-single" - # -- specification of the image pull policy - pullPolicy: IfNotPresent - # -- additional labels for the deployment, if required - additionalLabels: {} - # -- additional annotations for the deployment, if required - additionalAnnotations: {} - # -- carbonio resource requests and limits, we leave the default empty to make that a concious choice by the user. - # for the autoscaling to make sense, you should configure this. - # resources: - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- selector template - # ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} - # -- tolerations template - # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # -- affinity template - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - ## liveness and readiness probes of the carbonio broker, they will be evaluated against the version endpoint - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - # -- additional sidepods for the deployment, if required - sidecars: [] - # -- additional volumes for the deployment, if required - volumes: [] - -## pod autoscaling configuration, use for automatic scaling of the broker pods -autoscaling: - # -- should autoscaling be enabled for the context broker - enabled: false - # -- minimum number of running pods - minReplicas: 1 - # -- maximum number of running pods - maxReplicas: 10 - # -- metrics to react on - metrics: [] - # -- List of MetricSpecs to decide whether to scale - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling - # scaler targets to hold average cpu around 80% - #- type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 80 - ## scaler targets to hold average memory around 80% - # - type: Resource - # resource: - # name: memory - # target: - # type: Utilization - # averageUtilization: 80 - -## openshift specific route definition. Will not work on plain k8s -route: - ## -- should the deployment create openshift routes - enabled: false - # -- annotations to be added to the route - annotations: {} - # -- host to be used - # host: localhost - # -- tls configuration for the route - tls: {} - # termination: edge - -## ingress configuration -ingress: - # -- should there be an ingress to connect carbonio with the public internet - enabled: false - # -- annotations to be added to the ingress - annotations: - {} - # kubernetes.io/ingress.class: "ambassador" - ## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl. - # kubernetes.io/tls-acme: "true" - # ingress.kubernetes.io/ssl-redirect: "true" - # -- all hosts to be provided - hosts: - [] - # -- provide a hosts and the paths that should be available - # - host: localhost - # paths: - # - / - # -- configure the ingress' tls - tls: - [] - # - secretName: carbonio-tls - # hosts: - # - carbonio.mail.local - -podAnnotations: {} - -podSecurityContext: {} -securityContext: - runAsUser: 0 - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi diff --git a/charts/partners/zextras/carbonio/23.3.0/.helmignore b/charts/partners/zextras/carbonio/23.3.0/.helmignore deleted file mode 100644 index 99effea608..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -.terraform/ -bin/ -test/ diff --git a/charts/partners/zextras/carbonio/23.3.0/report.yaml b/charts/partners/zextras/carbonio/23.3.0/report.yaml deleted file mode 100644 index 5aff50f06e..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.10.1 - profile: - VendorType: partner - version: v1.2 - reportDigest: uint64:5417835910875030553 - chart-uri: ./src - digests: - chart: sha256:426742689a9ea566f48b8a28424eeb82cbad385d0ef0a4be350f6369795bc12b - lastCertifiedTimestamp: "2023-03-23T18:10:46.447224+01:00" - testedOpenShiftVersion: "4.11" - supportedOpenShiftVersions: '>=4.2' - webCatalogOnly: false - chart: - name: carbonio - home: https://www.zextras.com/carbonio - sources: [] - version: 23.3.0 - description: Official Zextras Carbonio Chart - keywords: - - carbonio - - email - - collaboration - - groupware - maintainers: [] - icon: https://www.zextras.com/images/carbonio_white.webp - apiversion: v2 - condition: "" - tags: "" - appversion: 23.3.0 - deprecated: false - annotations: - charts.openshift.io/name: carbonio - kubeversion: '>= 1.14.0-0' - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/zextras/carbonio:23.3.0-single' - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist diff --git a/charts/partners/zextras/carbonio/23.3.0/src/Chart.yaml b/charts/partners/zextras/carbonio/23.3.0/src/Chart.yaml deleted file mode 100644 index dad5179183..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: carbonio -apiVersion: v2 -appVersion: "23.3.0" -version: "23.3.0" -description: Official Zextras Carbonio Chart -home: https://www.zextras.com/carbonio -icon: https://www.zextras.com/images/carbonio_white.webp -keywords: - - carbonio - - email - - collaboration - - groupware -kubeVersion: ">= 1.14.0-0" -annotations: - charts.openshift.io/name: carbonio diff --git a/charts/partners/zextras/carbonio/23.3.0/src/README.md b/charts/partners/zextras/carbonio/23.3.0/src/README.md deleted file mode 100644 index b09c550fd9..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# Carbonio Helm Chart - -This repository contains the official Zextras Carbonio Helm chart for -installing and configuring Carbonio on Kubernetes. This chart supports -multiple use cases of Carbonio on Kubernetes depending on the values -provided. - -For full documentation on this Helm chart along with all the ways you can use -Carbonio with Kubernetes, please see the -[Carbonio and Kubernetes documentation](https://docs.zextras.com/carbonio/html). - -## Prerequisites - -To use the charts here, [Helm](https://helm.sh/) must be configured for your -Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of -this README. Please refer to the Kubernetes and Helm documentation. - -The versions required are: - -- **Helm 3.0+** - This is the earliest version of Helm tested. It is possible it - works with earlier versions but this chart is untested for those versions. - -- **Kubernetes 1.14+** - This is the earliest version of Kubernetes tested. It - is possible that this chart works with earlier versions but it is untested. - -## Usage - -To install the latest version of this chart, add the Zextras helm repository and -run `helm install`: - -```console -$ helm repo add Zextras https://helm.releases.zextras.com -"Zextras" has been added to your repositories - -$ helm install carbonio zextras/carbonio -``` - -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Carbonio -website](https://docs.zextras.com/carbonio/html) along with more detailed -installation instructions. - -## NOTES for OpenShiftdeployment - -```sh -oc create sa --namespace carbonio-system sa-with-anyuid -oc adm policy add-scc-to-user anyuid -z sa-with-anyuid --namespace carbonio-system -``` diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/NOTES.txt b/charts/partners/zextras/carbonio/23.3.0/src/templates/NOTES.txt deleted file mode 100644 index 6aa6dbda17..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ - -Thank you for installing Zextras Carbonio! - -Now that you have deployed Carbonio, you should look over the docs on using -Carbonio with Kubernetes available here: - -https://docs.zextras.com/carbonio/html/index.html - - -Your release is named {{ .Release.Name }}. To learn more about the release, try: - - $ helm status {{ .Release.Name }} - $ helm get manifest {{ .Release.Name }} - diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/_helpers.tpl b/charts/partners/zextras/carbonio/23.3.0/src/templates/_helpers.tpl deleted file mode 100644 index 41a2aacd73..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "carbonio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "carbonio.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "carbonio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "carbonio.labels" -}} -helm.sh/chart: {{ include "carbonio.chart" . }} -{{ include "carbonio.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "carbonio.selectorLabels" -}} -app.kubernetes.io/name: {{ include "carbonio.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/deployment.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/deployment.yaml deleted file mode 100644 index b05362836f..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/deployment.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "carbonio.fullname" . }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} - namespace: carbonio-system -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "carbonio.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "carbonio.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{- toYaml .Values.serviceAccountName | nindent 8 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - command: - - /sbin/init - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - ports: - - containerPort: 25 - - containerPort: 110 - - containerPort: 443 - - containerPort: 465 - - containerPort: 587 - - containerPort: 6071 - - containerPort: 7071 - - containerPort: 8080 - livenessProbe: - exec: - command: - - /usr/bin/nc - - -z - - localhost - - "389" - failureThreshold: 10 - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/bin/nc - - -z - - localhost - - "389" - failureThreshold: 10 - initialDelaySeconds: 20 - periodSeconds: 60 - timeoutSeconds: 10 - resources: - {{- toYaml .Values.resources | nindent 12 }} - restartPolicy: Always - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "carbonio.mail.local" - - "carbonio" - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -status: {} - diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/hpa.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/hpa.yaml deleted file mode 100644 index df5e7be0f4..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "carbonio.fullname" . }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "carbonio.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/ingress.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/ingress.yaml deleted file mode 100644 index 265c136ec1..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "carbonio.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "carbonio.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/service.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/service.yaml deleted file mode 100644 index 2a633ade56..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "carbonio.fullname" . }} - namespace: carbonio-system - labels: - {{- include "carbonio.labels" . | nindent 4 }} -spec: - ports: - - name: smtp - port: 25 - targetPort: 25 - - name: pop3 - port: 110 - targetPort: 110 - - name: login-ui - port: 443 - targetPort: 443 - - name: smtp-tls - port: 587 - targetPort: 587 - - name: admin-ui - port: 6071 - targetPort: 6071 - - selector: - app.kubernetes.io/name: {{ include "carbonio.name" . }} diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/serviceaccount.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/serviceaccount.yaml deleted file mode 100644 index a4df9427fa..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "carbonio.fullname" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} - labels: - {{ include "carbonio.labels" . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/partners/zextras/carbonio/23.3.0/src/templates/tests/test-connection.yaml b/charts/partners/zextras/carbonio/23.3.0/src/templates/tests/test-connection.yaml deleted file mode 100644 index 18ef8e5805..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Release.Name }}-server-test - labels: - {{- include "carbonio.labels" . | nindent 4 }} - namespace: carbonio-system - annotations: - "helm.sh/hook": test -spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{- toYaml .Values.serviceAccountName | nindent 8 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Release.Name }}-server-test - image: {{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - command: - - /bin/sh - - -c - - | - /opt/zextras/bin/zmcontrol -v - - restartPolicy: Never diff --git a/charts/partners/zextras/carbonio/23.3.0/src/values.schema.json b/charts/partners/zextras/carbonio/23.3.0/src/values.schema.json deleted file mode 100644 index 862cdc36e4..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/values.schema.json +++ /dev/null @@ -1,338 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-06/schema#", - "$ref": "#/definitions/Welcome10", - "definitions": { - "Welcome10": { - "type": "object", - "additionalProperties": false, - "properties": { - "nameOverride": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "service": { - "$ref": "#/definitions/Service" - }, - "serviceAccount": { - "$ref": "#/definitions/ServiceAccount" - }, - "serviceAccountName": { - "type": "string" - }, - "imagePullSecrets": { - "type": "array", - "items": {} - }, - "deployment": { - "$ref": "#/definitions/Deployment" - }, - "autoscaling": { - "$ref": "#/definitions/Autoscaling" - }, - "route": { - "$ref": "#/definitions/Route" - }, - "ingress": { - "$ref": "#/definitions/Ingress" - }, - "podAnnotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "podSecurityContext": { - "$ref": "#/definitions/PodAnnotations" - }, - "securityContext": { - "$ref": "#/definitions/SecurityContext" - }, - "resources": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "autoscaling", - "deployment", - "fullnameOverride", - "imagePullSecrets", - "ingress", - "nameOverride", - "podAnnotations", - "podSecurityContext", - "resources", - "route", - "securityContext", - "service", - "serviceAccount", - "serviceAccountName" - ], - "title": "Welcome10" - }, - "Autoscaling": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "minReplicas": { - "type": "integer" - }, - "maxReplicas": { - "type": "integer" - }, - "metrics": { - "type": "array", - "items": {} - } - }, - "required": [ - "enabled", - "maxReplicas", - "metrics", - "minReplicas" - ], - "title": "Autoscaling" - }, - "Deployment": { - "type": "object", - "additionalProperties": false, - "properties": { - "replicaCount": { - "type": "integer" - }, - "revisionHistoryLimit": { - "type": "integer" - }, - "updateStrategy": { - "$ref": "#/definitions/UpdateStrategy" - }, - "image": { - "$ref": "#/definitions/Image" - }, - "additionalLabels": { - "$ref": "#/definitions/PodAnnotations" - }, - "additionalAnnotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "nodeSelector": { - "$ref": "#/definitions/PodAnnotations" - }, - "tolerations": { - "type": "array", - "items": {} - }, - "affinity": { - "$ref": "#/definitions/PodAnnotations" - }, - "livenessProbe": { - "$ref": "#/definitions/NessProbe" - }, - "readinessProbe": { - "$ref": "#/definitions/NessProbe" - }, - "sidecars": { - "type": "array", - "items": {} - }, - "volumes": { - "type": "array", - "items": {} - } - }, - "required": [ - "additionalAnnotations", - "additionalLabels", - "affinity", - "image", - "livenessProbe", - "nodeSelector", - "readinessProbe", - "replicaCount", - "revisionHistoryLimit", - "sidecars", - "tolerations", - "updateStrategy", - "volumes" - ], - "title": "Deployment" - }, - "PodAnnotations": { - "type": "object", - "additionalProperties": false, - "title": "PodAnnotations" - }, - "Image": { - "type": "object", - "additionalProperties": false, - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - }, - "pullPolicy": { - "type": "string" - } - }, - "required": [ - "pullPolicy", - "repository", - "tag" - ], - "title": "Image" - }, - "NessProbe": { - "type": "object", - "additionalProperties": false, - "properties": { - "initialDelaySeconds": { - "type": "integer" - }, - "periodSeconds": { - "type": "integer" - }, - "successThreshold": { - "type": "integer" - }, - "timeoutSeconds": { - "type": "integer" - } - }, - "required": [ - "initialDelaySeconds", - "periodSeconds", - "successThreshold", - "timeoutSeconds" - ], - "title": "NessProbe" - }, - "UpdateStrategy": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "type": "string" - }, - "rollingUpdate": { - "$ref": "#/definitions/RollingUpdate" - } - }, - "required": [ - "rollingUpdate", - "type" - ], - "title": "UpdateStrategy" - }, - "RollingUpdate": { - "type": "object", - "additionalProperties": false, - "properties": { - "maxSurge": { - "type": "integer" - }, - "maxUnavailable": { - "type": "integer" - } - }, - "required": [ - "maxSurge", - "maxUnavailable" - ], - "title": "RollingUpdate" - }, - "Ingress": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "hosts": { - "type": "array", - "items": {} - }, - "tls": { - "type": "array", - "items": {} - } - }, - "required": [ - "annotations", - "enabled", - "hosts", - "tls" - ], - "title": "Ingress" - }, - "Route": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - }, - "tls": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "annotations", - "enabled", - "tls" - ], - "title": "Route" - }, - "SecurityContext": { - "type": "object", - "additionalProperties": false, - "properties": { - "runAsUser": { - "type": "integer" - } - }, - "required": [ - "runAsUser" - ], - "title": "SecurityContext" - }, - "Service": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "type": "string" - }, - "annotations": { - "$ref": "#/definitions/PodAnnotations" - } - }, - "required": [ - "annotations", - "type" - ], - "title": "Service" - }, - "ServiceAccount": { - "type": "object", - "additionalProperties": false, - "properties": { - "create": { - "type": "boolean" - } - }, - "required": [ - "create" - ], - "title": "ServiceAccount" - } - } -} diff --git a/charts/partners/zextras/carbonio/23.3.0/src/values.yaml b/charts/partners/zextras/carbonio/23.3.0/src/values.yaml deleted file mode 100644 index 140a55bed7..0000000000 --- a/charts/partners/zextras/carbonio/23.3.0/src/values.yaml +++ /dev/null @@ -1,172 +0,0 @@ -# Default values for carbonio. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- option to override the name config in the _helpers.tpl -nameOverride: "" -# -- option to override the fullname config in the _helpers.tpl -fullnameOverride: "" - -## configuration for the k8s service to access carbonio -service: - # -- service type - type: ClusterIP - # -- addtional annotations, if required - annotations: {} - -# -- if a specific service account should be used, it can be configured here -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -serviceAccount: - # -- specifies if the account should be created - create: false - # -- specifies the account name -serviceAccountName: "sa-with-anyuid" - -# Image pull secret to use for registry authentication. -imagePullSecrets: [] - -## deployment specific configuration -deployment: - # -- initial number of target replications, can be different if autoscaling is enabled - replicaCount: 1 - # -- number of old replicas to be retained - revisionHistoryLimit: 3 - ## configuration of the carbonio update strategy - updateStrategy: - # -- type of the update - type: RollingUpdate - # -- new pods will be added gradually - rollingUpdate: - # -- number of pods that can be created above the desired amount while updating - maxSurge: 1 - # -- number of pods that can be unavailable while updating - maxUnavailable: 0 - ## configuration of the image to be used - image: - # -- carbonio image name - repository: registry.connect.redhat.com/zextras/carbonio - # -- tag of the image to be used - tag: "23.3.0-single" - # -- specification of the image pull policy - pullPolicy: IfNotPresent - # -- additional labels for the deployment, if required - additionalLabels: {} - # -- additional annotations for the deployment, if required - additionalAnnotations: {} - # -- carbonio resource requests and limits, we leave the default empty to make that a concious choice by the user. - # for the autoscaling to make sense, you should configure this. - # resources: - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- selector template - # ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} - # -- tolerations template - # ref: ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # -- affinity template - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - ## liveness and readiness probes of the carbonio broker, they will be evaluated against the version endpoint - # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 30 - # -- additional sidepods for the deployment, if required - sidecars: [] - # -- additional volumes for the deployment, if required - volumes: [] - -## pod autoscaling configuration, use for automatic scaling of the broker pods -autoscaling: - # -- should autoscaling be enabled for the context broker - enabled: false - # -- minimum number of running pods - minReplicas: 1 - # -- maximum number of running pods - maxReplicas: 10 - # -- metrics to react on - metrics: [] - # -- List of MetricSpecs to decide whether to scale - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#metricspec-v2beta2-autoscaling - # scaler targets to hold average cpu around 80% - #- type: Resource - # resource: - # name: cpu - # target: - # type: Utilization - # averageUtilization: 80 - ## scaler targets to hold average memory around 80% - # - type: Resource - # resource: - # name: memory - # target: - # type: Utilization - # averageUtilization: 80 - -## openshift specific route definition. Will not work on plain k8s -route: - ## -- should the deployment create openshift routes - enabled: false - # -- annotations to be added to the route - annotations: {} - # -- host to be used - # host: localhost - # -- tls configuration for the route - tls: {} - # termination: edge - -## ingress configuration -ingress: - # -- should there be an ingress to connect carbonio with the public internet - enabled: false - # -- annotations to be added to the ingress - annotations: - {} - # kubernetes.io/ingress.class: "ambassador" - ## example annotations, allowing cert-manager to automatically create tls-certs and forcing everything to use ssl. - # kubernetes.io/tls-acme: "true" - # ingress.kubernetes.io/ssl-redirect: "true" - # -- all hosts to be provided - hosts: - [] - # -- provide a hosts and the paths that should be available - # - host: localhost - # paths: - # - / - # -- configure the ingress' tls - tls: - [] - # - secretName: carbonio-tls - # hosts: - # - carbonio.mail.local - -podAnnotations: {} - -podSecurityContext: {} -securityContext: - runAsUser: 0 - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi diff --git a/charts/partners/zextras/carbonio/OWNERS b/charts/partners/zextras/carbonio/OWNERS deleted file mode 100644 index 9ce2332f3e..0000000000 --- a/charts/partners/zextras/carbonio/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: carbonio - shortDescription: Zextras Carbonio - The digital workplace software for digital - sovereignty -providerDelivery: false -publicPgpKey: unknown -users: -- githubUsername: M0Rf30 -vendor: - label: zextras - name: Zextras Srl diff --git a/charts/partners/zextras/ce-single/OWNERS b/charts/partners/zextras/ce-single/OWNERS deleted file mode 100644 index 7fc442c182..0000000000 --- a/charts/partners/zextras/ce-single/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: ce-single - shortDescription: unknown -providerDelivery: true -publicPgpKey: unknown -users: -- githubUsername: M0Rf30 -vendor: - label: zextras - name: Zextras Srl diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/Chart.yaml deleted file mode 100644 index 2e375d4774..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.1.0" - -appVersion: "2.1.0.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -kubeVersion: ">=1.19.0" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/LICENSE b/charts/redhat/redhat/cryostat/0.1.0/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/README.md b/charts/redhat/redhat/cryostat/0.1.0/src/README.md deleted file mode 100644 index 89563ac26e..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.1.0` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.1.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.1.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.1.0/src/templates/NOTES.txt deleted file mode 100644 index 101854fed4..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/NOTES.txt +++ /dev/null @@ -1,85 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} -{{- end }} - -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.core.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - kubectl -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - kubectl -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " -}} -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type -}} - http://127.0.0.1:8080 -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.1.0/src/templates/_helpers.tpl deleted file mode 100644 index 14d85a6b53..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/deployment.yaml deleted file mode 100644 index 4a9dac96f1..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if .Values.grafana.ingress.tls }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health" - port: 8181 - startupProbe: - httpGet: - path: "/health" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/values.schema.json b/charts/redhat/redhat/cryostat/0.1.0/src/values.schema.json deleted file mode 100644 index 9cd12a389e..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/values.schema.json +++ /dev/null @@ -1,403 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.1.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": { - "type": "object" - } - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": { - "type": "object" - } - } - } -} diff --git a/charts/redhat/redhat/cryostat/0.1.0/src/values.yaml b/charts/redhat/redhat/cryostat/0.1.0/src/values.yaml deleted file mode 100644 index 0a51507009..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.0/src/values.yaml +++ /dev/null @@ -1,158 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.1.0" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.1.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.1.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: {} - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/Chart.yaml deleted file mode 100644 index 98e2981c22..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.1.1" - -appVersion: "2.1.0.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -kubeVersion: ">=1.19.0" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/LICENSE b/charts/redhat/redhat/cryostat/0.1.1/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/README.md b/charts/redhat/redhat/cryostat/0.1.1/src/README.md deleted file mode 100644 index 89563ac26e..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.1.0` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.1.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.1.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.1.1/src/templates/NOTES.txt deleted file mode 100644 index 84dc5a1cc6..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - kubectl -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - kubectl -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.1.1/src/templates/_helpers.tpl deleted file mode 100644 index 14d85a6b53..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/deployment.yaml deleted file mode 100644 index 4a9dac96f1..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if .Values.grafana.ingress.tls }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health" - port: 8181 - startupProbe: - httpGet: - path: "/health" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/values.schema.json b/charts/redhat/redhat/cryostat/0.1.1/src/values.schema.json deleted file mode 100644 index 9cd12a389e..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/values.schema.json +++ /dev/null @@ -1,403 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.1.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": { - "type": "object" - } - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": { - "type": "object" - } - } - } -} diff --git a/charts/redhat/redhat/cryostat/0.1.1/src/values.yaml b/charts/redhat/redhat/cryostat/0.1.1/src/values.yaml deleted file mode 100644 index 0a51507009..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.1/src/values.yaml +++ /dev/null @@ -1,158 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.1.0" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.1.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.1.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: {} - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/Chart.yaml deleted file mode 100644 index f0d5fc7d77..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.1.2" - -appVersion: "2.1.1.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -kubeVersion: ">=1.19.0" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/LICENSE b/charts/redhat/redhat/cryostat/0.1.2/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/README.md b/charts/redhat/redhat/cryostat/0.1.2/src/README.md deleted file mode 100644 index abae066019..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.1.1` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.1.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.1.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.1.2/src/templates/NOTES.txt deleted file mode 100644 index f7fa3b81d9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.1.2/src/templates/_helpers.tpl deleted file mode 100644 index 14d85a6b53..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/deployment.yaml deleted file mode 100644 index 4a9dac96f1..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if .Values.grafana.ingress.tls }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health" - port: 8181 - startupProbe: - httpGet: - path: "/health" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/values.schema.json b/charts/redhat/redhat/cryostat/0.1.2/src/values.schema.json deleted file mode 100644 index 7c7dc2860c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/values.schema.json +++ /dev/null @@ -1,403 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.1.1" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.1.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": { - "type": "object" - } - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": { - "type": "object" - } - } - } -} diff --git a/charts/redhat/redhat/cryostat/0.1.2/src/values.yaml b/charts/redhat/redhat/cryostat/0.1.2/src/values.yaml deleted file mode 100644 index 17c047d703..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.2/src/values.yaml +++ /dev/null @@ -1,158 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.1.1" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.1.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.1.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: {} - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/Chart.yaml deleted file mode 100644 index 55d9cc3d92..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.1.3" - -appVersion: "2.1.1.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -kubeVersion: ">=1.19.0" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/LICENSE b/charts/redhat/redhat/cryostat/0.1.3/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/README.md b/charts/redhat/redhat/cryostat/0.1.3/src/README.md deleted file mode 100644 index abae066019..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.1.1` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.1.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.1.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.1.3/src/templates/NOTES.txt deleted file mode 100644 index f7fa3b81d9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.1.3/src/templates/_helpers.tpl deleted file mode 100644 index 14d85a6b53..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/deployment.yaml deleted file mode 100644 index e874fc294f..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/deployment.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if .Values.grafana.ingress.tls }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/values.schema.json b/charts/redhat/redhat/cryostat/0.1.3/src/values.schema.json deleted file mode 100644 index 7c7dc2860c..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/values.schema.json +++ /dev/null @@ -1,403 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.1.1" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.1.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": { - "type": "object" - } - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.1.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "description": "Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": { - "type": "object" - } - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": { - "type": "object" - } - } - } -} diff --git a/charts/redhat/redhat/cryostat/0.1.3/src/values.yaml b/charts/redhat/redhat/cryostat/0.1.3/src/values.yaml deleted file mode 100644 index 17c047d703..0000000000 --- a/charts/redhat/redhat/cryostat/0.1.3/src/values.yaml +++ /dev/null @@ -1,158 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.1.1" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext Security Context for the Cryostat container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.1.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext Security Context for the Grafana container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.1.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext Security Context for the JFR Data Source container. See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: {} - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: {} - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/.helmignore b/charts/redhat/redhat/cryostat/0.2.0/src/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/Chart.yaml deleted file mode 100644 index 3269c4b27d..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.2.0" - -kubeVersion: ">= 1.19.0" - -appVersion: "2.2.0.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Red Hat build of Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/LICENSE b/charts/redhat/redhat/cryostat/0.2.0/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/README.md b/charts/redhat/redhat/cryostat/0.2.0/src/README.md deleted file mode 100644 index 83fc1297a2..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.2.0` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `core.databaseSecretName` | Name of the secret to extract password for credentials database. | `""` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.2.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.2.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.2.0/src/templates/NOTES.txt deleted file mode 100644 index f7fa3b81d9..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.2.0/src/templates/_helpers.tpl deleted file mode 100644 index b2847fa752..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Get or generate a default password for credentials database -*/}} -{{- define "cryostat.databasePassword" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "cryostat-jmx-credentials-db") -}} -{{- if $secret -}} -{{/* - Use current password. Do not regenerate -*/}} -{{- $secret.data.CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD -}} -{{- else -}} -{{/* - Generate new password -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/deployment.yaml deleted file mode 100644 index 04e3b6bac7..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/deployment.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if (or (.Values.grafana.ingress.tls) (.Values.grafana.sslProxied)) }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - - name: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default "cryostat-jmx-credentials-db" .Values.core.databaseSecretName }} - key: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - optional: false - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/secret.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/secret.yaml deleted file mode 100644 index 375913a3d6..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if empty .Values.core.databaseSecretName -}} -apiVersion: v1 -kind: Secret -metadata: - name: cryostat-jmx-credentials-db -type: Opaque -data: - CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD: {{ include "cryostat.databasePassword" . }} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/values.schema.json b/charts/redhat/redhat/cryostat/0.2.0/src/values.schema.json deleted file mode 100644 index 1cf749b404..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/values.schema.json +++ /dev/null @@ -1,480 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.2.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "databaseSecretName": { - "type": "string", - "description": "Name of the secret to extract password for credentials database.", - "default": "" - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.2.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.2.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": {} - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "podSecurityContext": { - "type": "object", - "properties": { - "runAsNonRoot": { - "type": "boolean", - "description": "", - "default": true - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/cryostat/0.2.0/src/values.yaml b/charts/redhat/redhat/cryostat/0.2.0/src/values.yaml deleted file mode 100644 index a852afb6b3..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.0/src/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.2.0" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ## @param core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext [object] Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip core.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip core.securityContext.capabilities - capabilities: - drop: - - ALL - ## @param core.databaseSecretName Name of the secret to extract password for credentials database. - databaseSecretName: "" - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.2.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ## @param grafana.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext [object] Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip grafana.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip grafana.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.2.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip datasource.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip datasource.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: - ## @skip podSecurityContext.runAsNonRoot - runAsNonRoot: true - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/.helmignore b/charts/redhat/redhat/cryostat/0.2.1/src/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/Chart.yaml deleted file mode 100644 index 78c30b7b18..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.2.1" - -kubeVersion: ">= 1.19.0" - -appVersion: "2.2.1.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Red Hat build of Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/LICENSE b/charts/redhat/redhat/cryostat/0.2.1/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/README.md b/charts/redhat/redhat/cryostat/0.2.1/src/README.md deleted file mode 100644 index 246fb83930..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.2.1` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `core.databaseSecretName` | Name of the secret to extract password for credentials database. | `""` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.2.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.2.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.2.1/src/templates/NOTES.txt deleted file mode 100644 index f7fa3b81d9..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.2.1/src/templates/_helpers.tpl deleted file mode 100644 index b2847fa752..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Get or generate a default password for credentials database -*/}} -{{- define "cryostat.databasePassword" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "cryostat-jmx-credentials-db") -}} -{{- if $secret -}} -{{/* - Use current password. Do not regenerate -*/}} -{{- $secret.data.CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD -}} -{{- else -}} -{{/* - Generate new password -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/deployment.yaml deleted file mode 100644 index 04e3b6bac7..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/deployment.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if (or (.Values.grafana.ingress.tls) (.Values.grafana.sslProxied)) }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - - name: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default "cryostat-jmx-credentials-db" .Values.core.databaseSecretName }} - key: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - optional: false - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/secret.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/secret.yaml deleted file mode 100644 index 375913a3d6..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if empty .Values.core.databaseSecretName -}} -apiVersion: v1 -kind: Secret -metadata: - name: cryostat-jmx-credentials-db -type: Opaque -data: - CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD: {{ include "cryostat.databasePassword" . }} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/values.schema.json b/charts/redhat/redhat/cryostat/0.2.1/src/values.schema.json deleted file mode 100644 index 3bb88f3b55..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/values.schema.json +++ /dev/null @@ -1,480 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.2.1" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "databaseSecretName": { - "type": "string", - "description": "Name of the secret to extract password for credentials database.", - "default": "" - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.2.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.2.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": {} - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "podSecurityContext": { - "type": "object", - "properties": { - "runAsNonRoot": { - "type": "boolean", - "description": "", - "default": true - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/cryostat/0.2.1/src/values.yaml b/charts/redhat/redhat/cryostat/0.2.1/src/values.yaml deleted file mode 100644 index 9840f748bd..0000000000 --- a/charts/redhat/redhat/cryostat/0.2.1/src/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.2.1" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ## @param core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext [object] Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip core.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip core.securityContext.capabilities - capabilities: - drop: - - ALL - ## @param core.databaseSecretName Name of the secret to extract password for credentials database. - databaseSecretName: "" - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.2.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ## @param grafana.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext [object] Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip grafana.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip grafana.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.2.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip datasource.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip datasource.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: - ## @skip podSecurityContext.runAsNonRoot - runAsNonRoot: true - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/.helmignore b/charts/redhat/redhat/cryostat/0.3.0/src/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/Chart.yaml deleted file mode 100644 index 335789c90d..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.3.0" - -kubeVersion: ">= 1.19.0-0" - -appVersion: "2.3.0.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Red Hat build of Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/LICENSE b/charts/redhat/redhat/cryostat/0.3.0/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/README.md b/charts/redhat/redhat/cryostat/0.3.0/src/README.md deleted file mode 100644 index e95066b75d..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.3.0` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `core.databaseSecretName` | Name of the secret to extract password for credentials database. | `""` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.3.0` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.3.0` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.3.0/src/templates/NOTES.txt deleted file mode 100644 index f7fa3b81d9..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.port }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.3.0/src/templates/_helpers.tpl deleted file mode 100644 index b2847fa752..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/_helpers.tpl +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Get or generate a default password for credentials database -*/}} -{{- define "cryostat.databasePassword" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace "cryostat-jmx-credentials-db") -}} -{{- if $secret -}} -{{/* - Use current password. Do not regenerate -*/}} -{{- $secret.data.CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD -}} -{{- else -}} -{{/* - Generate new password -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/deployment.yaml deleted file mode 100644 index 04c02d3147..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if (or (.Values.grafana.ingress.tls) (.Values.grafana.sslProxied)) }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - - name: CRYOSTAT_K8S_NAMESPACES - value: "{{ .Release.Namespace }}" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - - name: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default "cryostat-jmx-credentials-db" .Values.core.databaseSecretName }} - key: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - optional: false - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/secret.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/secret.yaml deleted file mode 100644 index 375913a3d6..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if empty .Values.core.databaseSecretName -}} -apiVersion: v1 -kind: Secret -metadata: - name: cryostat-jmx-credentials-db -type: Opaque -data: - CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD: {{ include "cryostat.databasePassword" . }} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/values.schema.json b/charts/redhat/redhat/cryostat/0.3.0/src/values.schema.json deleted file mode 100644 index efea95d598..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/values.schema.json +++ /dev/null @@ -1,480 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.3.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "databaseSecretName": { - "type": "string", - "description": "Name of the secret to extract password for credentials database.", - "default": "" - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.3.0" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.3.0" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": {} - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "podSecurityContext": { - "type": "object", - "properties": { - "runAsNonRoot": { - "type": "boolean", - "description": "", - "default": true - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/cryostat/0.3.0/src/values.yaml b/charts/redhat/redhat/cryostat/0.3.0/src/values.yaml deleted file mode 100644 index c20f72a71b..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.0/src/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.3.0" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ## @param core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext [object] Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip core.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip core.securityContext.capabilities - capabilities: - drop: - - ALL - ## @param core.databaseSecretName Name of the secret to extract password for credentials database. - databaseSecretName: "" - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.3.0" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ## @param grafana.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext [object] Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip grafana.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip grafana.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.3.0" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip datasource.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip datasource.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: - ## @skip podSecurityContext.runAsNonRoot - runAsNonRoot: true - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/.helmignore b/charts/redhat/redhat/cryostat/0.3.1/src/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/Chart.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/Chart.yaml deleted file mode 100644 index 9679871734..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "0.3.1" - -kubeVersion: ">= 1.19.0-0" - -appVersion: "2.3.1.redhat" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Red Hat build of Cryostat - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://github.com/cryostatio/cryostat-helm - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/LICENSE b/charts/redhat/redhat/cryostat/0.3.1/src/LICENSE deleted file mode 100644 index e55f9f088f..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/LICENSE +++ /dev/null @@ -1,35 +0,0 @@ -Copyright The Cryostat Authors - -The Universal Permissive License (UPL), Version 1.0 - -Subject to the condition set forth below, permission is hereby granted to any -person obtaining a copy of this software, associated documentation and/or data -(collectively the "Software"), free of charge and under any and all copyright -rights in the Software, and any and all patent rights owned or freely -licensable by each licensor hereunder covering either (i) the unmodified -Software as contributed to or provided by such licensor, or (ii) the Larger -Works (as defined below), to deal in both - -(a) the Software, and -(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if -one is included with the Software (each a "Larger Work" to which the Software -is contributed by such licensors), - -without restriction, including without limitation the rights to copy, create -derivative works of, display, perform, and distribute the Software and make, -use, sell, offer for sale, import, export, have made, and have sold the -Software and the Larger Work(s), and to sublicense the foregoing rights on -either these or other terms. - -This license is subject to the following condition: -The above copyright notice and either this complete permission notice or at -a minimum a reference to the UPL must be included in all copies or -substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/README.md b/charts/redhat/redhat/cryostat/0.3.1/src/README.md deleted file mode 100644 index 1dc8eb835e..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `registry.redhat.io/cryostat-tech-preview/cryostat-rhel8` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | -| `core.image.tag` | Tag for the main Cryostat container image | `2.3.1` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.service.jmxPort` | Port number to expose on the Service for remote JMX connections to Cryostat | `9091` | -| `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `true` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `core.databaseSecretName` | Name of the secret to extract password for credentials database. | `""` | - - -### Grafana Container - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | -| `grafana.image.tag` | Tag for the Grafana container image | `2.3.1` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `grafana.ingress.enabled` | Whether to create an Ingress object for the Grafana service | `false` | -| `grafana.ingress.className` | Ingress class name for the Grafana Ingress | `""` | -| `grafana.ingress.annotations` | Annotations to apply to the Grafana Ingress | `{}` | -| `grafana.ingress.hosts` | Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.ingress.tls` | TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `grafana.route.enabled` | Whether to create a Route object for the Grafana service. Available only on OpenShift | `true` | -| `grafana.route.tls.enabled` | Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `grafana.route.tls.termination` | Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `grafana.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `grafana.route.tls.key` | Custom private key to use when securing the Grafana Route | `""` | -| `grafana.route.tls.certificate` | Custom certificate to use when securing the Grafana Route | `""` | -| `grafana.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | `""` | -| `grafana.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | `""` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `2.3.1` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | - - diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/NOTES.txt b/charts/redhat/redhat/cryostat/0.3.1/src/templates/NOTES.txt deleted file mode 100644 index 8c5eb6f668..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} - export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$ROUTE_HOST" }} -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' - export SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }} -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if .Values.grafana.route.enabled }} - export GRAFANA_ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana -o jsonpath="{.status.ingress[0].host}") -{{- $envVars = append $envVars ( tpl "GRAFANA_DASHBOARD_URL=http{{ if .Values.grafana.route.tls.enabled }}s{{ end }}://$GRAFANA_ROUTE_HOST" . ) }} -{{- else if .Values.grafana.ingress.enabled }} -{{- /* Do nothing */}} -{{- else if contains "NodePort" .Values.grafana.service.type }} -{{- if not (contains "NodePort" .Values.core.service.type) }} - export NODE_IP=$(oc get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- end }} - export GRAFANA_NODE_PORT=$(oc get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana) -{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}} -{{- else if contains "LoadBalancer" .Values.grafana.service.type }} -{{- if not (contains "LoadBalancer" .Values.core.service.type) }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'oc get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana' -{{- end }} - export GRAFANA_SERVICE_IP=$(oc get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }} -{{- else if contains "ClusterIP" .Values.grafana.service.type }} -{{- if not (contains "ClusterIP" .Values.core.service.type) }} - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- end }} - export GRAFANA_CONTAINER_PORT=$(oc get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") -{{- $envVars = concat $envVars ( list "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT" "GRAFANA_DASHBOARD_EXT_URL=http://127.0.0.1:8081" )}} -{{- $portForwards = append $portForwards "8081:$GRAFANA_CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - oc -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(oc get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - oc -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - oc -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo http{{ if $.Values.core.route.tls.enabled }}s{{ end }}://$ROUTE_HOST -{{- else if .Values.core.ingress.enabled -}} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths -}} - http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.httpPort }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://127.0.0.1:8080 -{{- end }} - ``` diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/_helpers.tpl b/charts/redhat/redhat/cryostat/0.3.1/src/templates/_helpers.tpl deleted file mode 100644 index 33c7369a1f..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Get or generate a default password for credentials database -*/}} -{{- define "cryostat.databasePassword" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-jmx-credentials-db" .Release.Name)) -}} -{{- if $secret -}} -{{/* - Use current password. Do not regenerate -*/}} -{{- $secret.data.CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD -}} -{{- else -}} -{{/* - Generate new password -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/deployment.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/deployment.yaml deleted file mode 100644 index b9a0e538b2..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: CRYOSTAT_WEB_PORT - value: "8181" - - name: CRYOSTAT_CONFIG_PATH - value: /opt/cryostat.d/conf.d - - name: CRYOSTAT_ARCHIVE_PATH - value: /opt/cryostat.d/recordings.d - - name: CRYOSTAT_TEMPLATE_PATH - value: /opt/cryostat.d/templates.d - - name: CRYOSTAT_CLIENTLIB_PATH - value: /opt/cryostat.d/clientlib.d - - name: CRYOSTAT_PROBE_TEMPLATE_PATH - value: /opt/cryostat.d/probes.d - - name: CRYOSTAT_EXT_WEB_PORT - value: "{{ if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }}443{{ else }}80{{ end }}" - - name: CRYOSTAT_WEB_HOST - value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_PLATFORM - value: io.cryostat.platform.internal.KubeApiPlatformStrategy - - name: CRYOSTAT_AUTH_MANAGER - value: io.cryostat.net.NoopAuthManager - - name: GRAFANA_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GRAFANA_DASHBOARD_URL - value: "{{ if .Values.grafana.ingress.enabled }}http{{ if (or (.Values.grafana.ingress.tls) (.Values.grafana.sslProxied)) }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}" - - name: CRYOSTAT_DISABLE_SSL - value: "true" - - name: CRYOSTAT_DISABLE_JMX_AUTH - value: "true" - - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL - value: "true" - - name: CRYOSTAT_ENABLE_JDP_BROADCAST - value: "false" - - name: CRYOSTAT_K8S_NAMESPACES - value: "{{ .Release.Namespace }}" - {{- if (or (and .Values.core.route.enabled .Values.core.route.tls.enabled) (and .Values.core.ingress.enabled .Values.core.ingress.tls) (.Values.core.sslProxied)) }} - - name: CRYOSTAT_SSL_PROXIED - value: "true" - {{- end }} - - name: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (printf "%s-jmx-credentials-db" .Release.Name) .Values.core.databaseSecretName }} - key: CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD - optional: false - ports: - - containerPort: 8181 - protocol: TCP - - containerPort: 9090 - protocol: TCP - - containerPort: 9091 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - volumeMounts: - - mountPath: /opt/cryostat.d/conf.d - name: {{ .Chart.Name }} - subPath: config - - mountPath: /opt/cryostat.d/recordings.d - name: {{ .Chart.Name }} - subPath: flightrecordings - - mountPath: /opt/cryostat.d/templates.d - name: {{ .Chart.Name }} - subPath: templates - - mountPath: /opt/cryostat.d/clientlib.d - name: {{ .Chart.Name }} - subPath: clientlib - - mountPath: /opt/cryostat.d/probes.d - name: {{ .Chart.Name }} - subPath: probes - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: JFR_DATASOURCE_URL - value: http://127.0.0.1:8080 - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: 127.0.0.1 - ports: - - containerPort: 8080 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://127.0.0.1:8080 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: {{ .Chart.Name }} - emptyDir: {} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/ingress.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/ingress.yaml deleted file mode 100644 index 3d317704e3..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- define "createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.ingress.enabled }} -{{- include "createIngress" (list (printf "%s-%s" $fullName "grafana") .Values.grafana.service.port $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/role.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/role.yaml deleted file mode 100644 index b47c04440b..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/rolebinding.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/rolebinding.yaml deleted file mode 100644 index 22278c28dd..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/route.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/route.yaml deleted file mode 100644 index 79b19fff0c..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/route.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- define "createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "createRoute" (list $fullName 8181 $ .Values.core)}} -{{- end }} -{{- if .Values.grafana.route.enabled }} -{{- include "createRoute" (list (printf "%s-%s" $fullName "grafana") 3000 $ .Values.grafana)}} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/secret.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/secret.yaml deleted file mode 100644 index 5fc98aa9e5..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if empty .Values.core.databaseSecretName -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-jmx-credentials-db -type: Opaque -data: - CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD: {{ include "cryostat.databasePassword" . }} -{{- end -}} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/service.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/service.yaml deleted file mode 100644 index 9623f7add9..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 8181 - protocol: TCP - name: cryostat-http - - port: {{ .Values.core.service.jmxPort }} - targetPort: 9091 - protocol: TCP - name: jfr-jmx - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-%s" $fullName "grafana" }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} -spec: - type: {{ .Values.grafana.service.type }} - ports: - - port: {{ .Values.grafana.service.port }} - targetPort: 3000 - protocol: TCP - name: grafana-http - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/serviceaccount.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/serviceaccount.yaml deleted file mode 100644 index 74ae99867b..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/templates/tests/test-connection.yaml deleted file mode 100644 index cf43714c08..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-ec' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - jq -e {{ printf "(.cryostatVersion | test(\"^%s\")) and .datasourceAvailable == true" .Chart.AppVersion | squote }} /tmp/out.json; - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}-grafana:{{ .Values.grafana.service.port }}/api/health - restartPolicy: Never diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/values.schema.json b/charts/redhat/redhat/cryostat/0.3.1/src/values.schema.json deleted file mode 100644 index d530539ada..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/values.schema.json +++ /dev/null @@ -1,480 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "2.3.1" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - }, - "jmxPort": { - "type": "number", - "description": "Port number to expose on the Service for remote JMX connections to Cryostat", - "default": 9091 - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "databaseSecretName": { - "type": "string", - "description": "Name of the secret to extract password for credentials database.", - "default": "" - } - } - }, - "grafana": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "2.3.1" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "ingress": { - "type": "object", - "properties": { - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Grafana service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Grafana Ingress", - "default": "" - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Grafana service. Available only on OpenShift", - "default": true - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Grafana Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Grafana Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route", - "default": "" - } - } - } - } - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "2.3.1" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": {} - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "podSecurityContext": { - "type": "object", - "properties": { - "runAsNonRoot": { - "type": "boolean", - "description": "", - "default": true - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/cryostat/0.3.1/src/values.yaml b/charts/redhat/redhat/cryostat/0.3.1/src/values.yaml deleted file mode 100644 index 35306969d3..0000000000 --- a/charts/redhat/redhat/cryostat/0.3.1/src/values.yaml +++ /dev/null @@ -1,184 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-rhel8" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: IfNotPresent - ## @param core.image.tag Tag for the main Cryostat container image - tag: "2.3.1" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.service.jmxPort Port number to expose on the Service for remote JMX connections to Cryostat - jmxPort: 9091 - ## @param core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: true - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext [object] Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip core.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip core.securityContext.capabilities - capabilities: - drop: - - ALL - ## @param core.databaseSecretName Name of the secret to extract password for credentials database. - databaseSecretName: "" - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: IfNotPresent - ## @param grafana.image.tag Tag for the Grafana container image - tag: "2.3.1" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ## @param grafana.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param grafana.ingress.enabled Whether to create an Ingress object for the Grafana service - enabled: false - ## @param grafana.ingress.className Ingress class name for the Grafana Ingress - className: "" - ## @param grafana.ingress.annotations [object] Annotations to apply to the Grafana Ingress - annotations: {} - ## @param grafana.ingress.hosts [array] Hosts to create rules for in the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat-grafana.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param grafana.ingress.tls [array] TLS configuration for the Grafana Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param grafana.route.enabled Whether to create a Route object for the Grafana service. Available only on OpenShift - enabled: true - tls: - ## @param grafana.route.tls.enabled Whether to secure the Grafana Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param grafana.route.tls.termination Type of TLS termination to use for the Grafana Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param grafana.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Grafana Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param grafana.route.tls.key Custom private key to use when securing the Grafana Route - key: "" - ## @param grafana.route.tls.certificate Custom certificate to use when securing the Grafana Route - caCertificate: "" - ## @param grafana.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route - certificate: "" - ## @param grafana.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route - destinationCACertificate: "" - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext [object] Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip grafana.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip grafana.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: IfNotPresent - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "2.3.1" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip datasource.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip datasource.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: - ## @skip podSecurityContext.runAsNonRoot - runAsNonRoot: true - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} diff --git a/charts/redhat/redhat/cryostat/OWNERS b/charts/redhat/redhat/cryostat/OWNERS deleted file mode 100644 index c04209dd17..0000000000 --- a/charts/redhat/redhat/cryostat/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: cryostat - shortDescription: A Helm chart for deploying Cryostat on Kubernetes and OpenShift -publicPgpKey: null -users: - - githubUsername: ebaron - - githubUsername: andrewazores -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/data-grid/8.3.0/data-grid-8.3.0.tgz b/charts/redhat/redhat/data-grid/8.3.0/data-grid-8.3.0.tgz deleted file mode 100644 index 3310a2cc70..0000000000 Binary files a/charts/redhat/redhat/data-grid/8.3.0/data-grid-8.3.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/data-grid/8.3.1/data-grid-8.3.1.tgz b/charts/redhat/redhat/data-grid/8.3.1/data-grid-8.3.1.tgz deleted file mode 100644 index 128734324f..0000000000 Binary files a/charts/redhat/redhat/data-grid/8.3.1/data-grid-8.3.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/data-grid/8.4.0/data-grid-8.4.0.tgz b/charts/redhat/redhat/data-grid/8.4.0/data-grid-8.4.0.tgz deleted file mode 100644 index 5842385238..0000000000 Binary files a/charts/redhat/redhat/data-grid/8.4.0/data-grid-8.4.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/data-grid/8.4.2/data-grid-8.4.2.tgz b/charts/redhat/redhat/data-grid/8.4.2/data-grid-8.4.2.tgz deleted file mode 100644 index 795d8ae8fe..0000000000 Binary files a/charts/redhat/redhat/data-grid/8.4.2/data-grid-8.4.2.tgz and /dev/null differ diff --git a/charts/redhat/redhat/data-grid/8.4.3/data-grid-8.4.3.tgz b/charts/redhat/redhat/data-grid/8.4.3/data-grid-8.4.3.tgz deleted file mode 100644 index 1962b08cf7..0000000000 Binary files a/charts/redhat/redhat/data-grid/8.4.3/data-grid-8.4.3.tgz and /dev/null differ diff --git a/charts/redhat/redhat/data-grid/OWNERS b/charts/redhat/redhat/data-grid/OWNERS deleted file mode 100644 index 1887f89a29..0000000000 --- a/charts/redhat/redhat/data-grid/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: data-grid - shortDescription: This is the Red Had Data Grid chart -publicPgpKey: null -users: -- githubUsername: ryanemerson -- githubUsername: pminz -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/developer-hub/0.1.0/developer-hub-0.1.0.tgz b/charts/redhat/redhat/developer-hub/0.1.0/developer-hub-0.1.0.tgz deleted file mode 100644 index 4e3f1fb9bc..0000000000 Binary files a/charts/redhat/redhat/developer-hub/0.1.0/developer-hub-0.1.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/developer-hub/0.1.0/report.yaml b/charts/redhat/redhat/developer-hub/0.1.0/report.yaml deleted file mode 100644 index 07b80b2e94..0000000000 --- a/charts/redhat/redhat/developer-hub/0.1.0/report.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.12.0 - profile: - VendorType: redhat - version: v1.2 - reportDigest: uint64:6968490722177852570 - chart-uri: /mnt/chart/developer-hub-0.1.0.tgz - digests: - chart: sha256:ef0a0625e0aa4e4c8dd8e1190175c25dac725303d9ed4f08f2dacab6285c9b7a - package: f47d79b0999e08d0cd880c9e691bdbe35204d4958ad871bb66cf4ab04b4f65b3 - lastCertifiedTimestamp: "2023-06-29T15:48:30.903369+00:00" - testedOpenShiftVersion: N/A - supportedOpenShiftVersions: '>=4.6' - webCatalogOnly: false - chart: - name: developer-hub - home: https://red.ht/rhdh - sources: [] - version: 0.1.0 - description: A Helm chart for deploying Red Hat Developer Hub - keywords: - - backstage - - idp - - janus-idp - - developer-hub - - redhat - maintainers: - - name: Red Hat - email: "" - url: https://redhat.com - icon: data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' id='Layer_1' data-name='Layer 1' viewBox='0 0 192 145'%3E%3Cdefs%3E%3Cstyle%3E.cls-1%7Bfill:%23e00;%7D%3C/style%3E%3C/defs%3E%3Ctitle%3ERedHat-Logo-Hat-Color%3C/title%3E%3Cpath d='M157.77,62.61a14,14,0,0,1,.31,3.42c0,14.88-18.1,17.46-30.61,17.46C78.83,83.49,42.53,53.26,42.53,44a6.43,6.43,0,0,1,.22-1.94l-3.66,9.06a18.45,18.45,0,0,0-1.51,7.33c0,18.11,41,45.48,87.74,45.48,20.69,0,36.43-7.76,36.43-21.77,0-1.08,0-1.94-1.73-10.13Z'/%3E%3Cpath class='cls-1' d='M127.47,83.49c12.51,0,30.61-2.58,30.61-17.46a14,14,0,0,0-.31-3.42l-7.45-32.36c-1.72-7.12-3.23-10.35-15.73-16.6C124.89,8.69,103.76.5,97.51.5,91.69.5,90,8,83.06,8c-6.68,0-11.64-5.6-17.89-5.6-6,0-9.91,4.09-12.93,12.5,0,0-8.41,23.72-9.49,27.16A6.43,6.43,0,0,0,42.53,44c0,9.22,36.3,39.45,84.94,39.45M160,72.07c1.73,8.19,1.73,9.05,1.73,10.13,0,14-15.74,21.77-36.43,21.77C78.54,104,37.58,76.6,37.58,58.49a18.45,18.45,0,0,1,1.51-7.33C22.27,52,.5,55,.5,74.22c0,31.48,74.59,70.28,133.65,70.28,45.28,0,56.7-20.48,56.7-36.65,0-12.72-11-27.16-30.83-35.78'/%3E%3C/svg%3E - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0-8 - deprecated: false - annotations: - artifacthub.io/category: integration-delivery - artifacthub.io/license: Apache-2.0 - artifacthub.io/links: | - - name: support - url: https://github.com/janus-idp/helm-backstage/issues - - name: Chart Source - url: https://github.com/janus-idp/helm-backstage - - name: Default Image Source - url: https://github.com/janus-idp/backstage-showcase - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Red Hat Developer Hub - charts.openshift.io/provider: Red Hat - charts.openshift.io/supportURL: https://red.ht/rhdh - kubeversion: '>= 1.19.0-0' - dependencies: - - name: common - version: 2.4.0 - repository: https://charts.bitnami.com/bitnami - condition: "" - tags: - - bitnami-common - enabled: false - importvalues: [] - alias: "" - - name: backstage - version: 1.1.2 - repository: https://backstage.github.io/charts - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: upstream - type: application - chart-overrides: "" -results: - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/signature-is-valid - type: Mandatory - outcome: SKIPPED - reason: 'Chart is not signed : Signature verification not required' - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.1/images-are-certified - type: Mandatory - outcome: FAIL - reason: |- - Image is not Red Hat certified : quay.io/rhdh/developer-hub-rhel9:1.0-8 - Image certification skipped : registry.redhat.io/rhel9/postgresql-15:latest - Image certification skipped : registry.redhat.io/ubi9:latest - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: 'chart Install failure: rendered manifests contain a resource that already exists. Unable to continue with install: ConfigMap "backstage-app-config" in namespace "tcoufal-dev" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "developer-hub-v25xm9jne4": current value is "developer-hub"' - diff --git a/charts/redhat/redhat/developer-hub/0.2.0/developer-hub-0.2.0.tgz b/charts/redhat/redhat/developer-hub/0.2.0/developer-hub-0.2.0.tgz deleted file mode 100644 index 40626e6f00..0000000000 Binary files a/charts/redhat/redhat/developer-hub/0.2.0/developer-hub-0.2.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap-xp3/1.0.0/eap-xp3-1.0.0.tgz b/charts/redhat/redhat/eap-xp3/1.0.0/eap-xp3-1.0.0.tgz deleted file mode 100644 index 3022cf57d8..0000000000 Binary files a/charts/redhat/redhat/eap-xp3/1.0.0/eap-xp3-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap-xp3/1.0.0/report.yaml b/charts/redhat/redhat/eap-xp3/1.0.0/report.yaml deleted file mode 100644 index 62bbe42d10..0000000000 --- a/charts/redhat/redhat/eap-xp3/1.0.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.2 - profile: - VendorType: partner - version: v1.0 - chart-uri: /charts/1.0.0/eap-xp3-1.0.0.tgz - digest: sha256:85d0347b6c3377037f8ad5287fc0c4a1baef708a65c26669993d2ed5b5f765bb - digests: - chart: sha256:85d0347b6c3377037f8ad5287fc0c4a1baef708a65c26669993d2ed5b5f765bb - package: 1dca1d8a2314713878a2052d674fddfc47063deb3fb67650d95f9bf51b33500b - lastCertifiedTimestamp: "2021-09-02T11:32:44.405532+00:00" - certifiedOpenShiftVersions: N/A - chart: - name: eap-xp3 - home: "" - sources: [] - version: 1.0.0 - description: Build and Deploy EAP XP3 applications on OpenShift - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "3.0" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: - - name: wildfly-common - version: 1.3.0 - repository: https://docs.wildfly.org/wildfly-charts/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Failed to certify images : Failed to get images, error running helm template - : execution error at (eap-xp3/templates/buildconfig-bootable-jar.yaml:2:4): - Git source repository URL is required' - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install eap-xp3-18tj2s0xux /root/.cache/chart-verifier/_charts_1_0_0_eap_xp3_1_0_0_tgz/eap-xp3 --namespace default --wait --values /tmp/chart-testing-094611264/values.yaml": exit status 1 - --- - Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - diff --git a/charts/redhat/redhat/eap-xp3/OWNERS b/charts/redhat/redhat/eap-xp3/OWNERS deleted file mode 100644 index 815f2c4f2a..0000000000 --- a/charts/redhat/redhat/eap-xp3/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: eap-xp3 - shortDescription: Build and Deploy EAP XP 3 applications on OpenShift -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil -vendor: - label: redhat - name: Red Hat \ No newline at end of file diff --git a/charts/redhat/redhat/eap-xp4/1.0.0/eap-xp4-1.0.0.tgz b/charts/redhat/redhat/eap-xp4/1.0.0/eap-xp4-1.0.0.tgz deleted file mode 100644 index 22bf18dd9a..0000000000 Binary files a/charts/redhat/redhat/eap-xp4/1.0.0/eap-xp4-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap-xp4/OWNERS b/charts/redhat/redhat/eap-xp4/OWNERS deleted file mode 100644 index 73143fe00b..0000000000 --- a/charts/redhat/redhat/eap-xp4/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: eap-xp4 - shortDescription: Build and Deploy EAP XP 4 applications on OpenShift -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil -vendor: - label: redhat - name: Red Hat \ No newline at end of file diff --git a/charts/redhat/redhat/eap74/1.1.0/eap74-1.1.0.tgz b/charts/redhat/redhat/eap74/1.1.0/eap74-1.1.0.tgz deleted file mode 100644 index e3f27c2d2c..0000000000 Binary files a/charts/redhat/redhat/eap74/1.1.0/eap74-1.1.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap74/1.1.0/report.yaml b/charts/redhat/redhat/eap74/1.1.0/report.yaml deleted file mode 100644 index 267a5082f4..0000000000 --- a/charts/redhat/redhat/eap74/1.1.0/report.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.2.2 - profile: - VendorType: partner - version: v1.0 - chart-uri: /charts/1.1.0/eap74-1.1.0.tgz - digest: sha256:c21bfc66510ed4deeb5dda0be56c23179335728bd966edcc5110dd8bf12906e1 - digests: - chart: sha256:c21bfc66510ed4deeb5dda0be56c23179335728bd966edcc5110dd8bf12906e1 - package: 76c75d5d114489b62a05093c0571d9183d6bf4c8907147c015b1eaf04d533864 - lastCertifiedTimestamp: "2021-09-01T14:46:21.647631+00:00" - certifiedOpenShiftVersions: N/A - chart: - name: eap74 - home: "" - sources: [] - version: 1.1.0 - description: Build and Deploy EAP 7.4 applications on OpenShift - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "7.4" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: - - name: wildfly-common - version: 1.3.0 - repository: https://docs.wildfly.org/wildfly-charts/ - condition: "" - tags: [] - enabled: false - importvalues: [] - alias: "" - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Failed to certify images : Failed to get images, error running helm template - : execution error at (eap74/templates/buildconfig-s2i-build-artifacts.yaml:2:4): - Git source repository URL is required' - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install eap74-rh9g9lumgn /root/.cache/chart-verifier/_charts_1_1_0_eap74_1_1_0_tgz/eap74 --namespace default --wait --values /tmp/chart-testing-668347137/values.yaml": exit status 1 - --- - Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - diff --git a/charts/redhat/redhat/eap74/1.1.1/eap74-1.1.1.tgz b/charts/redhat/redhat/eap74/1.1.1/eap74-1.1.1.tgz deleted file mode 100644 index 7f3a79444d..0000000000 Binary files a/charts/redhat/redhat/eap74/1.1.1/eap74-1.1.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap74/1.1.2/eap74-1.1.2.tgz b/charts/redhat/redhat/eap74/1.1.2/eap74-1.1.2.tgz deleted file mode 100644 index d3fbc3422e..0000000000 Binary files a/charts/redhat/redhat/eap74/1.1.2/eap74-1.1.2.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap74/OWNERS b/charts/redhat/redhat/eap74/OWNERS deleted file mode 100644 index b9ff28ce04..0000000000 --- a/charts/redhat/redhat/eap74/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: eap74 - shortDescription: Build and Deploy EAP 7.4 applications on OpenShift -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil -vendor: - label: redhat - name: Red Hat \ No newline at end of file diff --git a/charts/redhat/redhat/eap8/1.0.0/eap8-1.0.0.tgz b/charts/redhat/redhat/eap8/1.0.0/eap8-1.0.0.tgz deleted file mode 100644 index 40dddb6d5c..0000000000 Binary files a/charts/redhat/redhat/eap8/1.0.0/eap8-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/eap8/OWNERS b/charts/redhat/redhat/eap8/OWNERS deleted file mode 100644 index 0bd910d2e8..0000000000 --- a/charts/redhat/redhat/eap8/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -chart: - name: eap8 - shortDescription: Build and Deploy JBoss EAP 8 applications on OpenShift -publicPgpKey: null -users: - - githubUsername: bstansberry - - githubUsername: jmesnil - - githubUsername: jfdenise -vendor: - label: redhat - name: Red Hat \ No newline at end of file diff --git a/charts/redhat/redhat/elasticsearch-sed/1.0.0/elasticsearch-sed-1.0.0.tgz b/charts/redhat/redhat/elasticsearch-sed/1.0.0/elasticsearch-sed-1.0.0.tgz deleted file mode 100644 index cf3c030e42..0000000000 Binary files a/charts/redhat/redhat/elasticsearch-sed/1.0.0/elasticsearch-sed-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/elasticsearch-sed/1.0.0/report.yaml b/charts/redhat/redhat/elasticsearch-sed/1.0.0/report.yaml deleted file mode 100644 index e12d18971b..0000000000 --- a/charts/redhat/redhat/elasticsearch-sed/1.0.0/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /.kube/elasticsearch-sed-1.0.0.tgz - digests: - chart: sha256:1ac0cba03bf38fe0b83cc96501bc12b4b2e9bd0ea002f2bd3b2d2dd2e5ef8a6b - package: c596717d2c09d9cafe6a43780c9a45e30d070237ee0dbde2ea0009c5f7882d59 - lastCertifiedTimestamp: "2022-04-06T06:41:55.034514+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: elasticsearch-sed - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart for Elasticsearch Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Elasticsearch Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/opencloudio/icp-elasticsearch-oss@sha256:ad72aae5d293bb4f20d3dde1070334a2ce6ef9f40e8f58266a58f63f43ef6ebb' - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present \ No newline at end of file diff --git a/charts/redhat/redhat/elasticsearch-sed/OWNERS b/charts/redhat/redhat/elasticsearch-sed/OWNERS deleted file mode 100644 index 08f2e30665..0000000000 --- a/charts/redhat/redhat/elasticsearch-sed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: elasticsearch-sed - shortDescription: Elasticsearch Service Endpoint Definition -publicPgpKey: null -users: -- githubUsername: Kartikey-star -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 4ba5c25b73..0000000000 --- a/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Red Hat Apache HTTP Server imagestreams. - For more information about HTTPD container see https://github.com/sclorg/httpd-container/. -annotations: - charts.openshift.io/name: Red Hat Apache HTTP Server imagestreams (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: httpd-imagestreams -tags: builder,httpd -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index f24b6e6fae..0000000000 --- a/charts/redhat/redhat/httpd-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - annotations: - openshift.io/display-name: Apache HTTP Server (httpd) - name: httpd -spec: - tags: - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) on RHEL. - For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of Httpd available on OpenShift, - including major version updates. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd' - from: - kind: ImageStreamTag - name: 2.4-ubi8 - referencePolicy: - type: Local - name: latest - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) 2.4 on - UBI 9. For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server 2.4 (UBI 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd' - version: '2.4' - from: - kind: DockerImage - name: 'registry.redhat.io/ubi9/httpd-24:latest' - referencePolicy: - type: Local - name: 2.4-ubi9 - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) 2.4 on - RHEL 8. For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server 2.4 (UBI 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd' - version: '2.4' - from: - kind: DockerImage - name: 'registry.redhat.io/ubi8/httpd-24:latest' - referencePolicy: - type: Local - name: 2.4-ubi8 - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) 2.4 on - RHEL 8. For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server 2.4 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd,hidden' - version: '2.4' - from: - kind: DockerImage - name: registry.redhat.io/rhel8/httpd-24 - referencePolicy: - type: Local - name: 2.4-el8 - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) 2.4 on - RHEL 7. For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server 2.4 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd' - version: '2.4' - from: - kind: DockerImage - name: registry.redhat.io/rhscl/httpd-24-rhel7 - referencePolicy: - type: Local - name: 2.4-el7 - - annotations: - description: >- - Build and serve static content via Apache HTTP Server (httpd) 2.4 on - RHEL 7. For more information about using this builder image, including - OpenShift considerations, see - https://github.com/sclorg/httpd-container/blob/master/2.4/README.md. - iconClass: icon-apache - openshift.io/display-name: Apache HTTP Server 2.4 - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/httpd-ex.git' - supports: httpd - tags: 'builder,httpd,hidden' - version: '2.4' - from: - kind: DockerImage - name: registry.redhat.io/rhscl/httpd-24-rhel7 - referencePolicy: - type: Local - name: '2.4' diff --git a/charts/redhat/redhat/httpd-imagestreams/OWNERS b/charts/redhat/redhat/httpd-imagestreams/OWNERS deleted file mode 100644 index 2792e6dd7f..0000000000 --- a/charts/redhat/redhat/httpd-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: httpd-imagestreams - description: This is the Red Hat Apache HTTP Server imagestream chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/Chart.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/Chart.yaml deleted file mode 100644 index c0c0e1d5e6..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -description: This content is expermental, do not use it in production. An example Apache HTTP Server (httpd) application that serves static - content. For more information about using this template, including OpenShift considerations, - see https://github.com/sclorg/httpd-container/blob/master/README.md. -name: httpd-template -tags: quickstart,httpd -version: 0.0.1 -annotations: - charts.openshift.io/name: Red Hat Apache HTTP Server (httpd) application (experimental). -apiVersion: v2 -appVersion: 0.0.1 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/README.md b/charts/redhat/redhat/httpd-template/0.0.1/src/README.md deleted file mode 100644 index 7fb8931050..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Httpd helm chart - -A Helm chart for building and deploying a [Httpd](https://github/sclorg/httpd-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `name` | The name assigned to all of the frontend objects defined in this helm chart. | `httpd-example` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `httpd-template` | | -| `httpd_version` | Version of Httpd image to be used (2.4-el8, or latest). | `2.4-el8` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `source_repository_url` | The URL of the repository with your application source code. | `https://github.com/sclorg/httpd-ex.git` | | -| `source_repository_ref` | Set this to a branch name, tag or other ref of your repository if you are not using the default branch. | | | -| `context_dir` | Set this to the relative path to your project if it is not in the root of your repository. | | | -| `application_domain` | The exposed hostname that will route to the httpd service, if left blank a value will be defaulted. | | | -| `generic_webhook_secret` | A secret string used to configure the Generic webhook. | | | -| `github_webhook_secret` | Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted. | | | diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/buildconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/templates/buildconfig.yaml deleted file mode 100644 index ccc7536397..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/buildconfig.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - annotations: - description: Defines how to build the application - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - output: - to: - kind: ImageStreamTag - name: {{ .Values.name }}:latest - source: - contextDir: {{ .Values.context_dir }} - git: - ref: {{ .Values.source_repository_ref }} - uri: {{ .Values.source_repository_url }} - type: Git - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: httpd:{{ .Values.httpd_version }} - type: Source - triggers: - - type: ImageChange - - type: ConfigChange - - type: GitHub - github: - secret: {{ .Values.github_webhook_secret }} - - type: Generic - generic: - secret: {{ .Values.generic_webhook_secret }} diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index a221a78b25..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - description: Defines how to deploy the application server - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - replicas: 1 - selector: - name: {{ .Values.name }} - strategy: - type: Rolling - template: - metadata: - labels: - name: {{ .Values.name }} - name: {{ .Values.name }} - spec: - containers: - - env: [] - image: "httpd:{{ .Values.httpd_version }}" - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: 3 - name: httpd-example - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - timeoutSeconds: 3 - resources: - limits: - memory: {{ .Values.memory_limit }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - httpd-example - from: - kind: ImageStreamTag - name: "httpd:{{ .Values.httpd_version }}" - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/route.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/templates/route.yaml deleted file mode 100644 index a9c7d1b9f8..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/route.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - host: {{ .Values.application_domain }} - to: - kind: Service - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/templates/service.yaml deleted file mode 100644 index 761024c09d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - description: Exposes and load balances the application pods - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/values.schema.json b/charts/redhat/redhat/httpd-template/0.0.1/src/values.schema.json deleted file mode 100644 index 13d717ed8a..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/values.schema.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "name": { - "type": "string", - "description": "The name assigned to all of the frontend objects defined in this template." - }, - "memory_limit": { - "type": "string", - "title": "Memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "httpd_version": { - "type": "string", - "description": "Specify HTTPD imagestream tag", - "enum": [ "latest", "2.4-el9", "2.4-el8", "2.4-el7" ] - }, - "application_domain": { - "type": "string", - "description": "The exposed hostname that will route to the httpd service, if left blank a value will be defaulted." - }, - "context_dir": { - "type": "string", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - } - } -} - diff --git a/charts/redhat/redhat/httpd-template/0.0.1/src/values.yaml b/charts/redhat/redhat/httpd-template/0.0.1/src/values.yaml deleted file mode 100644 index cd8ee8dd02..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.1/src/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -application_domain: "" # TODO: must define a default value for .application_domain -context_dir: "" # TODO: must define a default value for .context_dir -generic_webhook_secret: "SOMETHING" # TODO: must define a default value for .generic_webhook_secret -github_webhook_secret: "FOOBAR" # TODO: must define a default value for .github_webhook_secret -httpd_version: 2.4-el8 -memory_limit: 512Mi -name: httpd -namespace: openshift -source_repository_ref: master # TODO: must define a default value for .source_repository_ref -source_repository_url: https://github.com/sclorg/httpd-ex.git -expected_str: Welcome to your static httpd application on OpenShift \ No newline at end of file diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/Chart.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/Chart.yaml deleted file mode 100644 index 575a2ae210..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: This content is expermental, do not use it in production. An example Apache HTTP Server (httpd) application that serves static - content. For more information about using this template, including OpenShift considerations, - see https://github.com/sclorg/httpd-container/blob/master/README.md. -name: httpd-template -tags: quickstart,httpd -version: 0.0.2 -kubeVersion: '>=1.20.0' -annotations: - charts.openshift.io/name: Red Hat Apache HTTP Server (httpd) application (experimental). -apiVersion: v2 -appVersion: 0.0.2 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/README.md b/charts/redhat/redhat/httpd-template/0.0.2/src/README.md deleted file mode 100644 index 7fb8931050..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Httpd helm chart - -A Helm chart for building and deploying a [Httpd](https://github/sclorg/httpd-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `name` | The name assigned to all of the frontend objects defined in this helm chart. | `httpd-example` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `httpd-template` | | -| `httpd_version` | Version of Httpd image to be used (2.4-el8, or latest). | `2.4-el8` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `source_repository_url` | The URL of the repository with your application source code. | `https://github.com/sclorg/httpd-ex.git` | | -| `source_repository_ref` | Set this to a branch name, tag or other ref of your repository if you are not using the default branch. | | | -| `context_dir` | Set this to the relative path to your project if it is not in the root of your repository. | | | -| `application_domain` | The exposed hostname that will route to the httpd service, if left blank a value will be defaulted. | | | -| `generic_webhook_secret` | A secret string used to configure the Generic webhook. | | | -| `github_webhook_secret` | Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted. | | | diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/buildconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/templates/buildconfig.yaml deleted file mode 100644 index ccc7536397..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/buildconfig.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - annotations: - description: Defines how to build the application - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - output: - to: - kind: ImageStreamTag - name: {{ .Values.name }}:latest - source: - contextDir: {{ .Values.context_dir }} - git: - ref: {{ .Values.source_repository_ref }} - uri: {{ .Values.source_repository_url }} - type: Git - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: httpd:{{ .Values.httpd_version }} - type: Source - triggers: - - type: ImageChange - - type: ConfigChange - - type: GitHub - github: - secret: {{ .Values.github_webhook_secret }} - - type: Generic - generic: - secret: {{ .Values.generic_webhook_secret }} diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/templates/deploymentconfig.yaml deleted file mode 100644 index a221a78b25..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - description: Defines how to deploy the application server - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - replicas: 1 - selector: - name: {{ .Values.name }} - strategy: - type: Rolling - template: - metadata: - labels: - name: {{ .Values.name }} - name: {{ .Values.name }} - spec: - containers: - - env: [] - image: "httpd:{{ .Values.httpd_version }}" - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: 3 - name: httpd-example - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - timeoutSeconds: 3 - resources: - limits: - memory: {{ .Values.memory_limit }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - httpd-example - from: - kind: ImageStreamTag - name: "httpd:{{ .Values.httpd_version }}" - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/route.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/templates/route.yaml deleted file mode 100644 index a9c7d1b9f8..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/route.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - host: {{ .Values.application_domain }} - to: - kind: Service - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/service.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/templates/service.yaml deleted file mode 100644 index 761024c09d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - description: Exposes and load balances the application pods - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/tests/test-httpd-connection.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/templates/tests/test-httpd-connection.yaml deleted file mode 100644 index 437f3f2071..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/templates/tests/test-httpd-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "postgresql-{{ .Values.image.tag }}-connection-test" - image: "registry.redhat.io/rhel8/httpd-24:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/bash - - -ec - - "curl httpd-example | grep \"Welcome to your static httpd application on OpenShift\"" - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/values.schema.json b/charts/redhat/redhat/httpd-template/0.0.2/src/values.schema.json deleted file mode 100644 index 13d717ed8a..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/values.schema.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "name": { - "type": "string", - "description": "The name assigned to all of the frontend objects defined in this template." - }, - "memory_limit": { - "type": "string", - "title": "Memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "httpd_version": { - "type": "string", - "description": "Specify HTTPD imagestream tag", - "enum": [ "latest", "2.4-el9", "2.4-el8", "2.4-el7" ] - }, - "application_domain": { - "type": "string", - "description": "The exposed hostname that will route to the httpd service, if left blank a value will be defaulted." - }, - "context_dir": { - "type": "string", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - } - } -} - diff --git a/charts/redhat/redhat/httpd-template/0.0.2/src/values.yaml b/charts/redhat/redhat/httpd-template/0.0.2/src/values.yaml deleted file mode 100644 index 4668c8849d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.2/src/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -application_domain: "" # TODO: must define a default value for .application_domain -context_dir: "" # TODO: must define a default value for .context_dir -generic_webhook_secret: "SOMETHING" # TODO: must define a default value for .generic_webhook_secret -github_webhook_secret: "FOOBAR" # TODO: must define a default value for .github_webhook_secret -httpd_version: 2.4-el8 -memory_limit: 512Mi -name: httpd -namespace: openshift -source_repository_ref: master # TODO: must define a default value for .source_repository_ref -source_repository_url: https://github.com/sclorg/httpd-ex.git -expected_str: Welcome to your static httpd application on OpenShift diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/Chart.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/Chart.yaml deleted file mode 100644 index f5581838c9..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: This content is expermental, do not use it in production. An example Apache HTTP Server (httpd) application that serves static - content. For more information about using this template, including OpenShift considerations, - see https://github.com/sclorg/httpd-container/blob/master/README.md. -name: httpd-template -tags: quickstart,httpd -version: 0.0.3 -kubeVersion: '>=1.20.0' -annotations: - charts.openshift.io/name: Red Hat Apache HTTP Server (httpd) application (experimental). -apiVersion: v2 -appVersion: 0.0.3 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/README.md b/charts/redhat/redhat/httpd-template/0.0.3/src/README.md deleted file mode 100644 index 7fb8931050..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Httpd helm chart - -A Helm chart for building and deploying a [Httpd](https://github/sclorg/httpd-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `name` | The name assigned to all of the frontend objects defined in this helm chart. | `httpd-example` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `httpd-template` | | -| `httpd_version` | Version of Httpd image to be used (2.4-el8, or latest). | `2.4-el8` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `source_repository_url` | The URL of the repository with your application source code. | `https://github.com/sclorg/httpd-ex.git` | | -| `source_repository_ref` | Set this to a branch name, tag or other ref of your repository if you are not using the default branch. | | | -| `context_dir` | Set this to the relative path to your project if it is not in the root of your repository. | | | -| `application_domain` | The exposed hostname that will route to the httpd service, if left blank a value will be defaulted. | | | -| `generic_webhook_secret` | A secret string used to configure the Generic webhook. | | | -| `github_webhook_secret` | Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted. | | | diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/buildconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/templates/buildconfig.yaml deleted file mode 100644 index ccc7536397..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/buildconfig.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - annotations: - description: Defines how to build the application - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - output: - to: - kind: ImageStreamTag - name: {{ .Values.name }}:latest - source: - contextDir: {{ .Values.context_dir }} - git: - ref: {{ .Values.source_repository_ref }} - uri: {{ .Values.source_repository_url }} - type: Git - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: httpd:{{ .Values.httpd_version }} - type: Source - triggers: - - type: ImageChange - - type: ConfigChange - - type: GitHub - github: - secret: {{ .Values.github_webhook_secret }} - - type: Generic - generic: - secret: {{ .Values.generic_webhook_secret }} diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/templates/deploymentconfig.yaml deleted file mode 100644 index a221a78b25..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - description: Defines how to deploy the application server - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - replicas: 1 - selector: - name: {{ .Values.name }} - strategy: - type: Rolling - template: - metadata: - labels: - name: {{ .Values.name }} - name: {{ .Values.name }} - spec: - containers: - - env: [] - image: "httpd:{{ .Values.httpd_version }}" - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: 3 - name: httpd-example - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - timeoutSeconds: 3 - resources: - limits: - memory: {{ .Values.memory_limit }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - httpd-example - from: - kind: ImageStreamTag - name: "httpd:{{ .Values.httpd_version }}" - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/route.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/templates/route.yaml deleted file mode 100644 index a9c7d1b9f8..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/route.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - host: {{ .Values.application_domain }} - to: - kind: Service - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/service.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/templates/service.yaml deleted file mode 100644 index 761024c09d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - description: Exposes and load balances the application pods - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/tests/test-httpd-connection.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/templates/tests/test-httpd-connection.yaml deleted file mode 100644 index 516f0b241d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/templates/tests/test-httpd-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "httpd-connection-test" - image: "registry.redhat.io/rhel8/httpd-24:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/bash - - -ec - - "curl httpd-example | grep \"Welcome to your static httpd application on OpenShift\"" - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/values.schema.json b/charts/redhat/redhat/httpd-template/0.0.3/src/values.schema.json deleted file mode 100644 index 13d717ed8a..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/values.schema.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "name": { - "type": "string", - "description": "The name assigned to all of the frontend objects defined in this template." - }, - "memory_limit": { - "type": "string", - "title": "Memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "httpd_version": { - "type": "string", - "description": "Specify HTTPD imagestream tag", - "enum": [ "latest", "2.4-el9", "2.4-el8", "2.4-el7" ] - }, - "application_domain": { - "type": "string", - "description": "The exposed hostname that will route to the httpd service, if left blank a value will be defaulted." - }, - "context_dir": { - "type": "string", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - } - } -} - diff --git a/charts/redhat/redhat/httpd-template/0.0.3/src/values.yaml b/charts/redhat/redhat/httpd-template/0.0.3/src/values.yaml deleted file mode 100644 index 4668c8849d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.3/src/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -application_domain: "" # TODO: must define a default value for .application_domain -context_dir: "" # TODO: must define a default value for .context_dir -generic_webhook_secret: "SOMETHING" # TODO: must define a default value for .generic_webhook_secret -github_webhook_secret: "FOOBAR" # TODO: must define a default value for .github_webhook_secret -httpd_version: 2.4-el8 -memory_limit: 512Mi -name: httpd -namespace: openshift -source_repository_ref: master # TODO: must define a default value for .source_repository_ref -source_repository_url: https://github.com/sclorg/httpd-ex.git -expected_str: Welcome to your static httpd application on OpenShift diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/Chart.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/Chart.yaml deleted file mode 100644 index 332371a114..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: This content is expermental, do not use it in production. An example Apache HTTP Server (httpd) application that serves static - content. For more information about using this template, including OpenShift considerations, - see https://github.com/sclorg/httpd-container/blob/master/README.md. -name: httpd-template -tags: quickstart,httpd -version: 0.0.4 -kubeVersion: '>=1.20.0' -annotations: - charts.openshift.io/name: Red Hat Apache HTTP Server (httpd) application (experimental). -apiVersion: v2 -appVersion: 0.0.4 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/README.md b/charts/redhat/redhat/httpd-template/0.0.4/src/README.md deleted file mode 100644 index 7fb8931050..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Httpd helm chart - -A Helm chart for building and deploying a [Httpd](https://github/sclorg/httpd-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `name` | The name assigned to all of the frontend objects defined in this helm chart. | `httpd-example` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `httpd-template` | | -| `httpd_version` | Version of Httpd image to be used (2.4-el8, or latest). | `2.4-el8` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `source_repository_url` | The URL of the repository with your application source code. | `https://github.com/sclorg/httpd-ex.git` | | -| `source_repository_ref` | Set this to a branch name, tag or other ref of your repository if you are not using the default branch. | | | -| `context_dir` | Set this to the relative path to your project if it is not in the root of your repository. | | | -| `application_domain` | The exposed hostname that will route to the httpd service, if left blank a value will be defaulted. | | | -| `generic_webhook_secret` | A secret string used to configure the Generic webhook. | | | -| `github_webhook_secret` | Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted. | | | diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/buildconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/templates/buildconfig.yaml deleted file mode 100644 index ccc7536397..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/buildconfig.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - annotations: - description: Defines how to build the application - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - output: - to: - kind: ImageStreamTag - name: {{ .Values.name }}:latest - source: - contextDir: {{ .Values.context_dir }} - git: - ref: {{ .Values.source_repository_ref }} - uri: {{ .Values.source_repository_url }} - type: Git - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: httpd:{{ .Values.httpd_version }} - type: Source - triggers: - - type: ImageChange - - type: ConfigChange - - type: GitHub - github: - secret: {{ .Values.github_webhook_secret }} - - type: Generic - generic: - secret: {{ .Values.generic_webhook_secret }} diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/templates/deploymentconfig.yaml deleted file mode 100644 index e2e1b85f28..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - description: Defines how to deploy the application server - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - replicas: 1 - selector: - name: {{ .Values.name }} - strategy: - type: Rolling - template: - metadata: - labels: - name: {{ .Values.name }} - name: {{ .Values.name }} - spec: - containers: - - env: [] - image: "{{ .Values.name }}:latest" - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: 3 - name: httpd-example - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - timeoutSeconds: 3 - resources: - limits: - memory: {{ .Values.memory_limit }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - httpd-example - from: - kind: ImageStreamTag - name: "{{ .Values.name }}:latest" - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/route.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/templates/route.yaml deleted file mode 100644 index a9c7d1b9f8..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/route.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - host: {{ .Values.application_domain }} - to: - kind: Service - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/service.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/templates/service.yaml deleted file mode 100644 index 761024c09d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - description: Exposes and load balances the application pods - labels: - app: httpd-example - template: httpd-example - name: {{ .Values.name }} -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - name: {{ .Values.name }} diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/tests/test-httpd-connection.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/templates/tests/test-httpd-connection.yaml deleted file mode 100644 index b63dce1f43..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/templates/tests/test-httpd-connection.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "httpd-connection-test" - image: "registry.redhat.io/rhel8/httpd-24:latest" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - curl {{ .Values.name }}.{{ .Release.Namespace}}:8080 | grep "{{ .Values.expected_str }}" - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/values.schema.json b/charts/redhat/redhat/httpd-template/0.0.4/src/values.schema.json deleted file mode 100644 index 13d717ed8a..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/values.schema.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - }, - "name": { - "type": "string", - "description": "The name assigned to all of the frontend objects defined in this template." - }, - "memory_limit": { - "type": "string", - "title": "Memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "httpd_version": { - "type": "string", - "description": "Specify HTTPD imagestream tag", - "enum": [ "latest", "2.4-el9", "2.4-el8", "2.4-el7" ] - }, - "application_domain": { - "type": "string", - "description": "The exposed hostname that will route to the httpd service, if left blank a value will be defaulted." - }, - "context_dir": { - "type": "string", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - } - } -} - diff --git a/charts/redhat/redhat/httpd-template/0.0.4/src/values.yaml b/charts/redhat/redhat/httpd-template/0.0.4/src/values.yaml deleted file mode 100644 index 4668c8849d..0000000000 --- a/charts/redhat/redhat/httpd-template/0.0.4/src/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -application_domain: "" # TODO: must define a default value for .application_domain -context_dir: "" # TODO: must define a default value for .context_dir -generic_webhook_secret: "SOMETHING" # TODO: must define a default value for .generic_webhook_secret -github_webhook_secret: "FOOBAR" # TODO: must define a default value for .github_webhook_secret -httpd_version: 2.4-el8 -memory_limit: 512Mi -name: httpd -namespace: openshift -source_repository_ref: master # TODO: must define a default value for .source_repository_ref -source_repository_url: https://github.com/sclorg/httpd-ex.git -expected_str: Welcome to your static httpd application on OpenShift diff --git a/charts/redhat/redhat/httpd-template/OWNERS b/charts/redhat/redhat/httpd-template/OWNERS deleted file mode 100644 index 3c7c9b8210..0000000000 --- a/charts/redhat/redhat/httpd-template/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: httpd-template - description: This is the Red Hat Apache HTTP Server template chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/Chart.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/Chart.yaml deleted file mode 100644 index a1bf8e97d1..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -name: jenkins -description: A Helm chart for Openshift Jenkins - -type: application - -version: 0.0.1 - -appVersion: "1.16.0" diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/NOTES.txt b/charts/redhat/redhat/jenkins/0.0.1/src/templates/NOTES.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/_helpers.tpl b/charts/redhat/redhat/jenkins/0.0.1/src/templates/_helpers.tpl deleted file mode 100644 index 8a087c57fb..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "openshift-jenkins.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openshift-jenkins.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openshift-jenkins.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "openshift-jenkins.labels" -}} -helm.sh/chart: {{ include "openshift-jenkins.chart" . }} -{{ include "openshift-jenkins.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "openshift-jenkins.selectorLabels" -}} -app.kubernetes.io/name: {{ include "openshift-jenkins.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openshift-jenkins.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openshift-jenkins.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/configmap-trusted-ca-bundle.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/configmap-trusted-ca-bundle.yaml deleted file mode 100644 index 8464ea3603..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/configmap-trusted-ca-bundle.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - config.openshift.io/inject-trusted-cabundle: "true" - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index d7a4e4da8a..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - replicas: 1 - selector: - {{ include "openshift-jenkins.selectorLabels" . | nindent 4}} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 8 }} - spec: - containers: - - env: - - name: OPENSHIFT_ENABLE_OAUTH - value: "true" - - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT - value: "true" - - name: DISABLE_ADMINISTRATIVE_MONITORS - value: "false" - - name: KUBERNETES_MASTER - value: https://kubernetes.default:443 - - name: KUBERNETES_TRUST_CERTIFICATES - value: "true" - - name: JENKINS_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }} - - name: JNLP_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }}-jnlp - - name: ENABLE_FATAL_ERROR_LOG_FILE - value: "false" - - name: JENKINS_UC_INSECURE - value: "false" - - name: CASC_JENKINS_CONFIG - value: /var/lib/jenkins/proxy.yaml - image: "" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 420 - periodSeconds: 360 - successThreshold: 1 - timeoutSeconds: 240 - name: jenkins - readinessProbe: - failureThreshold: 3 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 240 - resources: - limits: - memory: 1Gi - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/lib/jenkins - name: jenkins-data - - mountPath: /etc/pki/ca-trust/source/anchors - name: jenkins-trusted-ca-bundle - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: jenkins - serviceAccountName: jenkins - terminationGracePeriodSeconds: 30 - volumes: - - name: jenkins-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "openshift-jenkins.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - configMap: - defaultMode: 420 - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle - optional: true - name: jenkins-trusted-ca-bundle - triggers: - - imageChangeParams: - automatic: true - containerNames: - - jenkins - from: - kind: ImageStreamTag - name: jenkins:2 - namespace: openshift - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index 45edd915c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end -}} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/rolebinding.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/rolebinding.yaml deleted file mode 100644 index d508e63b43..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}_edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: edit -subjects: -- kind: ServiceAccount - name: {{ include "openshift-jenkins.serviceAccountName" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/route.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/route.yaml deleted file mode 100644 index 72aebd92c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/route.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - annotations: - haproxy.router.openshift.io/timeout: 4m - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: {{ include "openshift-jenkins.fullname" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/service-jnlp.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/service-jnlp.yaml deleted file mode 100644 index fc041abc59..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/service-jnlp.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }}-jnlp - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.servicejnlp.type }} - ports: - - port: {{ .Values.servicejnlp.port }} - targetPort: {{ .Values.servicejnlp.targetPort }} - protocol: TCP - name: {{ .Values.servicejnlp.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/service.yaml deleted file mode 100644 index a14452125f..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/serviceaccount.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/serviceaccount.yaml deleted file mode 100644 index 4d6bcbad64..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openshift-jenkins.serviceAccountName" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.jenkins: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"{{ include "openshift-jenkins.fullname" . }}\"}}" diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/templates/tests/test-connection.yaml deleted file mode 100644 index 30a3fee7cd..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "openshift-jenkins.fullname" . }}-test-connection" - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "openshift-jenkins.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/redhat/redhat/jenkins/0.0.1/src/values.yaml b/charts/redhat/redhat/jenkins/0.0.1/src/values.yaml deleted file mode 100644 index e2b4c95703..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.1/src/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Default values for openshift-jenkins. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - name: "jenkins" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - name: web - -servicejnlp: - type: ClusterIP - port: 50000 - targetPort: 50000 - name: agent - -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - enabled: false - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: - ## @param persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 8Gi - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/Chart.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/Chart.yaml deleted file mode 100644 index 356ab64b44..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: jenkins -description: A Helm chart for Openshift Jenkins -type: application -version: 0.0.2 -appVersion: "1.16.0" -icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzEyIiBoZWlnaHQ9IjMxMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KIDxtZXRhZGF0YSBpZD0ibWV0YWRhdGE4Ij5pbWFnZS9zdmcreG1sPC9tZXRhZGF0YT4KIDxkZWZzPgogIDxjbGlwUGF0aCBpZD0iY2xpcFBhdGgxOCIgY2xpcFBhdGhVbml0cz0idXNlclNwYWNlT25Vc2UiPgogICA8cGF0aCBpZD0icGF0aDIwIiBkPSJtMCwyNDk0Ljg0bDAsLTI0OTQuODRsMTgwNC4zNCwwbDAsMjQ5NC44NGwtMTgwNC4zNCwweiIvPgogIDwvY2xpcFBhdGg+CiA8L2RlZnM+CiA8Zz4KICA8dGl0bGU+YmFja2dyb3VuZDwvdGl0bGU+CiAgPHJlY3QgZmlsbD0ibm9uZSIgaWQ9ImNhbnZhc19iYWNrZ3JvdW5kIiBoZWlnaHQ9IjMxNCIgd2lkdGg9IjMxNCIgeT0iLTEiIHg9Ii0xIi8+CiA8L2c+CiA8Zz4KICA8dGl0bGU+TGF5ZXIgMTwvdGl0bGU+CiAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMS4yNSwwLDAsLTEuMjUsMCwzMTIpICIgaWQ9ImcxMCI+CiAgIDxnIGlkPSJnMzM5MyI+CiAgICA8cGF0aCBmaWxsPSIjZDMzODMzIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMjIiIGQ9Im0yMDguMTE4LDEyOS4yNjRjMCwtNDkuNDI4OCAtMzkuMTc1LC04OS40OTkyIC04Ny41LC04OS40OTkyYy00OC4zMjQyLDAgLTg3LjQ5OTI1LDQwLjA3MDQgLTg3LjQ5OTI1LDg5LjQ5OTJjMCw0OS40MyAzOS4xNzUwNSw4OS41MDEgODcuNDk5MjUsODkuNTAxYzQ4LjMyNSwwIDg3LjUsLTQwLjA3MSA4Ny41LC04OS41MDEiLz4KICAgIDxwYXRoIGZpbGw9IiNlZjNkM2EiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGgyNCIgZD0ibTM2LjY4NDM4LDEwNy4wOThjMCwwIC02LjMzNDM4LDkzLjMzMyA3OS42NjYwMiw5NmwtNS45OTk2LDEwbC00Ni42NjY0LC0xNS42NjdsLTEzLjMzMzYsLTE1LjMzM2wtMTEuNjY2NDIsLTIyLjMzNGwtNi42NjcxOSwtMjZsMiwtMTcuMzMzIi8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9Im5vbnplcm8iIGlkPSJwYXRoMjYiIGQ9Im02MC42ODgzLDE5MC4zMTljLTE1LjM1MiwtMTUuNzA4IC0yNC44NTE5NywtMzcuMzk2IC0yNC44NTE5NywtNjEuMzg5bDAsMGMwLC0yMy45ODggOS40OTk5NywtNDUuNjc4OCAyNC44NTE5NywtNjEuMzgzOWwwLDBjMTUuMzU5NCwtMTUuNzA1MSAzNi41MjY5LC0yNS4zOTYxIDU5LjkyODUsLTI1LjM5NjFsMCwwYzIzLjQwMjIsMCA0NC41NzEyLDkuNjkxIDU5LjkyOTIsMjUuMzk2MWwwLDBjMTUuMzUxLDE1LjcwNTEgMjQuODUzLDM3LjM5NTkgMjQuODUzLDYxLjM4MzlsMCwwYzAsMjMuOTkzIC05LjUwMiw0NS42ODEgLTI0Ljg1Myw2MS4zODlsMCwwYy0xNS4zNTgsMTUuNzAyIC0zNi41MjcsMjUuMzkzIC01OS45MjkyLDI1LjM5NWwwLDBjLTIzLjQwMTYsLTAuMDAyIC00NC41NjkxLC05LjY5MyAtNTkuOTI4NSwtMjUuMzk1bDAsMHptLTMuODg2LC0xMjYuNTcyMWMtMTYuMzE1NiwxNi42ODU5IC0yNi40MDIzLDM5Ljc0NjEgLTI2LjQwMjMsNjUuMTgzMWwwLDBjMCwyNS40NDEgMTAuMDg2Nyw0OC40OTkgMjYuNDAyMyw2NS4xODZsMCwwYzE2LjMxMTgsMTYuNjkgMzguODkxNSwyNy4wMzUgNjMuODE0NSwyNy4wMzJsMCwwYzI0LjkyMzIsMC4wMDMgNDcuNTA1MiwtMTAuMzQyIDYzLjgxNDIsLTI3LjAzMmwwLDBjMTYuMzE3LC0xNi42ODcgMjYuNDA1LC0zOS43NDcgMjYuNDAzLC02NS4xODZsMCwwYzAuMDAyLC0yNS40MzcgLTEwLjA4NiwtNDguNDk3MiAtMjYuNDAzLC02NS4xODMxbDAsMGMtMTYuMzA5LC0xNi42ODkxIC0zOC44OTEsLTI3LjAzMjggLTYzLjgxNDIsLTI3LjAzMjhsMCwwYy0yNC45MjMsMCAtNDcuNTAyNywxMC4zNDM3IC02My44MTQ1LDI3LjAzMjhsMCwwIi8+CiAgICA8cGF0aCBmaWxsPSIjZjBkNmI3IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMjgiIGQ9Im0xNTcuNDUxLDEyOC43NjhsLTEzLjMzNCwtMmwtMTguMDAwMiwtMmwtMTEuNjY3MiwtMC4zMzNsLTExLjMzMjgsMC4zMzNsLTguNjY3MiwyLjY2N2wtNy42NjY4LDguMzMzbC02LDE3bC0xLjMzMzIsMy42NjdsLTgsMi42NjZsLTQuNjY2OCw3LjY2N2wtMy4zMzMyLDExbDMuNjY3Miw5LjY2N2w4LjY2NiwzbDcsLTMuMzM0bDMuMzM0LC03LjMzM2w0LDAuNjY3bDEuMzMyOCwxLjY2NmwtMS4zMzI4LDcuNjY3bC0wLjMzNCw5LjY2N2wyLDEzLjMzM2wtMC4wNzgxLDcuNjE2bDYuMDc4MSw5LjcxN2wxMC42NjY4LDcuNjY3bDE4LjY2NzIsOGwyMC42NjYyLC0zbDE4LC0xM2w4LjMzNCwtMTMuMzMzbDUuMzMzLC05LjY2N2wxLjMzMywtMjRsLTQsLTIwLjY2N2wtNy4zMzMsLTE4LjMzM2wtNywtOS42NjciLz4KICAgIDxwYXRoIGZpbGw9IiMzMzUwNjEiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgzMCIgZD0ibTE0Ni4xMTcsNzEuMTAybC00Ny42Njc0LC0ybDAsLThsNCwtMjhsLTIsLTIuMzM0bC0zMy4zMzI4LDExLjMzNGwtMi4zMzQsNGwtMy4zMzMyLDM3LjY2NmwtNy42NjU2LDIyLjY2N2wtMS42NjcyLDUuMzMzbDI2LjY2NiwxOC4zMzNsOC4zMzQsMy4zMzRsNy4zMzI4LC05bDYuMzMzMiwtNS42NjdsNy4zMzQsLTIuMzMzbDMuMzMyOCwtMWw0LC0xNy4zMzNsMywtMy42NjY4bDcuNjY3MiwyLjY2NjhsLTUuMzM0LC0xMC4zMzRsMjkuMDAwMiwtMTMuNjY2bC0zLjY2NiwtMiIvPgogICAgPHBhdGggZmlsbD0iIzZkNmI2ZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDMyIiBkPSJtNjcuMTE2OCwxODcuNDM1bDguNjY2LDNsNywtMy4zMzRsMy4zMzQsLTcuMzMzbDQsMC42NjdsMSw0bC0yLDcuNjY2bDIsMTguMzM0bC0xLjY2NzIsMTBsNiw3bDEzLDEwLjMzM2wtMy42NjY4LDVsLTE4LjMzMzIsLTlsLTcuNjY2OCwtNmwtNC4zMzMyLC05LjMzM2wtNi42NjY4LC05bC0yLC0xMC42NjdsMS4zMzQsLTExLjMzMyIvPgogICAgPHBhdGggZmlsbD0iI2RjZDlkOCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDM0IiBkPSJtODAuNzgyOCwyMTguNzY4YzAsMCA1LDEyLjMzMyAyNSwxOC4zMzNjMjAsNiAxLDQuMzM0IDEsNC4zMzRsLTIxLjY2NiwtOC4zMzRsLTguMzM0LC04LjMzM2wtMy42NjYsLTYuNjY3bDcuNjY2LDAuNjY3Ii8+CiAgICA8cGF0aCBmaWxsPSIjZGNkOWQ4IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMzYiIGQ9Im03MC43ODI4LDE4OS43NjhjMCwwIC03LDIzLjMzNCAxOS42NjY4LDI2LjY2N2wtMSw0bC0xOC4zMzI4LC00LjMzNGwtNS4zMzQsLTE3LjMzM2wxLjMzNCwtMTEuMzMzbDMuNjY2LDIuMzMzIi8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMzgiIGQ9Im04MS40NDk2LDE1OC43NjhsNC4zNjQ1LDQuMjI5YzAsMCAxLjk2OTksLTAuMjI5IDIuMzAyNywtMi41NjJjMC4zMzI4LC0yLjMzNCAxLjMzMjgsLTIzLjMzNCAxNS42NjYsLTM0LjY2OGMxLjMwNzQsLTEuMDM0IC0xMC42NjYsMS42NjggLTEwLjY2NiwxLjY2OGwtMTAuNjY3MiwxNi42NjYiLz4KICAgIDxwYXRoIGZpbGw9IiNmN2U0Y2QiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg0MCIgZD0ibTE0Mi43ODUsMTY1LjEwMWMwLDAgMC43NzcsMTAuMTA0IDMuNDk4LDkuMzI3YzIuNzIxLC0wLjc3NyAyLjcyMSwtMy40OTggMi43MjEsLTMuNDk4YzAsMCAtNi42MDgsLTQuMjc1IC02LjIxOSwtNS44MjkiLz4KICAgIDxwYXRoIGZpbGw9IiNmN2U0Y2QiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg0MiIgZD0ibTE3MC40NSwyMDIuMTAxYzAsMCAtNS40OTQsLTEuMTYgLTYsLTZjLTAuNTA2LC00Ljg0MSA2LC0xIDcsLTAuNjY3Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9Im5vbnplcm8iIGlkPSJwYXRoNDQiIGQ9Im0xMzAuMTE2OCwyMDEuNzY3YzAsMCAtNy4zMzQsLTEgLTcuMzM0LC01LjY2NmMwLC00LjY2NyA4LjMzNDIsLTQuMzM0IDEwLjY2NzIsLTIuMzM0Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNDYiIGQ9Im04NC43ODI4LDE4MC4xMDFjMCwwIC0xMi42NjcyLDcuNjY3IC0xNCwwLjMzM2MtMS4zMzMyLC03LjMzMyAtNC4zMzQsLTEyLjY2NyAyLC0yMC4zMzNsLTQuMzMzMiwxLjMzM2wtNCwxMC4zMzNsLTEuMzMyOCwxMGw3LjY2Niw4LjAwMWw4LjY2NjgsLTAuNjY3bDUsLTRsMC4zMzMyLC01Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNDgiIGQ9Im05MC43ODI4LDIwMS4xMDFjMCwwIDUuNjY2OCwyOS4zMzMgMzQuMzM0LDM1YzIzLjYwMTIsNC42NjUgMzUuOTk5MiwtMSA0MC42NjYyLC02LjMzM2MwLDAgLTIxLDI0Ljk5OSAtNDEuMDAwMiwxNy4zMzNjLTIwLC03LjY2NyAtMzQuNjY2LC0yMS42NjcgLTM0LjMzMzIsLTMwLjY2NmMwLjU2NzYsLTE1LjMyOCAwLjMzMzIsLTE1LjMzNCAwLjMzMzIsLTE1LjMzNCIvPgogICAgPHBhdGggZmlsbD0iI2Y3ZTRjZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDUwIiBkPSJtMTY4LjExNywyMjYuNDM1YzAsMCAtOS42NjYsMC4zMzMgLTEwLC04LjMzNGMwLDAgLTAuMDAxLC0xLjMzMyAwLjY2NiwtMi42NjZjMCwwIDcuNjY4LDguNjY3IDEyLjMzNCw0Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTIiIGQ9Im0xMjUuNzg4NywyMTQuNTMyYzAsMCAtMS42NjQxLDEzLjMwMyAtMTMuMDA1OSw1LjU2OWMtNy4zMzMyLC01IC02LjY2NiwtMTIgLTUuMzMzMiwtMTMuMzMzYzEuMzMzMiwtMS4zMzQgMC45NzA3LC00LjAxOSAxLjk4NTYsLTIuMTc2YzEuMDE0NCwxLjg0MyAwLjY4MDQsNy44NDMgNC4zNDc2LDkuNTA5YzMuNjY2OCwxLjY2NyA5LjY3NzcsMy41MjkgMTIuMDA1OSwwLjQzMSIvPgogICAgPHBhdGggZmlsbD0iIzQ5NzI4YiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDU0IiBkPSJtOTQuNDQ5NiwxMjQuNDM1bC0zMS4zMzI4LC0xNGMwLDAgMTMsLTUxLjY2NyA2LjMzMjgsLTY3LjY2N2wtNC42NjY4LDEuNjY2bC0wLjMzMzIsMTkuNjY3MmwtOC42NjU2LDM3LjMzMjhsLTMuNjY3MiwxMC4zMzRsMzIuNjY2LDIxLjk5OWw5LjY2NjgsLTkuMzMyIi8+CiAgICA8cGF0aCBmaWxsPSIjNDk3MjhiIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTYiIGQ9Im05Ny42NzE1LDk1Ljg1NzhsNC40NDUzLC01LjQyMzhsMCwtMjBsLTUuMzM0LDBjMCwwIC0wLjY2NiwxNCAtMC42NjYsMTUuNjY3MmMwLDEuNjY2OCAwLjY2Niw3LjY2NjggMC42NjYsNy42NjY4Ii8+CiAgICA8cGF0aCBmaWxsPSIjNDk3MjhiIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTgiIGQ9Im05Ny43ODI4LDY3LjQzNGwtMTUsLTAuNjY2bDQuMzM0LC0zbDEwLjY2NiwtMS42NjY4Ii8+CiAgICA8cGF0aCBmaWxsPSIjMzM1MDYxIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNjAiIGQ9Im0xNDkuMTE3LDcwLjc2OGwxMi4zMzMsMC4zMzMybDMsLTMwLjY2NzJsLTEyLjY2NywtMS42NjZsLTIuNjY2LDMyIi8+CiAgICA8cGF0aCBmaWxsPSIjMzM1MDYxIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNjIiIGQ9Im0xNTIuNDUsNzAuNzY4bDE4LjY2NywxYzAsMCA3LjY2NiwxOS4zMzMyIDcuNjY2LDIwLjMzMzJjMCwxIDYuNjY3LDI3Ljk5OTggNi42NjcsMjcuOTk5OGwtMTUsMTUuNjY2bC0zLDIuNjY3bC04LC04bDAsLTMxbC03LC0yOC42NjYiLz4KICAgIDxwYXRoIGZpbGw9IiM0OTcyOGIiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg2NCIgZD0ibTE2MC43ODMsNzMuMTAxMmwtMTEuNjY2LC0yLjMzMzJsMS42NjYsLTkuMzM0YzQuMzMzLC0yIDExLjY2NywzLjMzNCAxMS42NjcsMy4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiM0OTcyOGIiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg2NiIgZD0ibTE2MS4xMTcsMTMxLjQzNGwyMy4zMzMsLTE3LjMzM2wwLjY2Nyw4bC0xNy42NjcsMTYuMzMzbC02LjMzMywtNyIvPgogICAgPHBhdGggZmlsbD0iI2ZmZmZmZiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDY4IiBkPSJtMTA5LjM1MDgsNS4wOTgwNWwtNi45MDEyLDI4LjAwMzk1bC0zLjQzMjQsMjAuNjYyOGwtMC41Njc2LDE1LjMzNzJsMzEuMjM0OCwxLjY2MjhsMTkuNDMyNiwwLjAwMzJsLTEuNzY3LC0zNS4wMDMybDMsLTI2Ljk5OTk2bC0wLjMzMywtNWwtMjUuMzMyNiwtMmwtMTUuMzMzNiwzLjMzMzIxIi8+CiAgICA8cGF0aCBmaWxsPSIjZGNkOWQ4IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNzAiIGQ9Im0xNDQuNzgzLDcxLjEwMTJjMCwwIC0xLjY2NiwtMzQuNjY3MiAzLjMzNCwtNTkuMzMzMmMwLDAgLTEwLC02LjMzNDAyIC0yNC42Njc0LC04LjAwMDAzbDI4LjAwMDQsMWwzLjMzMywybC00LDU0LjY2NjAzbC0xLDExLjY2OCIvPgogICAgPHBhdGggZmlsbD0iI2ZmZmZmZiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDcyIiBkPSJtMTY1LjAxOCw0My4wOThsMTMsMy42NjY4bDI0LjY2NiwxLjMzMzJsMy42NjcsMTEuMzMyOWwtNi42NjcsMTkuNjY3MWwtNy42NjYsMWwtMTAuNjY3LC0zLjMzMzJsLTEwLjIzNCwtNC45OTY4bC01LjQzMywwLjk5NjhsLTQuMjM0LC0xLjY2MzYiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg3NCIgZD0ibTE2NC43ODMsNDkuNzY4YzAsMCA4LjY2NiwzLjk5OTIgMTAsMy42NjZsLTMuNjY2LDE4LjMzNGw0LjMzMywxLjY2NmMwLDAgMywtMTcuMzMyOCAzLC0xOS4zMzI4YzAsMCAxOC42NjYsLTEgMjAuMzMzLC0xYzAsMCA0LDcuNjY2OCAzLDE1LjY2NjhsMy42NjcsLTEwLjY2NjhsMC4zMzMsLTZsLTUuMzMzLC04bC02LC0xLjMzMzJsLTEwLDAuMzMzMmwtMy4zMzMsNC4zMzI4bC0xMS42NjcsLTEuNjY2bC0zLjY2NywtMS4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNmZmZmZmYiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg3NiIgZD0ibTE1MS42ODQsNzMuNDMwOWwtNy4zMzMsMTguNjY3MWwtNy42NjcsMTFjMCwwIDEuNjY2LDQuNjY3IDQsNC42NjdjMi4zMzQsMCA3LjY2NywwIDcuNjY3LDBsNy4zMzMsLTIuNjY3bC0wLjY2NiwtMTIuMzMzMmwtMy4zMzQsLTE5LjMzMzkiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg3OCIgZD0ibTE1My4xMTcsNzkuNzY4YzAsMCAtOS4zMzQsMTcuOTk5MiAtOS4zMzQsMjAuNjY2YzAsMCAxLjY2Niw0IDQsM2MyLjMzNCwtMSA3LjMzNCwtMy42NjYgNy4zMzQsLTMuNjY2bDAsNi4zMzNsLTExLjMzNCwyLjMzNGwtNy42NjYsLTFsMTMsLTMwLjY2N2wyLjY2NiwtMC4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNmZmZmZmYiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg4MCIgZD0ibTExMi4zNTEyLDEyMy43NjRsLTkuMjM0NCwxLjAwNGwtOC42NjcyLDIuNjY3bDAsLTNsNC4yMzQ4LC00LjY3bDEzLjMzMzIsLTYiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg4MiIgZD0ibTk3LjQ1MDgsMTIyLjc2NWMwLDAgMTAuMzM0LC00LjMzNCAxMy42NjcyLC0zLjMzNGwwLjMzMTYsLTMuOTk2bC05LjMzMTYsMS45OTZsLTUuNjY3Miw0bDEsMS4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNkMzM4MzMiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg4NCIgZD0ibTE2NC45ODIsMTA2LjYzYy01LjY1NiwwLjE2NiAtMTAuNzY2LDAuODM4IC0xNS4yNCwyLjFjMC4zMDQsMS44MzQgLTAuMjY1LDMuNjM0IDAuMTkyLDQuOTU1YzEuMjQ3LDAuODk4IDMuMzM3LDAuODg0IDUuMjIyLDEuMDk1Yy0xLjYzLDAuODAxIC0zLjkyLDEuMTE4IC01LjgwMSwwLjY1NWMtMC4wNDQsMS4yNzMgLTAuNjE1LDIuMDYyIC0wLjk2MSwzLjA1OGMzLjE4LDEuMTM1IDEwLjY4Nyw4LjU3NiAxNC45MSw2LjExMmMyLjAxMiwtMS4xNzIgMi44NjcsLTcuODY2IDMuMDIzLC0xMS4xMjFjMC4xMywtMi43IC0wLjI0NSwtNS40MjQgLTEuMzQ1LC02Ljg1NCIvPgogICAgPHBhdGggZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZDMzODMzIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1taXRlcmxpbWl0PSI0IiBpZD0icGF0aDg2IiBkPSJtMTY0Ljk4MiwxMDYuNjNjLTUuNjU2LDAuMTY2IC0xMC43NjYsMC44MzggLTE1LjI0LDIuMWMwLjMwNCwxLjgzNCAtMC4yNjUsMy42MzQgMC4xOTIsNC45NTVjMS4yNDcsMC44OTggMy4zMzcsMC44ODQgNS4yMjIsMS4wOTVjLTEuNjMsMC44MDEgLTMuOTIsMS4xMTggLTUuODAxLDAuNjU1Yy0wLjA0NCwxLjI3MyAtMC42MTUsMi4wNjIgLTAuOTYxLDMuMDU4YzMuMTgsMS4xMzUgMTAuNjg3LDguNTc2IDE0LjkxLDYuMTEyYzIuMDEyLC0xLjE3MiAyLjg2NywtNy44NjYgMy4wMjMsLTExLjEyMWMwLjEzLC0yLjcgLTAuMjQ1LC01LjQyNCAtMS4zNDUsLTYuODU0eiIvPgogICAgPHBhdGggZmlsbD0iI2QzMzgzMyIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDg4IiBkPSJtMTM3LjkzNSwxMTUuODc2Yy0wLjAxNSwtMC40MjggLTAuMDMzLC0wLjg1OSAtMC4wNSwtMS4yOTFjLTEuNzY2LC0xLjE2IC00LjYxNywtMS4xNDYgLTYuNTU1LC0yLjEyMWMyLjg1NywtMC4xMjUgNS4xMDYsLTAuODEzIDcuMDUyLC0xLjc4M2MtMC4wNDMsLTEuMDc4IC0wLjA4NCwtMi4xNTUgLTAuMTI2LC0zLjIzM2MtMy4yMzcsLTIuMjE2IC02LjE5NCwtNS41MTYgLTEwLjAwNTIsLTcuNTk0MWMtMS44MDIsLTAuOTgyOCAtOC4xMjYyLC0zLjUxMTcgLTEwLjA0MzQsLTMuMDY0OGMtMS4wODQ3LDAuMjUxOSAtMS4xODI0LDEuNTk4IC0xLjYxNiwyLjg2NjhjLTAuOTIzOCwyLjcxNzEgLTMuMDUwOCw3LjA0MjEgLTMuMjM2MywxMS4xMzIxYy0wLjIzNjMsNS4xNjYgLTAuNzU3OCwxMy44MjQgNC44MDk0LDEyLjc2YzQuNDkxNCwtMC44NTcgOS43MTUyLC0yLjkyNiAxMy4xOTI1LC00LjgyNmMyLjEyNSwtMS4xNjIgMy4zNTQsLTIuNTk4IDYuNTc4LC0yLjg0NiIvPgogICAgPHBhdGggZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZDMzODMzIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1taXRlcmxpbWl0PSI0IiBpZD0icGF0aDkwIiBkPSJtMTM3LjkzNSwxMTUuODc2Yy0wLjAxNSwtMC40MjggLTAuMDMzLC0wLjg1OSAtMC4wNSwtMS4yOTFjLTEuNzY2LC0xLjE2IC00LjYxNywtMS4xNDYgLTYuNTU1LC0yLjEyMWMyLjg1NywtMC4xMjUgNS4xMDYsLTAuODEzIDcuMDUyLC0xLjc4M2MtMC4wNDMsLTEuMDc4IC0wLjA4NCwtMi4xNTUgLTAuMTI2LC0zLjIzM2MtMy4yMzcsLTIuMjE2IC02LjE5NCwtNS41MTYgLTEwLjAwNTIsLTcuNTk0MWMtMS44MDIsLTAuOTgyOCAtOC4xMjYyLC0zLjUxMTcgLTEwLjA0MzQsLTMuMDY0OGMtMS4wODQ3LDAuMjUxOSAtMS4xODI0LDEuNTk4IC0xLjYxNiwyLjg2NjhjLTAuOTIzOCwyLjcxNzEgLTMuMDUwOCw3LjA0MjEgLTMuMjM2MywxMS4xMzIxYy0wLjIzNjMsNS4xNjYgLTAuNzU3OCwxMy44MjQgNC44MDk0LDEyLjc2YzQuNDkxNCwtMC44NTcgOS43MTUyLC0yLjkyNiAxMy4xOTI1LC00LjgyNmMyLjEyNSwtMS4xNjIgMy4zNTQsLTIuNTk4IDYuNTc4LC0yLjg0NnoiLz4KICAgIDxwYXRoIGZpbGw9IiNkMzM4MzMiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg5MiIgZD0ibTE0MS4xNSwxMDkuNzEyYy0wLjQ5NCwyLjgxNCAtMS4wNjUsMy42MTcgLTAuODQ0LDYuMDcyYzcuNTA1LDUuMDA0IDguOTE0LC04LjU5NSAwLjg0NCwtNi4wNzIiLz4KICAgIDxwYXRoIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2QzMzgzMyIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbWl0ZXJsaW1pdD0iNCIgaWQ9InBhdGg5NCIgZD0ibTE0MS4xNSwxMDkuNzEyYy0wLjQ5NCwyLjgxNCAtMS4wNjUsMy42MTcgLTAuODQ0LDYuMDcyYzcuNTA1LDUuMDA0IDguOTE0LC04LjU5NSAwLjg0NCwtNi4wNzJ6Ii8+CiAgICA8cGF0aCBmaWxsPSIjZWYzZDNhIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoOTYiIGQ9Im0xNTIuMDE3LDEwNy40MzFjMCwwIC0yLjMzNCwzLjMzNCAtMC42NjcsNC4zMzRjMS42NjcsMSAzLjMzNCwtMC4wMDEgNC4zMzQsMS42NjZjMSwxLjY2NyAwLDIuNjY3IDAuMzMzLDQuNjY3YzAuMzMzLDIgMi4wMDEsMi4zMzQgMy42NjcsMi42NjdjMS42NjYsMC4zMzMgNi4zMzQsMSA3LC0wLjY2N2wtMiw2bC00LDEuMzMzbC0xMi42NjcsLTcuMzMzbC0wLjY2NywtMy42NjdsMCwtNy4zMzMiLz4KICAgIDxwYXRoIGZpbGw9IiNlZjNkM2EiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg5OCIgZD0ibTExNy4wMTcyLDk2LjQzMDljLTAuNDAwNCw1LjIwMjEgLTAuODI0MiwxMC4zOTcxIC0xLjI5NTcsMTUuNTk0MWMtMC43MDU1LDcuNzYgMS44NjQsNi40MDYgOC41OTA2LDYuNDA2YzEuMDI3NCwwIDYuMzI1OSwtMS4yMjUgNi43MDQ5LC0yYzEuODE4LC0zLjcxMyAtMy4wNCwtMi44ODggMi4wOTQsLTUuNjg4YzQuMzM0LC0yLjM2MyAxMS45OSwxLjQzNSAxMC4yMzksNi42ODhjLTAuOTgsMS4xNjggLTUuMTA2LDAuMzY0IC02LjU4NSwxLjEzMWMtMi42MDQsMS4zNSAtNS4yMDgsMi43IC03LjgxMjMsNC4wNWMtMy4zMTMyLDEuNzE5IC0xMC45NzA3LDQuMjI1IC0xNC41MDMxLDEuODIzYy04Ljk1MDQsLTYuMDg3IDAuNTY0OSwtMjEuMjk2IDMuNzU3OCwtMjcuNjQ1OSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEwMCIgZD0ibTEyNS43ODg3LDIxNC41MzJjLTkuMDg1MiwyLjExNiAtMTMuNTk5NiwtMy44MDIgLTE2LjM1MzUsLTkuOTRjLTIuNDU5LDAuNTk2IC0xLjQ4MDUsMy45NCAtMC44NTk0LDUuNjQ0YzEuNjI2Miw0LjQ3MiA4LjE3OTcsMTAuNDI1IDEzLjUzNDQsOS42MThjMi4zMDQzLC0wLjM0NyA1LjQyMjYsLTIuNDU0IDMuNjc4NSwtNS4zMjIiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMDIiIGQ9Im0xNzAuMDU1LDIwNC4xODZjMC4xNDMsLTAuMDA2IDAuMjg4LC0wLjAxMSAwLjQzMSwtMC4wMTdjMi4wNTMsLTQuMjY1IDMuODMsLTguNzgzIDYuNDIsLTEyLjU0OGMtMS43MzUsLTQuMDQxIC0xMy4xMzgsLTcuNjE3IC0xMi45NjIsLTAuMzYxYzIuNDY2LDEuMDc4IDYuNzIzLDAuMjIgOC45MDksMS41OTdjLTEuMjY0LDMuNDY5IC0zLjA4OCw2LjQyMiAtMi43OTgsMTEuMzI5Ii8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTA0IiBkPSJtMTMwLjQ0LDIwNC4wNzVjMS45NDgsLTMuNTcxIDIuNTgyLC03LjMyMyA1LjM1MSwtMTAuMDIyYzEuMjQ3LC0xLjIxNSAzLjY3MiwtMi42OTYgMi40NywtNi4wNzVjLTAuMjgxLC0wLjc5NyAtMi4zMzQsLTIuNTc0IC0zLjUxOSwtMi45MjNjLTQuMzI5LC0xLjI3OCAtMTQuNDE2MiwtMC4yNjQgLTExLjAwMDIsNS4xMzNjMy41ODAxLC0wLjE2NyA4LjM5MjIsLTIuMzI1IDExLjA2ODIsMC4yNzRjLTIuMDU1LDMuMjg1IC01LjcxODYsOS43ODQgLTQuMzcsMTMuNjEzIi8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTA2IiBkPSJtMTY4LjQzLDE2Ny43ODFjLTYuNTE4LC00LjE4NyAtMTMuNzg2LC04Ljc0IC0yNC40NjYsLTcuNjg0Yy0yLjI4MiwxLjk4NCAtMy4xNTIsNi4zOTkgLTAuOTM1LDkuMzE1YzEuMTU0LC0xLjk4NCAwLjQyOSwtNS42MzMgMy42NDUsLTYuMTgyYzYuMDYsLTEuMDM3IDEzLjExMywzLjcwNyAxNy40NzIsNS4zNjVjMi43MDMsNC41NTcgLTAuMjMzLDYuMjMzIC0yLjY2OCw5LjE2NmMtNC45ODUsNi4wMDkgLTExLjY3MiwxMy40NTcgLTExLjQyOSwyMi40NTNjMi4wMTUsMS40NjEgMi4xODksLTIuMjMgMi40NzgsLTIuOTAyYzIuNjAzLC02LjA5MiA5LjE1NCwtMTMuODgzIDEzLjkzNSwtMTkuMDk3YzEuMTc0LC0xLjI4NCAzLjEwNywtMi41MTYgMy4zMjIsLTMuMzY1YzAuNjIsLTIuNDY5IC0xLjYxMywtNS40MjcgLTEuMzU0LC03LjA2OSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEwOCIgZD0ibTgyLjUwMTYsMTcyLjE4OWMtMi4wNDMsMS4xNjYgLTIuNTI5Myw2LjMwMiAtNC45Mjc4LDYuNDQ4Yy0zLjQyNzcsMC4yMDggLTIuODAyNywtNi42NjMgLTIuNzg5LC0xMC42ODFjLTIuMzU5NCwyLjE0MiAtMi43NzQzLDguNzM3IC0xLjA0MSwxMi4xMjRjLTEuOTc1NCwwLjk3IC0yLjg1NzUsLTEuMDcgLTMuOTUzMiwtMS43ODljMS40MDgyLDEwLjIzIDE0Ljk2NDksNC43NDUgMTIuNzExLC02LjEwMiIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDExMCIgZD0ibTE3Mi41OCwxNjMuNTIxYy0zLjAzNCwtNS43NzUgLTcuMzI2LC0xMi4xMzUgLTE2LjIyOSwtMTIuMzJjLTAuMTgxLDEuODY1IC0wLjMyLDQuNzAzIDAuMDEsNS44MjZjNi44MDYsMC42NTQgMTEuMDA4LDQuMTE4IDE2LjIxOSw2LjQ5NCIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDExMiIgZD0ibTEyOS45MjY2LDE1OS43NzdjNS42Nzg0LC0yLjk4NiAxNi4xMTQ0LC0zLjMwNyAyMy44MzI0LC0zLjA4MWMwLjQxNCwtMS42OTEgMC40MDQsLTMuNzggMC40MiwtNS44NDJjLTkuOTIxLC0wLjQ5NSAtMjEuNjUxLDEuOTYgLTI0LjI1MjQsOC45MjMiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTQiIGQ9Im0xMjguODQ3MywxNTQuMjA5YzMuOTI2NywtOS44NTkgMTcuNDIyNywtOC43MjQgMjguODAzNywtOC40NTJjLTAuNTAxLC0xLjI4IC0xLjU4NywtMi43OTIgLTIuOTM3LC0zLjMzOWMtMy42NDcsLTEuNDg0IC0xMy43MDYsLTIuNjEgLTE4Ljc2OSwwLjA3OWMtMy4yMTEsMS43MDcgLTUuMjc0LDUuNTY0IC03LjAzMzMsNy44MjVjLTAuODQ5NiwxLjA5MiAtNS4wODAxLDMuODgxIC0wLjA2NDQsMy44ODciLz4KICAgIDxwYXRoIGZpbGw9IiM4MWIwYzQiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTYiIGQ9Im0xNjcuOTU2LDk5LjgyNjJjLTQuNjA4LC03Ljg5MjIgLTkuMDE3LC0xNS45OTgxIC0xNC40ODQsLTIyLjk1OTRjMi4yOTIsNi43MzkxIDMuMjczLDE4LjAxODQgMy42MTksMjYuNjE3MmM0Ljc5NSwyLjI0NCA4LjkwMSwtMC41MDUgMTAuODY1LC0zLjY1NzgiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTgiIGQ9Im0xOTIuNzUyLDcxLjQ2MDljLTUuMTU5LC0xLjAzMjggLTguNzg0LC02LjA0NjggLTEzLjgxNywtNS43MjVjMi43NjYsMy44OTkzIDcuNjEzLDUuNTQzIDEzLjgxNyw1LjcyNSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyMCIgZD0ibTE5NS4wMjgsNjMuMzg3MWMtNC4yMDUsLTAuNDQ0MSAtOS4xNDQsLTEuMTI1IC0xMy40MDksLTAuNzc0MmMyLjAxOSwzLjA4NCA5Ljc5OCwyLjAxOTkgMTMuNDA5LDAuNzc0MiIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyMiIgZD0ibTE5Ni40ODUsNTYuNDI2MmMtNC43MjYsLTAuMTAyNCAtMTAuNiwtMC4wMDgyIC0xNS4wOTIsMC4zNjg3YzIuNjU3LDIuODUzOSAxMi4wMjcsMS4wNTkgMTUuMDkyLC0wLjM2ODciLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMjQiIGQ9Im0xNTkuMDY0LDM3LjM3N2MwLjY3OCwtNS45MzUyIDMuMDMxLC0xMS45NDg5IDIuNzM2LC0xOC40NDg5Yy0yLjYxMywtMC44ODEyIC00LjExNCwtMS42NTE5IC03LjYxNSwtMS42NDcyYy0wLjI0Nyw1LjUyNDIgLTAuOTg2LDEzLjk2OTEgLTAuNzY1LDE5LjIzNTFjMS43MjIsLTAuMTE0IDQuMjYxLDEuMjMwMSA1LjY0NCwwLjg2MSIvPgogICAgPHBhdGggZmlsbD0iI2YwZDZiNyIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyNiIgZD0ibTE1MS40NDUsMTI0Ljg0OWMtMi4zNzMsLTEuNTQ5IC00LjM5NCwtMy40ODMgLTYuNjczLC01LjEzN2MtNS4wNTQsLTAuMjUgLTcuODEyLDAuMzUgLTExLjUyNSwzLjI1MmMwLjA2MSwwLjIzMyAwLjQzNCwwLjEyOSAwLjQ0OCwwLjQxNWM1LjQxLC0yLjQxMSAxMi4yODcsMC45ODIgMTcuNzUsMS40NyIvPgogICAgPHBhdGggZmlsbD0iIzgxYjBjNCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyOCIgZD0ibTEyMy4wNDQ1LDg3Ljk3MTFjMS40ODY0LDYuNDQxIDcuMzEwNiw5Ljc3NjkgMTIuNTk5NSwxMy4zMjM5YzUuNDU5LC02LjkyODIgOC43NzksLTE1LjgzOCAxMi40MzUsLTI0LjQzNmMtOC42MzgsMi42MDM5IC0xNy40NjQsNi44Mjg5IC0yNS4wMzQ1LDExLjExMjEiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMzAiIGQ9Im0xNTMuNDIsMzYuNTE2Yy0wLjIyMSwtNS4yNjYgMC41MTgsLTEzLjcxMDkgMC43NjUsLTE5LjIzNTFjMy41MDEsLTAuMDA0NyA1LjAwMiwwLjc2NiA3LjYxNSwxLjY0NzJjMC4yOTUsNi41IC0yLjA1OCwxMi41MTM3IC0yLjczNiwxOC40NDg5Yy0xLjM4MywwLjM2OTEgLTMuOTIyLC0wLjk3NSAtNS42NDQsLTAuODYxem0tNTQuNTE0MSwyOS45NDg4YzIuMzA4NiwtMjEuMjIzIDUuNjUyMywtMzkuMDYzNiAxMS43ODUxLC01Ny44NTY5OWMxMy42MTEzLC00LjEzMjgxIDMwLjAyLC00LjQ5Mjk3IDQyLjA1MSwtMC43NjM2N2MtMi4yMDksMTAuNjA3MDYgLTEuMjQ0LDIzLjUyMDY2IC0yLjUzNSwzNC44Mzk4NmMtMC45NzMsOC41MDc4IC0wLjQ3NywxNy4wNjggLTEuODExLDI1Ljc0OGMtMTQuNTc4LDMuMDMyOCAtMzUuMTgzNSwwLjcwOSAtNDkuNDkwMSwtMS45Njcyem01Mi45MzcxLDEuODM0Yy0wLjEyMywtOS4xMTQ4IDAuNDA4LC0xOC4xMDU4IDEuMTA0LC0yNy4yMzJjMy41LDAuNTI1NCA1Ljg3NSwwLjg3NjIgOS4xMjcsMS41ODkxYy0xLjA1Niw4Ljc4NTkgLTAuOTI2LDE4LjY3MjIgLTMuMDc3LDI2LjQ0NDFjLTIuNDg2LC0wLjAyMzggLTQuNjc1LDAuMDI4OSAtNy4xNTQsLTAuODAxMnptMTcuNzU1LDEuNDY5MmMtMS42NjEsMC4zODA4IC0zLjU5NSwwLjAxNDggLTUuMTgyLC0wLjAxNmMwLjc0NiwtNy40MzAxIDIuNTU2LC0xNS42MjkgMy4xOTMsLTIzLjQyODJjMi40OTcsLTAuMDc3NyAzLjgzMSwxLjEgNS44ODUsMS40OTYxYzAuMTEsNi44NDYxIC0wLjU5OCwxNi4yNzgxIC0zLjg5NiwyMS45NDgxem0yNi44ODQsLTI0LjU2MjljNS4yMDUsMS4yNjQgOC40NzgsNy42MzkgNy4wMjIsMTQuMTg1OWMtMC45NzcsNC40IC0yLjcxNywxMi42ODUyIC00LjU3OSwxNS41Yy0xLjM3NiwyLjA4MiAtNS4xMDcsNC44MDc4IC04LjA4NiwyLjljLTQuODQ2LC0zLjEwMzEgLTEzLjM4MywtNC4wMDM5IC0xNi45MTcsLTcuNzYwMWMxLjc3MiwtNS45IDIuMzIyLC0xNC4wMDM5IDMuMDUzLC0yMS40Nzk3YzYuMDU0LC0wLjM3NzQgMTMuNTAzLDEuNjY2IDE4LjUzOCwtMC41MDI0Yy0zLjUxNSwtMS4xMzg2IC04LjA3NiwtMS4xNDc2IC0xMS4xMTMsLTIuODA3YzIuNDgyLC0xLjE5ODggOC4yOTMsLTAuOTU2NiAxMi4wODIsLTAuMDM2N3ptLTQ4LjQwMywzMS42NTM5Yy0zLjY1Niw4LjU5OCAtNi45NzYsMTcuNTA3OCAtMTIuNDM1LDI0LjQzNmMtNS4yODg5LC0zLjU0NyAtMTEuMTEzMSwtNi44ODI5IC0xMi41OTk1LC0xMy4zMjM5YzcuNTcwNSwtNC4yODMyIDE2LjM5NjUsLTguNTA4MiAyNS4wMzQ1LC0xMS4xMTIxem05LjAxMiwyNi42MjVjLTAuMzQ2LC04LjU5ODggLTEuMzI3LC0xOS44NzgxIC0zLjYxOSwtMjYuNjE3MmM1LjQ2Nyw2Ljk2MTMgOS44NzYsMTUuMDY3MiAxNC40ODQsMjIuOTU5NGMtMS45NjQsMy4xNTI4IC02LjA3LDUuOTAxOCAtMTAuODY1LDMuNjU3OHptLTEwLjIxNiwzLjYzYy0yLjA3MSwwLjIyMyAtMy44MjksLTIuMzgxIC02LjUyMiwtMS4yNTVjLTAuNjE3LC0wLjY4MiAtMS4xNzgsLTEuNDIxIC0xLjgwNywtMi4wODdjNS45NDgsLTcuMTY4MSA4LjY1MSwtMTcuMzM4IDEzLjI0NSwtMjUuNzYxOGMyLjQ2NSw4LjA5MTggMi4xODEsMTYuOTU3IDIuNzI0LDI1Ljc4ODhjLTMuMzg3LC0wLjIxNSAtNS4yNjYsMy4wNjMgLTcuNjQsMy4zMTV6bS02LjU2OSw4LjY3Yy0wLjIyMSwtMi40NTUgMC4zNSwtMy4yNTggMC44NDQsLTYuMDcyYzguMDcsLTIuNTIzIDYuNjYxLDExLjA3NiAtMC44NDQsNi4wNzJ6bS04Ljk0OSwyLjkzOGMtMy40NzczLDEuOSAtOC43MDExLDMuOTY5IC0xMy4xOTI1LDQuODI2Yy01LjU2NzIsMS4wNjUgLTUuMDQ1NywtNy41OTQgLTQuODA5NCwtMTIuNzZjMC4xODU1LC00LjA5IDIuMzEyNSwtOC40MTUgMy4yMzYzLC0xMS4xMzIxYzAuNDMzNiwtMS4yNjg4IDAuNTMxMywtMi42MTQ5IDEuNjE2LC0yLjg2NjhjMS45MTcyLC0wLjQ0NjkgOC4yNDE0LDIuMDgyIDEwLjA0MzQsMy4wNjQ4YzMuODExMiwyLjA3ODEgNi43NjgyLDUuMzc4MSAxMC4wMDUyLDcuNTk0MWMwLjA0MiwxLjA3OCAwLjA4MywyLjE1NSAwLjEyNiwzLjIzM2MtMS45NDYsMC45NyAtNC4xOTUsMS42NTggLTcuMDUyLDEuNzgzYzEuOTM4LDAuOTc1IDQuNzg5LDAuOTYxIDYuNTU1LDIuMTIxYzAuMDE3LDAuNDMyIDAuMDM1LDAuODYzIDAuMDUsMS4yOTFjLTMuMjI0LDAuMjQ4IC00LjQ1MywxLjY4NCAtNi41NzgsMi44NDZ6bS0zMy4yMTM2LDYuMDMzYy0yLjg4NiwtMi45MyA4LjA5NDUsLTYuOTI0IDExLjU5MDYsLTcuMTM5Yy0wLjAxOTUsMS44NTQgMS4wNTY2LDMuNjAyIDAuODM5OCw0LjkzMmMtNC4xNTIzLDAuNzI5IC05LjYwOTMsMC4yNDggLTEyLjQzMDQsMi4yMDd6bTM1LjU1MTYsLTEuMzc2Yy0wLjAxNCwtMC4yODYgLTAuMzg3LC0wLjE4MiAtMC40NDgsLTAuNDE1YzMuNzEzLC0yLjkwMiA2LjQ3MSwtMy41MDIgMTEuNTI1LC0zLjI1MmMyLjI3OSwxLjY1NCA0LjMsMy41ODggNi42NzMsNS4xMzdjLTUuNDYzLC0wLjQ4OCAtMTIuMzQsLTMuODgxIC0xNy43NSwtMS40N3ptMzIuNjMyLC05Ljg5NWMtMC4xNTYsMy4yNTUgLTEuMDExLDkuOTQ5IC0zLjAyMywxMS4xMjFjLTQuMjIzLDIuNDY1IC0xMS43MywtNC45NzcgLTE0LjkxLC02LjExMmMwLjM0NiwtMC45OTYgMC45MTcsLTEuNzg1IDAuOTYxLC0zLjA1OGMxLjg4MSwwLjQ2MyA0LjE3MSwwLjE0NiA1LjgwMSwtMC42NTVjLTEuODg1LC0wLjIxMSAtMy45NzUsLTAuMTk3IC01LjIyMiwtMS4wOTVjLTAuNDU3LC0xLjMyMSAwLjExMiwtMy4xMjEgLTAuMTkyLC00Ljk1NWM0LjQ3NCwtMS4yNjIgOS41ODQsLTEuOTM0IDE1LjI0LC0yLjFjMS4xLDEuNDMgMS40NzUsNC4xNTQgMS4zNDUsNi44NTR6bS03My4wNDIyLDguNDM3Yy0wLjkwNjMsMC42NDYgLTcuMDM3MSw4LjYyMyAtNy44NzcsOC4yOTJjLTExLjA5MzcsLTQuMzc1IC0yMS40NjY4LC0xMS45NCAtMzAuNzM2MywtMTkuMDk1YzguODM3OSwtMTguOTY0MSAxMi40MDU1LC00Mi4xOTgxIDEzLjAzNTksLTY0LjU5MThjMTAuMTI0MiwtNC43MzUyIDE5LjAxNjgsLTExLjU2MTQgMzIuNzU1MSwtMTIuMjc0MmMtMS41ODk4LDExLjI0OCAtMy4wNDEsMjEuMjgzMiAtMy45NDM0LDMxLjg3M2MtMy40NTE5LDEuNDU1MSAtOC40MDQzLC0wLjA2NiAtMTEuNjM0NywwLjQ1MTJjLTAuMDI3NCwzLjg5MjkgNC45MzM2LDEuNzA0NyA1LjM0NjgsNC4zMjI2YzAuMzExNCwxLjk4MDEgLTIuNzI5NiwyLjEzMDEgLTEuNzM5NCw1LjI0ODFjMi41MjU0LC0wLjkxOCAzLjg1MTYsLTIuOTQ1NyA2LjU0NDksLTMuNzA3MWMyLjQ2MSw1LjM4NCAtMC4wMzQ0LDE0LjkxMDIgMC4zMjAzLDE5LjQxMDJjMC4wNjcyLDAuODQ0OSAwLjQyMTksNC42ODA5IDIuMzE0NSw0LjAwNzhjMS42NzUsLTAuNTk1NyAtMC4wOTU3LC0xMC4yMDE5IDAuMDg3OSwtMTQuNDYwOWMwLjE2NzIsLTMuOTIzOSAtMC40NzM5LC03LjcyMDcgMS4xMTUyLC0xMC4xODRjMTMuMjc1NCwxLjgwNyAyNi43NjU2LDIuOTc1IDQxLjEyOTQsMy4zNjkxYy0zLjE2LDEuMzU1OSAtNi45MTQsMi42MzkxIC0xMS4wMjk4LDQuOTU5Yy0yLjIzMTIsMS4yNTc4IC05LjI2NDQsMy44NzUgLTkuOTA4Miw1Ljk5NDJjLTEuMDI3MywzLjM3NjkgMi42OTUzLDUuMTc1NyAzLjMzMiw4LjA3MDdjLTYuNzAxMSwtMy42NTQ3IC04LjAwODUsMy41MDMxIC05LjU5MzcsOC41NzQxYy0xLjQzNjMsNC41OTMgLTIuMjUzOSw4LjAyNCAtMi42MDYzLDEwLjY3M2MtNS43NzI2LDIuNzUyIC0xMS45NDQ1LDUuNTM5IC0xNi45MTMyLDkuMDY4em02Ny4xNzkyLDcuMzI3YzkuMjQzLDQuNDgyIDEwLjkwOSwtMTYuNzUxIDcuMjg2LC0yMy41OTFjMC41NiwtMi4wNCAyLjQ4NiwtMi44MjEgMy4yNzIsLTQuNjU1Yy01LjE1OCwtOS4yMzk5IC0xMC44ODcsLTE3Ljg2NDkgLTE2LjE1LC0yNi45OTYxYzMuOTE1LDIuNDM3MSA5LjUwNywwLjQzNTkgMTQuMTE0LDIuMjYwMWMxLjY4NCwwLjY2NiAyLjkwMyw0LjUyMTEgNC4xNzgsNy42MDUxYzMuNTA3LDguNDg0OCA3LjE4OSwxOS4xODE5IDguODI3LDI3LjI3ODljMC4zNywxLjg0NSAxLjM3OCw1Ljg2NSAxLjE1Miw3LjUwN2MtMC40MDMsMi45NCAtNC4zOTIsNS4xMiAtNi40MjEsNi45MzhjLTMuNzM4LDMuMzU4IC02LjA5Miw2LjMxMyAtOS45OTEsOS40NTNjLTEuNTgxLC0yLjMzNCAtNC45NzQsLTMuOTAyIC02LjI2NywtNS44em0tODguMzE3OSw4MS45NjhjLTQuNDA0MywtNC44NDYgLTMuNDgyNCwtMTMuOTI2IC0yLjk0OTIsLTIwLjM4NmM3Ljk2MDksNS4wMDggMTguNTI3MywtMC4zOTYgMTguNDI3NywtOC45MTRjMy44MDA4LDAuMTAxIDEuNDE5OSw0Ljc0NyAwLjczMjQsNy43NGMtMi4yNDY4LDkuNzc2IDMuNzg1MiwyMC4zOTcgMC4yNzM1LDI5LjMzN2MtNi44MTg0LC0wLjUxNyAtMTIuNDIsLTMuMzAyIC0xNi40ODQ0LC03Ljc3N3ptMzEuNTEzNywyOC4xMjZjLTkuOTcwNywtMi44MjYgLTIyLjc0OTMsLTEwLjA3MSAtMjYuODQ2NSwtMTkuMDI4YzMuMTcyNiwwLjQ2MSA1LjM3NSwyLjA2MSA4LjUwNDcsMi4yNTljMS4xODI4LDAuMDc3IDIuNzMyNCwtMC40OTYgNC4wOTE4LC0wLjE1OGMyLjcwOSwwLjY3MiA0Ljk5NTMsNi43NDYgNy4wMzksOS4wMDZjMS45OTIyLDIuMjA3IDQuMzg2NywzLjE1IDYuMDI1NCw1LjE2MmMxLjA1MjgsMC41MDggMi42MDk0LDAuNDczIDIuNjY5MiwyLjA1NGMtMC40NTYzLDAuNDg4IC0wLjkzNjgsMC44NiAtMS40ODM2LDAuNzA1em01MS45MDMyLC0yLjY1OGMtMTAuMzQ5LDUuODM5IC0yNy44NjYxLDEwLjIzMSAtMzguODc0Nyw0Ljc0M2MtOC44ODI4LC00LjQyOSAtMjAuODg5OSwtMTEuNzU3IC0yNC45ODM2LC0yMS4wNDNjMy44MjQyLC04Ljk2MSAtMS4xMzI4LC0xNy4xNzIgLTEuNDQ5MiwtMjYuMjdjLTAuMTY4LC00Ljg0MSAyLjI3OTMsLTkuMDY3IDIuNDY2OCwtMTQuMzM3Yy0xLjMwODYsLTIuMTU5IC01LjMwNjcsLTIuNDI1IC04LjA3NDMsLTIuMjc3Yy0wLjkzMTYsNC42NjIgLTIuNTYyNSw5LjkwMiAtNy4zNjMyLDEwLjQyOGMtNi43OTMsMC43NDMgLTExLjc1OTgsLTQuODc5IC0xMi4wNjg0LC0xMC43NTRjLTAuMzY1MiwtNi45MDkgNS4zMDY2LC0xOC4zNiAxMy4zNDU3LC0xNy41NjVjMy4xMDU1LDAuMzA3IDMuODY4NCwzLjQyIDcuMjUyLDMuMzg4YzEuODMzOSwtMy42NTkgLTIuODI4OSwtNC44MDggLTMuMzA4NiwtNy40MjVjLTAuMTI1LC0wLjY3NiAwLjM4NjcsLTMuMzE4IDAuNjg0MywtNC41NTdjMS40NjAyLC02LjAzMyA0LjcxNTMsLTEzLjg0MSA3LjkxOTIsLTE4LjQzNGM0LjA2NjQsLTUuODI2IDEyLjA1NTUsLTYuNzA0IDIwLjY1MDQsLTcuMjc1YzEuNTM1MSwzLjMwNyA3LjE5MDIsMy4wMzUgMTAuODc1LDIuMTdjLTQuNDE2LDEuNzQ5IC04LjUyMTUsNS45ODkgLTExLjkyMzksOS43NDJjLTMuOTA4Miw0LjMwNiAtNy44NjcxLDguOTI1IC04LjA2NzEsMTQuNTUzYzcuMzg1NSwtMTAuMjQ2IDEzLjQ4NzEsLTE5LjE5NCAyNi45MTY4LC0yMy43MDFjMTAuMTYxOCwtMy40MDggMjIuMDI5OCwxLjU2MiAyOS44Mzc4LDcuMDQ1YzMuMjQsMi4yNzkgNS4xNzQsNS44OTUgNy40NzcsOS4yMDVjOC42MTcsMTIuMzk1IDEyLjYzOCwzMC4wODcgMTEuNzU0LDQ3LjIzNWMtMC4zNjQsNy4wNzIgLTAuMzQ4LDE0LjEyIC0yLjcyMSwxOC44NzhjLTIuNDgsNC45NzUgLTEwLjg2OCw5LjQyNiAtMTUuNzc4LDQuOTI2Yy0wLjkxLDQuODM4IDQuMDgzLDcuODMgOS45NDgsNi4wODljLTQuMTgyLDUuMzk3IC04LjU3MSwxMS44ODIgLTE0LjUxNSwxNS4yMzZ6bTE5LjI4MSwtMTU5LjU2NzJjOC4wODcsNC4wMjAzIDIzLjE5NywxMC44MjExIDI4LjI2NywtMC4wMTQ4YzEuODcxLC0zLjk5NDIgNC4wNjYsLTEwLjc0NjEgNS4wMzUsLTE0Ljg2OTJjMS4zNjksLTUuODE2OCAtMS40ODQsLTE4LjA0MyAtNy40NjMsLTE5Ljk5NDljLTUuMjgxLC0xLjcyMzggLTExLjQ0MywtMS42MTg4IC0xNy44MDQsLTAuMzQxYy0wLjc0OSwwLjYyMyAtMS41ODMsMS43MDkgLTIuMTY2LDIuODQxYy00LjU0MiwwLjE3NjIgLTguNzk1LC0wLjI0MzggLTEyLjM4MywtMi4xMTA5YzAuMzQsLTMuMzU5IC0xLjkzMiwtMy44OTgxIC00LjA2MiwtNC41ODk5Yy0xLjU3OSwtNi4yNjA5IDMuMTU5LC0xNC40MzcxIDIuMDI1LC0yMC4xNDYxYy0wLjgwOSwtNC4wNjcyIC01LjgxMywtNC42OTYxIC05LjQ5MSwtNS40NTdjLTAuMTIsLTIuMjYwMiAwLjE2MSwtNC4xNDY4OSAwLjQxMiwtNi4wNTljLTAuODQxLC0zLjA5ODgzIC00LjYxMywtNC44NjI4OSAtOC4xODcsLTUuMjk0OTJjLTExLjc1OSwtMS40MTQwNiAtMjkuNjEzMywtMi4wNDkyMiAtNDAuOTIzOSwyLjAxNzk3Yy0zLjE1NjIsNy43NDE3NSAtNS42NDI2LDE3LjE1Nzg1IC04LjI3MTUsMjUuOTk4MDVjLTExLjAzMTIsLTEuMTc4MSAtMTkuOTUzMSw0Ljc1OTggLTI4LjM2NCw4LjY1Yy0yLjkxMjEsMS4zNSAtNi45NDA2LDIuMDkzNyAtOC4wMjg1LDQuNDExN2MtMS4wNTQ3LDIuMjQ0MiAtMC42MjMxLDYuNTQ1MyAtMC44ODQ4LDEwLjYwODJjLTAuNjY2LDEwLjM3NyAtMS4yMzYzLDIwLjM4NiAtMy45NzY2LDMxLjAxMWMtMS4yMzA0LDQuNzY3OSAtMy4zNzUsOC45NzUgLTQuODcxMSwxMy41NjkxYy0xLjM4MjgsNC4yNTc5IC0zLjc5ODgsOS41MTk5IC00LjQyODksMTMuNzY1OWMtMC45MzQzLDYuMjkzIDQuOTkxNCw2LjY0MyA4Ljc4MDUsOS4zN2M1Ljg1NzQsNC4yMTcgMTAuNDU1MSw2LjU0OSAxNi43OTg4LDEwLjM1NWMxLjg3ODksMS4xMjcgNy41NDUsMy45OCA4LjE4OTUsNS4yOTRjMS4yODEyLDIuNjA1IC0yLjE5OTIsNi4yNzggLTMuMTI5Nyw4LjMyYy0xLjQ3MTksMy4yMjkgLTIuMjM5NSw1Ljk3MiAtMi40NTA0LDkuMTU4Yy01LjMyMTUsMC44NDEgLTkuMzU1NSw0LjAwOCAtMTEuNzkyMiw3LjU3OWMtNC4wMzA4LDUuOTEgLTYuODI2MiwxNi44NDQgLTMuMzM4NywyNS4xNjFjMC4yNzM1LDAuNjU1IDEuNjM3NSwxLjk0MyAxLjgzODcsMi45NDljMC4zOTY5LDEuOTgxIC0wLjc0NjksNC42MTUgLTAuODE4LDYuNzIyYy0wLjM2NjQsMTAuODEgMS44MjksMjAuMTI0IDkuMTA2MywyMy4zODRjMi45NTQzLDExLjc2OSAxMy41MjgxLDE1LjY4MiAyMy40OTAyLDIxLjUzMWMzLjcyMzksMi4xODYgNy44Mjg5LDMuNTgzIDEyLjA2ODQsNS4xNDNjMTUuMjA4Miw1LjU5NyAzOC41NDE5LDQuNTQzIDUxLjE2MzksLTUuMDAzYzUuMzUyLC00LjA0OCAxMy45MDcsLTEyLjU5NSAxNi45NjcsLTE4Ljc4M2M4LjA4MiwtMTYuMzM3IDcuNTA4LC00My42NCAxLjg1NSwtNjMuNTEzYy0wLjc2LC0yLjY2OCAtMS44NjIsLTYuNTkgLTMuNDAxLC05Ljc5NWMtMS4wNzMsLTIuMjM4IC00LjQwOCwtNi43MTYgLTQuMDAzLC04LjY5MmMwLjQxNywtMi4wNDMgNy42MDQsLTcuNSA5LjE0NSwtOC45ODZjMi43NzUsLTIuNjc3IDguMDQ3LC02LjIzIDguNDc0LC05LjYwOGMwLjQ1OSwtMy41OTUgLTEuNTg0LC04LjUxMyAtMi42MTksLTExLjk4MmMtMy40NiwtMTEuNTc2OSAtNi44MzYsLTIyLjI3ODEgLTEwLjc1OSwtMzIuNTk5MiIvPgogICAgPHBhdGggZmlsbD0iI2Y3ZTRjZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEzMiIgZD0ibTEyMC44OTEsMTU3LjI1NWMwLjQzODcsMC41ODQgMi44NTA4LDEuNDcxIDYuMjI1OCwtMC4xNTRjMCwwIC00LC0wLjY2NyAtMy42NjcyLC03LjMzNmwtMS42NjY4LDAuMzM0YzAsMCAtMS43MjI2LDYuMDQ3IC0wLjg5MTgsNy4xNTYiLz4KICAgIDxwYXRoIGZpbGw9IiMxZDE5MTkiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMzQiIGQ9Im0xNTAuMTE3LDk5LjkzNGMwLC0xLjAxMjEgLTAuODIxLC0xLjgzMjggLTEuODM0LC0xLjgzMjhjLTEuMDEyLDAgLTEuODMzLDAuODIwNyAtMS44MzMsMS44MzI4YzAsMS4wMTIgMC44MjEsMS44MzQgMS44MzMsMS44MzRjMS4wMTMsMCAxLjgzNCwtMC44MjIgMS44MzQsLTEuODM0Ii8+CiAgICA8cGF0aCBmaWxsPSIjMWQxOTE5IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTM2IiBkPSJtMTUxLjk1LDkxLjQzNGMwLC0xLjAxMjEgLTAuODIxLC0xLjgzMjggLTEuODM0LC0xLjgzMjhjLTEuMDEyLDAgLTEuODMzLDAuODIwNyAtMS44MzMsMS44MzI4YzAsMS4wMTIxIDAuODIxLDEuODM0IDEuODMzLDEuODM0YzEuMDEzLDAgMS44MzQsLTAuODIxOSAxLjgzNCwtMS44MzQiLz4KICAgPC9nPgogIDwvZz4KIDwvZz4KPC9zdmc+ -keywords: -- ci/cd -- pipeline -- jenkins diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/NOTES.txt b/charts/redhat/redhat/jenkins/0.0.2/src/templates/NOTES.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/_helpers.tpl b/charts/redhat/redhat/jenkins/0.0.2/src/templates/_helpers.tpl deleted file mode 100644 index 8a087c57fb..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "openshift-jenkins.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openshift-jenkins.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openshift-jenkins.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "openshift-jenkins.labels" -}} -helm.sh/chart: {{ include "openshift-jenkins.chart" . }} -{{ include "openshift-jenkins.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "openshift-jenkins.selectorLabels" -}} -app.kubernetes.io/name: {{ include "openshift-jenkins.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openshift-jenkins.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openshift-jenkins.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/configmap-trusted-ca-bundle.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/configmap-trusted-ca-bundle.yaml deleted file mode 100644 index 8464ea3603..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/configmap-trusted-ca-bundle.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - config.openshift.io/inject-trusted-cabundle: "true" - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/deploymentconfig.yaml deleted file mode 100644 index d7a4e4da8a..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - replicas: 1 - selector: - {{ include "openshift-jenkins.selectorLabels" . | nindent 4}} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 8 }} - spec: - containers: - - env: - - name: OPENSHIFT_ENABLE_OAUTH - value: "true" - - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT - value: "true" - - name: DISABLE_ADMINISTRATIVE_MONITORS - value: "false" - - name: KUBERNETES_MASTER - value: https://kubernetes.default:443 - - name: KUBERNETES_TRUST_CERTIFICATES - value: "true" - - name: JENKINS_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }} - - name: JNLP_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }}-jnlp - - name: ENABLE_FATAL_ERROR_LOG_FILE - value: "false" - - name: JENKINS_UC_INSECURE - value: "false" - - name: CASC_JENKINS_CONFIG - value: /var/lib/jenkins/proxy.yaml - image: "" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 420 - periodSeconds: 360 - successThreshold: 1 - timeoutSeconds: 240 - name: jenkins - readinessProbe: - failureThreshold: 3 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 240 - resources: - limits: - memory: 1Gi - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/lib/jenkins - name: jenkins-data - - mountPath: /etc/pki/ca-trust/source/anchors - name: jenkins-trusted-ca-bundle - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: jenkins - serviceAccountName: jenkins - terminationGracePeriodSeconds: 30 - volumes: - - name: jenkins-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "openshift-jenkins.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - configMap: - defaultMode: 420 - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle - optional: true - name: jenkins-trusted-ca-bundle - triggers: - - imageChangeParams: - automatic: true - containerNames: - - jenkins - from: - kind: ImageStreamTag - name: jenkins:2 - namespace: openshift - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index 45edd915c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end -}} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/rolebinding.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/rolebinding.yaml deleted file mode 100644 index d508e63b43..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}_edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: edit -subjects: -- kind: ServiceAccount - name: {{ include "openshift-jenkins.serviceAccountName" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/route.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/route.yaml deleted file mode 100644 index 72aebd92c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/route.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - annotations: - haproxy.router.openshift.io/timeout: 4m - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: {{ include "openshift-jenkins.fullname" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/service-jnlp.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/service-jnlp.yaml deleted file mode 100644 index fc041abc59..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/service-jnlp.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }}-jnlp - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.servicejnlp.type }} - ports: - - port: {{ .Values.servicejnlp.port }} - targetPort: {{ .Values.servicejnlp.targetPort }} - protocol: TCP - name: {{ .Values.servicejnlp.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/service.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/service.yaml deleted file mode 100644 index a14452125f..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/serviceaccount.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/serviceaccount.yaml deleted file mode 100644 index 4d6bcbad64..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openshift-jenkins.serviceAccountName" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.jenkins: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"{{ include "openshift-jenkins.fullname" . }}\"}}" diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/templates/tests/test-connection.yaml deleted file mode 100644 index 30a3fee7cd..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "openshift-jenkins.fullname" . }}-test-connection" - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "openshift-jenkins.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/redhat/redhat/jenkins/0.0.2/src/values.yaml b/charts/redhat/redhat/jenkins/0.0.2/src/values.yaml deleted file mode 100644 index e2b4c95703..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.2/src/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Default values for openshift-jenkins. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - name: "jenkins" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - name: web - -servicejnlp: - type: ClusterIP - port: 50000 - targetPort: 50000 - name: agent - -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - enabled: false - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: - ## @param persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 8Gi - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/Chart.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/Chart.yaml deleted file mode 100644 index 137d74456b..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: jenkins -description: Jenkins is an open source automation server which enables developers to build, test, and deploy their software using pipelines. This chart allows the installation of th Jenkins on OpenShift image and enables a various set of plugins to improve cloud experience with Jenkins. -type: application -version: 0.0.3 -appVersion: "1.16.0" -icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzEyIiBoZWlnaHQ9IjMxMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KIDxtZXRhZGF0YSBpZD0ibWV0YWRhdGE4Ij5pbWFnZS9zdmcreG1sPC9tZXRhZGF0YT4KIDxkZWZzPgogIDxjbGlwUGF0aCBpZD0iY2xpcFBhdGgxOCIgY2xpcFBhdGhVbml0cz0idXNlclNwYWNlT25Vc2UiPgogICA8cGF0aCBpZD0icGF0aDIwIiBkPSJtMCwyNDk0Ljg0bDAsLTI0OTQuODRsMTgwNC4zNCwwbDAsMjQ5NC44NGwtMTgwNC4zNCwweiIvPgogIDwvY2xpcFBhdGg+CiA8L2RlZnM+CiA8Zz4KICA8dGl0bGU+YmFja2dyb3VuZDwvdGl0bGU+CiAgPHJlY3QgZmlsbD0ibm9uZSIgaWQ9ImNhbnZhc19iYWNrZ3JvdW5kIiBoZWlnaHQ9IjMxNCIgd2lkdGg9IjMxNCIgeT0iLTEiIHg9Ii0xIi8+CiA8L2c+CiA8Zz4KICA8dGl0bGU+TGF5ZXIgMTwvdGl0bGU+CiAgPGcgdHJhbnNmb3JtPSJtYXRyaXgoMS4yNSwwLDAsLTEuMjUsMCwzMTIpICIgaWQ9ImcxMCI+CiAgIDxnIGlkPSJnMzM5MyI+CiAgICA8cGF0aCBmaWxsPSIjZDMzODMzIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMjIiIGQ9Im0yMDguMTE4LDEyOS4yNjRjMCwtNDkuNDI4OCAtMzkuMTc1LC04OS40OTkyIC04Ny41LC04OS40OTkyYy00OC4zMjQyLDAgLTg3LjQ5OTI1LDQwLjA3MDQgLTg3LjQ5OTI1LDg5LjQ5OTJjMCw0OS40MyAzOS4xNzUwNSw4OS41MDEgODcuNDk5MjUsODkuNTAxYzQ4LjMyNSwwIDg3LjUsLTQwLjA3MSA4Ny41LC04OS41MDEiLz4KICAgIDxwYXRoIGZpbGw9IiNlZjNkM2EiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGgyNCIgZD0ibTM2LjY4NDM4LDEwNy4wOThjMCwwIC02LjMzNDM4LDkzLjMzMyA3OS42NjYwMiw5NmwtNS45OTk2LDEwbC00Ni42NjY0LC0xNS42NjdsLTEzLjMzMzYsLTE1LjMzM2wtMTEuNjY2NDIsLTIyLjMzNGwtNi42NjcxOSwtMjZsMiwtMTcuMzMzIi8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9Im5vbnplcm8iIGlkPSJwYXRoMjYiIGQ9Im02MC42ODgzLDE5MC4zMTljLTE1LjM1MiwtMTUuNzA4IC0yNC44NTE5NywtMzcuMzk2IC0yNC44NTE5NywtNjEuMzg5bDAsMGMwLC0yMy45ODggOS40OTk5NywtNDUuNjc4OCAyNC44NTE5NywtNjEuMzgzOWwwLDBjMTUuMzU5NCwtMTUuNzA1MSAzNi41MjY5LC0yNS4zOTYxIDU5LjkyODUsLTI1LjM5NjFsMCwwYzIzLjQwMjIsMCA0NC41NzEyLDkuNjkxIDU5LjkyOTIsMjUuMzk2MWwwLDBjMTUuMzUxLDE1LjcwNTEgMjQuODUzLDM3LjM5NTkgMjQuODUzLDYxLjM4MzlsMCwwYzAsMjMuOTkzIC05LjUwMiw0NS42ODEgLTI0Ljg1Myw2MS4zODlsMCwwYy0xNS4zNTgsMTUuNzAyIC0zNi41MjcsMjUuMzkzIC01OS45MjkyLDI1LjM5NWwwLDBjLTIzLjQwMTYsLTAuMDAyIC00NC41NjkxLC05LjY5MyAtNTkuOTI4NSwtMjUuMzk1bDAsMHptLTMuODg2LC0xMjYuNTcyMWMtMTYuMzE1NiwxNi42ODU5IC0yNi40MDIzLDM5Ljc0NjEgLTI2LjQwMjMsNjUuMTgzMWwwLDBjMCwyNS40NDEgMTAuMDg2Nyw0OC40OTkgMjYuNDAyMyw2NS4xODZsMCwwYzE2LjMxMTgsMTYuNjkgMzguODkxNSwyNy4wMzUgNjMuODE0NSwyNy4wMzJsMCwwYzI0LjkyMzIsMC4wMDMgNDcuNTA1MiwtMTAuMzQyIDYzLjgxNDIsLTI3LjAzMmwwLDBjMTYuMzE3LC0xNi42ODcgMjYuNDA1LC0zOS43NDcgMjYuNDAzLC02NS4xODZsMCwwYzAuMDAyLC0yNS40MzcgLTEwLjA4NiwtNDguNDk3MiAtMjYuNDAzLC02NS4xODMxbDAsMGMtMTYuMzA5LC0xNi42ODkxIC0zOC44OTEsLTI3LjAzMjggLTYzLjgxNDIsLTI3LjAzMjhsMCwwYy0yNC45MjMsMCAtNDcuNTAyNywxMC4zNDM3IC02My44MTQ1LDI3LjAzMjhsMCwwIi8+CiAgICA8cGF0aCBmaWxsPSIjZjBkNmI3IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMjgiIGQ9Im0xNTcuNDUxLDEyOC43NjhsLTEzLjMzNCwtMmwtMTguMDAwMiwtMmwtMTEuNjY3MiwtMC4zMzNsLTExLjMzMjgsMC4zMzNsLTguNjY3MiwyLjY2N2wtNy42NjY4LDguMzMzbC02LDE3bC0xLjMzMzIsMy42NjdsLTgsMi42NjZsLTQuNjY2OCw3LjY2N2wtMy4zMzMyLDExbDMuNjY3Miw5LjY2N2w4LjY2NiwzbDcsLTMuMzM0bDMuMzM0LC03LjMzM2w0LDAuNjY3bDEuMzMyOCwxLjY2NmwtMS4zMzI4LDcuNjY3bC0wLjMzNCw5LjY2N2wyLDEzLjMzM2wtMC4wNzgxLDcuNjE2bDYuMDc4MSw5LjcxN2wxMC42NjY4LDcuNjY3bDE4LjY2NzIsOGwyMC42NjYyLC0zbDE4LC0xM2w4LjMzNCwtMTMuMzMzbDUuMzMzLC05LjY2N2wxLjMzMywtMjRsLTQsLTIwLjY2N2wtNy4zMzMsLTE4LjMzM2wtNywtOS42NjciLz4KICAgIDxwYXRoIGZpbGw9IiMzMzUwNjEiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgzMCIgZD0ibTE0Ni4xMTcsNzEuMTAybC00Ny42Njc0LC0ybDAsLThsNCwtMjhsLTIsLTIuMzM0bC0zMy4zMzI4LDExLjMzNGwtMi4zMzQsNGwtMy4zMzMyLDM3LjY2NmwtNy42NjU2LDIyLjY2N2wtMS42NjcyLDUuMzMzbDI2LjY2NiwxOC4zMzNsOC4zMzQsMy4zMzRsNy4zMzI4LC05bDYuMzMzMiwtNS42NjdsNy4zMzQsLTIuMzMzbDMuMzMyOCwtMWw0LC0xNy4zMzNsMywtMy42NjY4bDcuNjY3MiwyLjY2NjhsLTUuMzM0LC0xMC4zMzRsMjkuMDAwMiwtMTMuNjY2bC0zLjY2NiwtMiIvPgogICAgPHBhdGggZmlsbD0iIzZkNmI2ZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDMyIiBkPSJtNjcuMTE2OCwxODcuNDM1bDguNjY2LDNsNywtMy4zMzRsMy4zMzQsLTcuMzMzbDQsMC42NjdsMSw0bC0yLDcuNjY2bDIsMTguMzM0bC0xLjY2NzIsMTBsNiw3bDEzLDEwLjMzM2wtMy42NjY4LDVsLTE4LjMzMzIsLTlsLTcuNjY2OCwtNmwtNC4zMzMyLC05LjMzM2wtNi42NjY4LC05bC0yLC0xMC42NjdsMS4zMzQsLTExLjMzMyIvPgogICAgPHBhdGggZmlsbD0iI2RjZDlkOCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDM0IiBkPSJtODAuNzgyOCwyMTguNzY4YzAsMCA1LDEyLjMzMyAyNSwxOC4zMzNjMjAsNiAxLDQuMzM0IDEsNC4zMzRsLTIxLjY2NiwtOC4zMzRsLTguMzM0LC04LjMzM2wtMy42NjYsLTYuNjY3bDcuNjY2LDAuNjY3Ii8+CiAgICA8cGF0aCBmaWxsPSIjZGNkOWQ4IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMzYiIGQ9Im03MC43ODI4LDE4OS43NjhjMCwwIC03LDIzLjMzNCAxOS42NjY4LDI2LjY2N2wtMSw0bC0xOC4zMzI4LC00LjMzNGwtNS4zMzQsLTE3LjMzM2wxLjMzNCwtMTEuMzMzbDMuNjY2LDIuMzMzIi8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMzgiIGQ9Im04MS40NDk2LDE1OC43NjhsNC4zNjQ1LDQuMjI5YzAsMCAxLjk2OTksLTAuMjI5IDIuMzAyNywtMi41NjJjMC4zMzI4LC0yLjMzNCAxLjMzMjgsLTIzLjMzNCAxNS42NjYsLTM0LjY2OGMxLjMwNzQsLTEuMDM0IC0xMC42NjYsMS42NjggLTEwLjY2NiwxLjY2OGwtMTAuNjY3MiwxNi42NjYiLz4KICAgIDxwYXRoIGZpbGw9IiNmN2U0Y2QiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg0MCIgZD0ibTE0Mi43ODUsMTY1LjEwMWMwLDAgMC43NzcsMTAuMTA0IDMuNDk4LDkuMzI3YzIuNzIxLC0wLjc3NyAyLjcyMSwtMy40OTggMi43MjEsLTMuNDk4YzAsMCAtNi42MDgsLTQuMjc1IC02LjIxOSwtNS44MjkiLz4KICAgIDxwYXRoIGZpbGw9IiNmN2U0Y2QiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg0MiIgZD0ibTE3MC40NSwyMDIuMTAxYzAsMCAtNS40OTQsLTEuMTYgLTYsLTZjLTAuNTA2LC00Ljg0MSA2LC0xIDcsLTAuNjY3Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9Im5vbnplcm8iIGlkPSJwYXRoNDQiIGQ9Im0xMzAuMTE2OCwyMDEuNzY3YzAsMCAtNy4zMzQsLTEgLTcuMzM0LC01LjY2NmMwLC00LjY2NyA4LjMzNDIsLTQuMzM0IDEwLjY2NzIsLTIuMzM0Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNDYiIGQ9Im04NC43ODI4LDE4MC4xMDFjMCwwIC0xMi42NjcyLDcuNjY3IC0xNCwwLjMzM2MtMS4zMzMyLC03LjMzMyAtNC4zMzQsLTEyLjY2NyAyLC0yMC4zMzNsLTQuMzMzMiwxLjMzM2wtNCwxMC4zMzNsLTEuMzMyOCwxMGw3LjY2Niw4LjAwMWw4LjY2NjgsLTAuNjY3bDUsLTRsMC4zMzMyLC01Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNDgiIGQ9Im05MC43ODI4LDIwMS4xMDFjMCwwIDUuNjY2OCwyOS4zMzMgMzQuMzM0LDM1YzIzLjYwMTIsNC42NjUgMzUuOTk5MiwtMSA0MC42NjYyLC02LjMzM2MwLDAgLTIxLDI0Ljk5OSAtNDEuMDAwMiwxNy4zMzNjLTIwLC03LjY2NyAtMzQuNjY2LC0yMS42NjcgLTM0LjMzMzIsLTMwLjY2NmMwLjU2NzYsLTE1LjMyOCAwLjMzMzIsLTE1LjMzNCAwLjMzMzIsLTE1LjMzNCIvPgogICAgPHBhdGggZmlsbD0iI2Y3ZTRjZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDUwIiBkPSJtMTY4LjExNywyMjYuNDM1YzAsMCAtOS42NjYsMC4zMzMgLTEwLC04LjMzNGMwLDAgLTAuMDAxLC0xLjMzMyAwLjY2NiwtMi42NjZjMCwwIDcuNjY4LDguNjY3IDEyLjMzNCw0Ii8+CiAgICA8cGF0aCBmaWxsPSIjZjdlNGNkIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTIiIGQ9Im0xMjUuNzg4NywyMTQuNTMyYzAsMCAtMS42NjQxLDEzLjMwMyAtMTMuMDA1OSw1LjU2OWMtNy4zMzMyLC01IC02LjY2NiwtMTIgLTUuMzMzMiwtMTMuMzMzYzEuMzMzMiwtMS4zMzQgMC45NzA3LC00LjAxOSAxLjk4NTYsLTIuMTc2YzEuMDE0NCwxLjg0MyAwLjY4MDQsNy44NDMgNC4zNDc2LDkuNTA5YzMuNjY2OCwxLjY2NyA5LjY3NzcsMy41MjkgMTIuMDA1OSwwLjQzMSIvPgogICAgPHBhdGggZmlsbD0iIzQ5NzI4YiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDU0IiBkPSJtOTQuNDQ5NiwxMjQuNDM1bC0zMS4zMzI4LC0xNGMwLDAgMTMsLTUxLjY2NyA2LjMzMjgsLTY3LjY2N2wtNC42NjY4LDEuNjY2bC0wLjMzMzIsMTkuNjY3MmwtOC42NjU2LDM3LjMzMjhsLTMuNjY3MiwxMC4zMzRsMzIuNjY2LDIxLjk5OWw5LjY2NjgsLTkuMzMyIi8+CiAgICA8cGF0aCBmaWxsPSIjNDk3MjhiIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTYiIGQ9Im05Ny42NzE1LDk1Ljg1NzhsNC40NDUzLC01LjQyMzhsMCwtMjBsLTUuMzM0LDBjMCwwIC0wLjY2NiwxNCAtMC42NjYsMTUuNjY3MmMwLDEuNjY2OCAwLjY2Niw3LjY2NjggMC42NjYsNy42NjY4Ii8+CiAgICA8cGF0aCBmaWxsPSIjNDk3MjhiIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNTgiIGQ9Im05Ny43ODI4LDY3LjQzNGwtMTUsLTAuNjY2bDQuMzM0LC0zbDEwLjY2NiwtMS42NjY4Ii8+CiAgICA8cGF0aCBmaWxsPSIjMzM1MDYxIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNjAiIGQ9Im0xNDkuMTE3LDcwLjc2OGwxMi4zMzMsMC4zMzMybDMsLTMwLjY2NzJsLTEyLjY2NywtMS42NjZsLTIuNjY2LDMyIi8+CiAgICA8cGF0aCBmaWxsPSIjMzM1MDYxIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNjIiIGQ9Im0xNTIuNDUsNzAuNzY4bDE4LjY2NywxYzAsMCA3LjY2NiwxOS4zMzMyIDcuNjY2LDIwLjMzMzJjMCwxIDYuNjY3LDI3Ljk5OTggNi42NjcsMjcuOTk5OGwtMTUsMTUuNjY2bC0zLDIuNjY3bC04LC04bDAsLTMxbC03LC0yOC42NjYiLz4KICAgIDxwYXRoIGZpbGw9IiM0OTcyOGIiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg2NCIgZD0ibTE2MC43ODMsNzMuMTAxMmwtMTEuNjY2LC0yLjMzMzJsMS42NjYsLTkuMzM0YzQuMzMzLC0yIDExLjY2NywzLjMzNCAxMS42NjcsMy4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiM0OTcyOGIiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg2NiIgZD0ibTE2MS4xMTcsMTMxLjQzNGwyMy4zMzMsLTE3LjMzM2wwLjY2Nyw4bC0xNy42NjcsMTYuMzMzbC02LjMzMywtNyIvPgogICAgPHBhdGggZmlsbD0iI2ZmZmZmZiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDY4IiBkPSJtMTA5LjM1MDgsNS4wOTgwNWwtNi45MDEyLDI4LjAwMzk1bC0zLjQzMjQsMjAuNjYyOGwtMC41Njc2LDE1LjMzNzJsMzEuMjM0OCwxLjY2MjhsMTkuNDMyNiwwLjAwMzJsLTEuNzY3LC0zNS4wMDMybDMsLTI2Ljk5OTk2bC0wLjMzMywtNWwtMjUuMzMyNiwtMmwtMTUuMzMzNiwzLjMzMzIxIi8+CiAgICA8cGF0aCBmaWxsPSIjZGNkOWQ4IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoNzAiIGQ9Im0xNDQuNzgzLDcxLjEwMTJjMCwwIC0xLjY2NiwtMzQuNjY3MiAzLjMzNCwtNTkuMzMzMmMwLDAgLTEwLC02LjMzNDAyIC0yNC42Njc0LC04LjAwMDAzbDI4LjAwMDQsMWwzLjMzMywybC00LDU0LjY2NjAzbC0xLDExLjY2OCIvPgogICAgPHBhdGggZmlsbD0iI2ZmZmZmZiIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDcyIiBkPSJtMTY1LjAxOCw0My4wOThsMTMsMy42NjY4bDI0LjY2NiwxLjMzMzJsMy42NjcsMTEuMzMyOWwtNi42NjcsMTkuNjY3MWwtNy42NjYsMWwtMTAuNjY3LC0zLjMzMzJsLTEwLjIzNCwtNC45OTY4bC01LjQzMywwLjk5NjhsLTQuMjM0LC0xLjY2MzYiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg3NCIgZD0ibTE2NC43ODMsNDkuNzY4YzAsMCA4LjY2NiwzLjk5OTIgMTAsMy42NjZsLTMuNjY2LDE4LjMzNGw0LjMzMywxLjY2NmMwLDAgMywtMTcuMzMyOCAzLC0xOS4zMzI4YzAsMCAxOC42NjYsLTEgMjAuMzMzLC0xYzAsMCA0LDcuNjY2OCAzLDE1LjY2NjhsMy42NjcsLTEwLjY2NjhsMC4zMzMsLTZsLTUuMzMzLC04bC02LC0xLjMzMzJsLTEwLDAuMzMzMmwtMy4zMzMsNC4zMzI4bC0xMS42NjcsLTEuNjY2bC0zLjY2NywtMS4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNmZmZmZmYiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg3NiIgZD0ibTE1MS42ODQsNzMuNDMwOWwtNy4zMzMsMTguNjY3MWwtNy42NjcsMTFjMCwwIDEuNjY2LDQuNjY3IDQsNC42NjdjMi4zMzQsMCA3LjY2NywwIDcuNjY3LDBsNy4zMzMsLTIuNjY3bC0wLjY2NiwtMTIuMzMzMmwtMy4zMzQsLTE5LjMzMzkiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg3OCIgZD0ibTE1My4xMTcsNzkuNzY4YzAsMCAtOS4zMzQsMTcuOTk5MiAtOS4zMzQsMjAuNjY2YzAsMCAxLjY2Niw0IDQsM2MyLjMzNCwtMSA3LjMzNCwtMy42NjYgNy4zMzQsLTMuNjY2bDAsNi4zMzNsLTExLjMzNCwyLjMzNGwtNy42NjYsLTFsMTMsLTMwLjY2N2wyLjY2NiwtMC4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNmZmZmZmYiIGZpbGwtcnVsZT0ibm9uemVybyIgaWQ9InBhdGg4MCIgZD0ibTExMi4zNTEyLDEyMy43NjRsLTkuMjM0NCwxLjAwNGwtOC42NjcyLDIuNjY3bDAsLTNsNC4yMzQ4LC00LjY3bDEzLjMzMzIsLTYiLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg4MiIgZD0ibTk3LjQ1MDgsMTIyLjc2NWMwLDAgMTAuMzM0LC00LjMzNCAxMy42NjcyLC0zLjMzNGwwLjMzMTYsLTMuOTk2bC05LjMzMTYsMS45OTZsLTUuNjY3Miw0bDEsMS4zMzQiLz4KICAgIDxwYXRoIGZpbGw9IiNkMzM4MzMiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg4NCIgZD0ibTE2NC45ODIsMTA2LjYzYy01LjY1NiwwLjE2NiAtMTAuNzY2LDAuODM4IC0xNS4yNCwyLjFjMC4zMDQsMS44MzQgLTAuMjY1LDMuNjM0IDAuMTkyLDQuOTU1YzEuMjQ3LDAuODk4IDMuMzM3LDAuODg0IDUuMjIyLDEuMDk1Yy0xLjYzLDAuODAxIC0zLjkyLDEuMTE4IC01LjgwMSwwLjY1NWMtMC4wNDQsMS4yNzMgLTAuNjE1LDIuMDYyIC0wLjk2MSwzLjA1OGMzLjE4LDEuMTM1IDEwLjY4Nyw4LjU3NiAxNC45MSw2LjExMmMyLjAxMiwtMS4xNzIgMi44NjcsLTcuODY2IDMuMDIzLC0xMS4xMjFjMC4xMywtMi43IC0wLjI0NSwtNS40MjQgLTEuMzQ1LC02Ljg1NCIvPgogICAgPHBhdGggZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZDMzODMzIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1taXRlcmxpbWl0PSI0IiBpZD0icGF0aDg2IiBkPSJtMTY0Ljk4MiwxMDYuNjNjLTUuNjU2LDAuMTY2IC0xMC43NjYsMC44MzggLTE1LjI0LDIuMWMwLjMwNCwxLjgzNCAtMC4yNjUsMy42MzQgMC4xOTIsNC45NTVjMS4yNDcsMC44OTggMy4zMzcsMC44ODQgNS4yMjIsMS4wOTVjLTEuNjMsMC44MDEgLTMuOTIsMS4xMTggLTUuODAxLDAuNjU1Yy0wLjA0NCwxLjI3MyAtMC42MTUsMi4wNjIgLTAuOTYxLDMuMDU4YzMuMTgsMS4xMzUgMTAuNjg3LDguNTc2IDE0LjkxLDYuMTEyYzIuMDEyLC0xLjE3MiAyLjg2NywtNy44NjYgMy4wMjMsLTExLjEyMWMwLjEzLC0yLjcgLTAuMjQ1LC01LjQyNCAtMS4zNDUsLTYuODU0eiIvPgogICAgPHBhdGggZmlsbD0iI2QzMzgzMyIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDg4IiBkPSJtMTM3LjkzNSwxMTUuODc2Yy0wLjAxNSwtMC40MjggLTAuMDMzLC0wLjg1OSAtMC4wNSwtMS4yOTFjLTEuNzY2LC0xLjE2IC00LjYxNywtMS4xNDYgLTYuNTU1LC0yLjEyMWMyLjg1NywtMC4xMjUgNS4xMDYsLTAuODEzIDcuMDUyLC0xLjc4M2MtMC4wNDMsLTEuMDc4IC0wLjA4NCwtMi4xNTUgLTAuMTI2LC0zLjIzM2MtMy4yMzcsLTIuMjE2IC02LjE5NCwtNS41MTYgLTEwLjAwNTIsLTcuNTk0MWMtMS44MDIsLTAuOTgyOCAtOC4xMjYyLC0zLjUxMTcgLTEwLjA0MzQsLTMuMDY0OGMtMS4wODQ3LDAuMjUxOSAtMS4xODI0LDEuNTk4IC0xLjYxNiwyLjg2NjhjLTAuOTIzOCwyLjcxNzEgLTMuMDUwOCw3LjA0MjEgLTMuMjM2MywxMS4xMzIxYy0wLjIzNjMsNS4xNjYgLTAuNzU3OCwxMy44MjQgNC44MDk0LDEyLjc2YzQuNDkxNCwtMC44NTcgOS43MTUyLC0yLjkyNiAxMy4xOTI1LC00LjgyNmMyLjEyNSwtMS4xNjIgMy4zNTQsLTIuNTk4IDYuNTc4LC0yLjg0NiIvPgogICAgPHBhdGggZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZDMzODMzIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1taXRlcmxpbWl0PSI0IiBpZD0icGF0aDkwIiBkPSJtMTM3LjkzNSwxMTUuODc2Yy0wLjAxNSwtMC40MjggLTAuMDMzLC0wLjg1OSAtMC4wNSwtMS4yOTFjLTEuNzY2LC0xLjE2IC00LjYxNywtMS4xNDYgLTYuNTU1LC0yLjEyMWMyLjg1NywtMC4xMjUgNS4xMDYsLTAuODEzIDcuMDUyLC0xLjc4M2MtMC4wNDMsLTEuMDc4IC0wLjA4NCwtMi4xNTUgLTAuMTI2LC0zLjIzM2MtMy4yMzcsLTIuMjE2IC02LjE5NCwtNS41MTYgLTEwLjAwNTIsLTcuNTk0MWMtMS44MDIsLTAuOTgyOCAtOC4xMjYyLC0zLjUxMTcgLTEwLjA0MzQsLTMuMDY0OGMtMS4wODQ3LDAuMjUxOSAtMS4xODI0LDEuNTk4IC0xLjYxNiwyLjg2NjhjLTAuOTIzOCwyLjcxNzEgLTMuMDUwOCw3LjA0MjEgLTMuMjM2MywxMS4xMzIxYy0wLjIzNjMsNS4xNjYgLTAuNzU3OCwxMy44MjQgNC44MDk0LDEyLjc2YzQuNDkxNCwtMC44NTcgOS43MTUyLC0yLjkyNiAxMy4xOTI1LC00LjgyNmMyLjEyNSwtMS4xNjIgMy4zNTQsLTIuNTk4IDYuNTc4LC0yLjg0NnoiLz4KICAgIDxwYXRoIGZpbGw9IiNkMzM4MzMiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg5MiIgZD0ibTE0MS4xNSwxMDkuNzEyYy0wLjQ5NCwyLjgxNCAtMS4wNjUsMy42MTcgLTAuODQ0LDYuMDcyYzcuNTA1LDUuMDA0IDguOTE0LC04LjU5NSAwLjg0NCwtNi4wNzIiLz4KICAgIDxwYXRoIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2QzMzgzMyIgc3Ryb2tlLXdpZHRoPSIyIiBzdHJva2UtbWl0ZXJsaW1pdD0iNCIgaWQ9InBhdGg5NCIgZD0ibTE0MS4xNSwxMDkuNzEyYy0wLjQ5NCwyLjgxNCAtMS4wNjUsMy42MTcgLTAuODQ0LDYuMDcyYzcuNTA1LDUuMDA0IDguOTE0LC04LjU5NSAwLjg0NCwtNi4wNzJ6Ii8+CiAgICA8cGF0aCBmaWxsPSIjZWYzZDNhIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoOTYiIGQ9Im0xNTIuMDE3LDEwNy40MzFjMCwwIC0yLjMzNCwzLjMzNCAtMC42NjcsNC4zMzRjMS42NjcsMSAzLjMzNCwtMC4wMDEgNC4zMzQsMS42NjZjMSwxLjY2NyAwLDIuNjY3IDAuMzMzLDQuNjY3YzAuMzMzLDIgMi4wMDEsMi4zMzQgMy42NjcsMi42NjdjMS42NjYsMC4zMzMgNi4zMzQsMSA3LC0wLjY2N2wtMiw2bC00LDEuMzMzbC0xMi42NjcsLTcuMzMzbC0wLjY2NywtMy42NjdsMCwtNy4zMzMiLz4KICAgIDxwYXRoIGZpbGw9IiNlZjNkM2EiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGg5OCIgZD0ibTExNy4wMTcyLDk2LjQzMDljLTAuNDAwNCw1LjIwMjEgLTAuODI0MiwxMC4zOTcxIC0xLjI5NTcsMTUuNTk0MWMtMC43MDU1LDcuNzYgMS44NjQsNi40MDYgOC41OTA2LDYuNDA2YzEuMDI3NCwwIDYuMzI1OSwtMS4yMjUgNi43MDQ5LC0yYzEuODE4LC0zLjcxMyAtMy4wNCwtMi44ODggMi4wOTQsLTUuNjg4YzQuMzM0LC0yLjM2MyAxMS45OSwxLjQzNSAxMC4yMzksNi42ODhjLTAuOTgsMS4xNjggLTUuMTA2LDAuMzY0IC02LjU4NSwxLjEzMWMtMi42MDQsMS4zNSAtNS4yMDgsMi43IC03LjgxMjMsNC4wNWMtMy4zMTMyLDEuNzE5IC0xMC45NzA3LDQuMjI1IC0xNC41MDMxLDEuODIzYy04Ljk1MDQsLTYuMDg3IDAuNTY0OSwtMjEuMjk2IDMuNzU3OCwtMjcuNjQ1OSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEwMCIgZD0ibTEyNS43ODg3LDIxNC41MzJjLTkuMDg1MiwyLjExNiAtMTMuNTk5NiwtMy44MDIgLTE2LjM1MzUsLTkuOTRjLTIuNDU5LDAuNTk2IC0xLjQ4MDUsMy45NCAtMC44NTk0LDUuNjQ0YzEuNjI2Miw0LjQ3MiA4LjE3OTcsMTAuNDI1IDEzLjUzNDQsOS42MThjMi4zMDQzLC0wLjM0NyA1LjQyMjYsLTIuNDU0IDMuNjc4NSwtNS4zMjIiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMDIiIGQ9Im0xNzAuMDU1LDIwNC4xODZjMC4xNDMsLTAuMDA2IDAuMjg4LC0wLjAxMSAwLjQzMSwtMC4wMTdjMi4wNTMsLTQuMjY1IDMuODMsLTguNzgzIDYuNDIsLTEyLjU0OGMtMS43MzUsLTQuMDQxIC0xMy4xMzgsLTcuNjE3IC0xMi45NjIsLTAuMzYxYzIuNDY2LDEuMDc4IDYuNzIzLDAuMjIgOC45MDksMS41OTdjLTEuMjY0LDMuNDY5IC0zLjA4OCw2LjQyMiAtMi43OTgsMTEuMzI5Ii8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTA0IiBkPSJtMTMwLjQ0LDIwNC4wNzVjMS45NDgsLTMuNTcxIDIuNTgyLC03LjMyMyA1LjM1MSwtMTAuMDIyYzEuMjQ3LC0xLjIxNSAzLjY3MiwtMi42OTYgMi40NywtNi4wNzVjLTAuMjgxLC0wLjc5NyAtMi4zMzQsLTIuNTc0IC0zLjUxOSwtMi45MjNjLTQuMzI5LC0xLjI3OCAtMTQuNDE2MiwtMC4yNjQgLTExLjAwMDIsNS4xMzNjMy41ODAxLC0wLjE2NyA4LjM5MjIsLTIuMzI1IDExLjA2ODIsMC4yNzRjLTIuMDU1LDMuMjg1IC01LjcxODYsOS43ODQgLTQuMzcsMTMuNjEzIi8+CiAgICA8cGF0aCBmaWxsPSIjMjMxZjIwIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTA2IiBkPSJtMTY4LjQzLDE2Ny43ODFjLTYuNTE4LC00LjE4NyAtMTMuNzg2LC04Ljc0IC0yNC40NjYsLTcuNjg0Yy0yLjI4MiwxLjk4NCAtMy4xNTIsNi4zOTkgLTAuOTM1LDkuMzE1YzEuMTU0LC0xLjk4NCAwLjQyOSwtNS42MzMgMy42NDUsLTYuMTgyYzYuMDYsLTEuMDM3IDEzLjExMywzLjcwNyAxNy40NzIsNS4zNjVjMi43MDMsNC41NTcgLTAuMjMzLDYuMjMzIC0yLjY2OCw5LjE2NmMtNC45ODUsNi4wMDkgLTExLjY3MiwxMy40NTcgLTExLjQyOSwyMi40NTNjMi4wMTUsMS40NjEgMi4xODksLTIuMjMgMi40NzgsLTIuOTAyYzIuNjAzLC02LjA5MiA5LjE1NCwtMTMuODgzIDEzLjkzNSwtMTkuMDk3YzEuMTc0LC0xLjI4NCAzLjEwNywtMi41MTYgMy4zMjIsLTMuMzY1YzAuNjIsLTIuNDY5IC0xLjYxMywtNS40MjcgLTEuMzU0LC03LjA2OSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEwOCIgZD0ibTgyLjUwMTYsMTcyLjE4OWMtMi4wNDMsMS4xNjYgLTIuNTI5Myw2LjMwMiAtNC45Mjc4LDYuNDQ4Yy0zLjQyNzcsMC4yMDggLTIuODAyNywtNi42NjMgLTIuNzg5LC0xMC42ODFjLTIuMzU5NCwyLjE0MiAtMi43NzQzLDguNzM3IC0xLjA0MSwxMi4xMjRjLTEuOTc1NCwwLjk3IC0yLjg1NzUsLTEuMDcgLTMuOTUzMiwtMS43ODljMS40MDgyLDEwLjIzIDE0Ljk2NDksNC43NDUgMTIuNzExLC02LjEwMiIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDExMCIgZD0ibTE3Mi41OCwxNjMuNTIxYy0zLjAzNCwtNS43NzUgLTcuMzI2LC0xMi4xMzUgLTE2LjIyOSwtMTIuMzJjLTAuMTgxLDEuODY1IC0wLjMyLDQuNzAzIDAuMDEsNS44MjZjNi44MDYsMC42NTQgMTEuMDA4LDQuMTE4IDE2LjIxOSw2LjQ5NCIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDExMiIgZD0ibTEyOS45MjY2LDE1OS43NzdjNS42Nzg0LC0yLjk4NiAxNi4xMTQ0LC0zLjMwNyAyMy44MzI0LC0zLjA4MWMwLjQxNCwtMS42OTEgMC40MDQsLTMuNzggMC40MiwtNS44NDJjLTkuOTIxLC0wLjQ5NSAtMjEuNjUxLDEuOTYgLTI0LjI1MjQsOC45MjMiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTQiIGQ9Im0xMjguODQ3MywxNTQuMjA5YzMuOTI2NywtOS44NTkgMTcuNDIyNywtOC43MjQgMjguODAzNywtOC40NTJjLTAuNTAxLC0xLjI4IC0xLjU4NywtMi43OTIgLTIuOTM3LC0zLjMzOWMtMy42NDcsLTEuNDg0IC0xMy43MDYsLTIuNjEgLTE4Ljc2OSwwLjA3OWMtMy4yMTEsMS43MDcgLTUuMjc0LDUuNTY0IC03LjAzMzMsNy44MjVjLTAuODQ5NiwxLjA5MiAtNS4wODAxLDMuODgxIC0wLjA2NDQsMy44ODciLz4KICAgIDxwYXRoIGZpbGw9IiM4MWIwYzQiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTYiIGQ9Im0xNjcuOTU2LDk5LjgyNjJjLTQuNjA4LC03Ljg5MjIgLTkuMDE3LC0xNS45OTgxIC0xNC40ODQsLTIyLjk1OTRjMi4yOTIsNi43MzkxIDMuMjczLDE4LjAxODQgMy42MTksMjYuNjE3MmM0Ljc5NSwyLjI0NCA4LjkwMSwtMC41MDUgMTAuODY1LC0zLjY1NzgiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMTgiIGQ9Im0xOTIuNzUyLDcxLjQ2MDljLTUuMTU5LC0xLjAzMjggLTguNzg0LC02LjA0NjggLTEzLjgxNywtNS43MjVjMi43NjYsMy44OTkzIDcuNjEzLDUuNTQzIDEzLjgxNyw1LjcyNSIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyMCIgZD0ibTE5NS4wMjgsNjMuMzg3MWMtNC4yMDUsLTAuNDQ0MSAtOS4xNDQsLTEuMTI1IC0xMy40MDksLTAuNzc0MmMyLjAxOSwzLjA4NCA5Ljc5OCwyLjAxOTkgMTMuNDA5LDAuNzc0MiIvPgogICAgPHBhdGggZmlsbD0iIzIzMWYyMCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyMiIgZD0ibTE5Ni40ODUsNTYuNDI2MmMtNC43MjYsLTAuMTAyNCAtMTAuNiwtMC4wMDgyIC0xNS4wOTIsMC4zNjg3YzIuNjU3LDIuODUzOSAxMi4wMjcsMS4wNTkgMTUuMDkyLC0wLjM2ODciLz4KICAgIDxwYXRoIGZpbGw9IiNkY2Q5ZDgiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMjQiIGQ9Im0xNTkuMDY0LDM3LjM3N2MwLjY3OCwtNS45MzUyIDMuMDMxLC0xMS45NDg5IDIuNzM2LC0xOC40NDg5Yy0yLjYxMywtMC44ODEyIC00LjExNCwtMS42NTE5IC03LjYxNSwtMS42NDcyYy0wLjI0Nyw1LjUyNDIgLTAuOTg2LDEzLjk2OTEgLTAuNzY1LDE5LjIzNTFjMS43MjIsLTAuMTE0IDQuMjYxLDEuMjMwMSA1LjY0NCwwLjg2MSIvPgogICAgPHBhdGggZmlsbD0iI2YwZDZiNyIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyNiIgZD0ibTE1MS40NDUsMTI0Ljg0OWMtMi4zNzMsLTEuNTQ5IC00LjM5NCwtMy40ODMgLTYuNjczLC01LjEzN2MtNS4wNTQsLTAuMjUgLTcuODEyLDAuMzUgLTExLjUyNSwzLjI1MmMwLjA2MSwwLjIzMyAwLjQzNCwwLjEyOSAwLjQ0OCwwLjQxNWM1LjQxLC0yLjQxMSAxMi4yODcsMC45ODIgMTcuNzUsMS40NyIvPgogICAgPHBhdGggZmlsbD0iIzgxYjBjNCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEyOCIgZD0ibTEyMy4wNDQ1LDg3Ljk3MTFjMS40ODY0LDYuNDQxIDcuMzEwNiw5Ljc3NjkgMTIuNTk5NSwxMy4zMjM5YzUuNDU5LC02LjkyODIgOC43NzksLTE1LjgzOCAxMi40MzUsLTI0LjQzNmMtOC42MzgsMi42MDM5IC0xNy40NjQsNi44Mjg5IC0yNS4wMzQ1LDExLjExMjEiLz4KICAgIDxwYXRoIGZpbGw9IiMyMzFmMjAiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMzAiIGQ9Im0xNTMuNDIsMzYuNTE2Yy0wLjIyMSwtNS4yNjYgMC41MTgsLTEzLjcxMDkgMC43NjUsLTE5LjIzNTFjMy41MDEsLTAuMDA0NyA1LjAwMiwwLjc2NiA3LjYxNSwxLjY0NzJjMC4yOTUsNi41IC0yLjA1OCwxMi41MTM3IC0yLjczNiwxOC40NDg5Yy0xLjM4MywwLjM2OTEgLTMuOTIyLC0wLjk3NSAtNS42NDQsLTAuODYxem0tNTQuNTE0MSwyOS45NDg4YzIuMzA4NiwtMjEuMjIzIDUuNjUyMywtMzkuMDYzNiAxMS43ODUxLC01Ny44NTY5OWMxMy42MTEzLC00LjEzMjgxIDMwLjAyLC00LjQ5Mjk3IDQyLjA1MSwtMC43NjM2N2MtMi4yMDksMTAuNjA3MDYgLTEuMjQ0LDIzLjUyMDY2IC0yLjUzNSwzNC44Mzk4NmMtMC45NzMsOC41MDc4IC0wLjQ3NywxNy4wNjggLTEuODExLDI1Ljc0OGMtMTQuNTc4LDMuMDMyOCAtMzUuMTgzNSwwLjcwOSAtNDkuNDkwMSwtMS45Njcyem01Mi45MzcxLDEuODM0Yy0wLjEyMywtOS4xMTQ4IDAuNDA4LC0xOC4xMDU4IDEuMTA0LC0yNy4yMzJjMy41LDAuNTI1NCA1Ljg3NSwwLjg3NjIgOS4xMjcsMS41ODkxYy0xLjA1Niw4Ljc4NTkgLTAuOTI2LDE4LjY3MjIgLTMuMDc3LDI2LjQ0NDFjLTIuNDg2LC0wLjAyMzggLTQuNjc1LDAuMDI4OSAtNy4xNTQsLTAuODAxMnptMTcuNzU1LDEuNDY5MmMtMS42NjEsMC4zODA4IC0zLjU5NSwwLjAxNDggLTUuMTgyLC0wLjAxNmMwLjc0NiwtNy40MzAxIDIuNTU2LC0xNS42MjkgMy4xOTMsLTIzLjQyODJjMi40OTcsLTAuMDc3NyAzLjgzMSwxLjEgNS44ODUsMS40OTYxYzAuMTEsNi44NDYxIC0wLjU5OCwxNi4yNzgxIC0zLjg5NiwyMS45NDgxem0yNi44ODQsLTI0LjU2MjljNS4yMDUsMS4yNjQgOC40NzgsNy42MzkgNy4wMjIsMTQuMTg1OWMtMC45NzcsNC40IC0yLjcxNywxMi42ODUyIC00LjU3OSwxNS41Yy0xLjM3NiwyLjA4MiAtNS4xMDcsNC44MDc4IC04LjA4NiwyLjljLTQuODQ2LC0zLjEwMzEgLTEzLjM4MywtNC4wMDM5IC0xNi45MTcsLTcuNzYwMWMxLjc3MiwtNS45IDIuMzIyLC0xNC4wMDM5IDMuMDUzLC0yMS40Nzk3YzYuMDU0LC0wLjM3NzQgMTMuNTAzLDEuNjY2IDE4LjUzOCwtMC41MDI0Yy0zLjUxNSwtMS4xMzg2IC04LjA3NiwtMS4xNDc2IC0xMS4xMTMsLTIuODA3YzIuNDgyLC0xLjE5ODggOC4yOTMsLTAuOTU2NiAxMi4wODIsLTAuMDM2N3ptLTQ4LjQwMywzMS42NTM5Yy0zLjY1Niw4LjU5OCAtNi45NzYsMTcuNTA3OCAtMTIuNDM1LDI0LjQzNmMtNS4yODg5LC0zLjU0NyAtMTEuMTEzMSwtNi44ODI5IC0xMi41OTk1LC0xMy4zMjM5YzcuNTcwNSwtNC4yODMyIDE2LjM5NjUsLTguNTA4MiAyNS4wMzQ1LC0xMS4xMTIxem05LjAxMiwyNi42MjVjLTAuMzQ2LC04LjU5ODggLTEuMzI3LC0xOS44NzgxIC0zLjYxOSwtMjYuNjE3MmM1LjQ2Nyw2Ljk2MTMgOS44NzYsMTUuMDY3MiAxNC40ODQsMjIuOTU5NGMtMS45NjQsMy4xNTI4IC02LjA3LDUuOTAxOCAtMTAuODY1LDMuNjU3OHptLTEwLjIxNiwzLjYzYy0yLjA3MSwwLjIyMyAtMy44MjksLTIuMzgxIC02LjUyMiwtMS4yNTVjLTAuNjE3LC0wLjY4MiAtMS4xNzgsLTEuNDIxIC0xLjgwNywtMi4wODdjNS45NDgsLTcuMTY4MSA4LjY1MSwtMTcuMzM4IDEzLjI0NSwtMjUuNzYxOGMyLjQ2NSw4LjA5MTggMi4xODEsMTYuOTU3IDIuNzI0LDI1Ljc4ODhjLTMuMzg3LC0wLjIxNSAtNS4yNjYsMy4wNjMgLTcuNjQsMy4zMTV6bS02LjU2OSw4LjY3Yy0wLjIyMSwtMi40NTUgMC4zNSwtMy4yNTggMC44NDQsLTYuMDcyYzguMDcsLTIuNTIzIDYuNjYxLDExLjA3NiAtMC44NDQsNi4wNzJ6bS04Ljk0OSwyLjkzOGMtMy40NzczLDEuOSAtOC43MDExLDMuOTY5IC0xMy4xOTI1LDQuODI2Yy01LjU2NzIsMS4wNjUgLTUuMDQ1NywtNy41OTQgLTQuODA5NCwtMTIuNzZjMC4xODU1LC00LjA5IDIuMzEyNSwtOC40MTUgMy4yMzYzLC0xMS4xMzIxYzAuNDMzNiwtMS4yNjg4IDAuNTMxMywtMi42MTQ5IDEuNjE2LC0yLjg2NjhjMS45MTcyLC0wLjQ0NjkgOC4yNDE0LDIuMDgyIDEwLjA0MzQsMy4wNjQ4YzMuODExMiwyLjA3ODEgNi43NjgyLDUuMzc4MSAxMC4wMDUyLDcuNTk0MWMwLjA0MiwxLjA3OCAwLjA4MywyLjE1NSAwLjEyNiwzLjIzM2MtMS45NDYsMC45NyAtNC4xOTUsMS42NTggLTcuMDUyLDEuNzgzYzEuOTM4LDAuOTc1IDQuNzg5LDAuOTYxIDYuNTU1LDIuMTIxYzAuMDE3LDAuNDMyIDAuMDM1LDAuODYzIDAuMDUsMS4yOTFjLTMuMjI0LDAuMjQ4IC00LjQ1MywxLjY4NCAtNi41NzgsMi44NDZ6bS0zMy4yMTM2LDYuMDMzYy0yLjg4NiwtMi45MyA4LjA5NDUsLTYuOTI0IDExLjU5MDYsLTcuMTM5Yy0wLjAxOTUsMS44NTQgMS4wNTY2LDMuNjAyIDAuODM5OCw0LjkzMmMtNC4xNTIzLDAuNzI5IC05LjYwOTMsMC4yNDggLTEyLjQzMDQsMi4yMDd6bTM1LjU1MTYsLTEuMzc2Yy0wLjAxNCwtMC4yODYgLTAuMzg3LC0wLjE4MiAtMC40NDgsLTAuNDE1YzMuNzEzLC0yLjkwMiA2LjQ3MSwtMy41MDIgMTEuNTI1LC0zLjI1MmMyLjI3OSwxLjY1NCA0LjMsMy41ODggNi42NzMsNS4xMzdjLTUuNDYzLC0wLjQ4OCAtMTIuMzQsLTMuODgxIC0xNy43NSwtMS40N3ptMzIuNjMyLC05Ljg5NWMtMC4xNTYsMy4yNTUgLTEuMDExLDkuOTQ5IC0zLjAyMywxMS4xMjFjLTQuMjIzLDIuNDY1IC0xMS43MywtNC45NzcgLTE0LjkxLC02LjExMmMwLjM0NiwtMC45OTYgMC45MTcsLTEuNzg1IDAuOTYxLC0zLjA1OGMxLjg4MSwwLjQ2MyA0LjE3MSwwLjE0NiA1LjgwMSwtMC42NTVjLTEuODg1LC0wLjIxMSAtMy45NzUsLTAuMTk3IC01LjIyMiwtMS4wOTVjLTAuNDU3LC0xLjMyMSAwLjExMiwtMy4xMjEgLTAuMTkyLC00Ljk1NWM0LjQ3NCwtMS4yNjIgOS41ODQsLTEuOTM0IDE1LjI0LC0yLjFjMS4xLDEuNDMgMS40NzUsNC4xNTQgMS4zNDUsNi44NTR6bS03My4wNDIyLDguNDM3Yy0wLjkwNjMsMC42NDYgLTcuMDM3MSw4LjYyMyAtNy44NzcsOC4yOTJjLTExLjA5MzcsLTQuMzc1IC0yMS40NjY4LC0xMS45NCAtMzAuNzM2MywtMTkuMDk1YzguODM3OSwtMTguOTY0MSAxMi40MDU1LC00Mi4xOTgxIDEzLjAzNTksLTY0LjU5MThjMTAuMTI0MiwtNC43MzUyIDE5LjAxNjgsLTExLjU2MTQgMzIuNzU1MSwtMTIuMjc0MmMtMS41ODk4LDExLjI0OCAtMy4wNDEsMjEuMjgzMiAtMy45NDM0LDMxLjg3M2MtMy40NTE5LDEuNDU1MSAtOC40MDQzLC0wLjA2NiAtMTEuNjM0NywwLjQ1MTJjLTAuMDI3NCwzLjg5MjkgNC45MzM2LDEuNzA0NyA1LjM0NjgsNC4zMjI2YzAuMzExNCwxLjk4MDEgLTIuNzI5NiwyLjEzMDEgLTEuNzM5NCw1LjI0ODFjMi41MjU0LC0wLjkxOCAzLjg1MTYsLTIuOTQ1NyA2LjU0NDksLTMuNzA3MWMyLjQ2MSw1LjM4NCAtMC4wMzQ0LDE0LjkxMDIgMC4zMjAzLDE5LjQxMDJjMC4wNjcyLDAuODQ0OSAwLjQyMTksNC42ODA5IDIuMzE0NSw0LjAwNzhjMS42NzUsLTAuNTk1NyAtMC4wOTU3LC0xMC4yMDE5IDAuMDg3OSwtMTQuNDYwOWMwLjE2NzIsLTMuOTIzOSAtMC40NzM5LC03LjcyMDcgMS4xMTUyLC0xMC4xODRjMTMuMjc1NCwxLjgwNyAyNi43NjU2LDIuOTc1IDQxLjEyOTQsMy4zNjkxYy0zLjE2LDEuMzU1OSAtNi45MTQsMi42MzkxIC0xMS4wMjk4LDQuOTU5Yy0yLjIzMTIsMS4yNTc4IC05LjI2NDQsMy44NzUgLTkuOTA4Miw1Ljk5NDJjLTEuMDI3MywzLjM3NjkgMi42OTUzLDUuMTc1NyAzLjMzMiw4LjA3MDdjLTYuNzAxMSwtMy42NTQ3IC04LjAwODUsMy41MDMxIC05LjU5MzcsOC41NzQxYy0xLjQzNjMsNC41OTMgLTIuMjUzOSw4LjAyNCAtMi42MDYzLDEwLjY3M2MtNS43NzI2LDIuNzUyIC0xMS45NDQ1LDUuNTM5IC0xNi45MTMyLDkuMDY4em02Ny4xNzkyLDcuMzI3YzkuMjQzLDQuNDgyIDEwLjkwOSwtMTYuNzUxIDcuMjg2LC0yMy41OTFjMC41NiwtMi4wNCAyLjQ4NiwtMi44MjEgMy4yNzIsLTQuNjU1Yy01LjE1OCwtOS4yMzk5IC0xMC44ODcsLTE3Ljg2NDkgLTE2LjE1LC0yNi45OTYxYzMuOTE1LDIuNDM3MSA5LjUwNywwLjQzNTkgMTQuMTE0LDIuMjYwMWMxLjY4NCwwLjY2NiAyLjkwMyw0LjUyMTEgNC4xNzgsNy42MDUxYzMuNTA3LDguNDg0OCA3LjE4OSwxOS4xODE5IDguODI3LDI3LjI3ODljMC4zNywxLjg0NSAxLjM3OCw1Ljg2NSAxLjE1Miw3LjUwN2MtMC40MDMsMi45NCAtNC4zOTIsNS4xMiAtNi40MjEsNi45MzhjLTMuNzM4LDMuMzU4IC02LjA5Miw2LjMxMyAtOS45OTEsOS40NTNjLTEuNTgxLC0yLjMzNCAtNC45NzQsLTMuOTAyIC02LjI2NywtNS44em0tODguMzE3OSw4MS45NjhjLTQuNDA0MywtNC44NDYgLTMuNDgyNCwtMTMuOTI2IC0yLjk0OTIsLTIwLjM4NmM3Ljk2MDksNS4wMDggMTguNTI3MywtMC4zOTYgMTguNDI3NywtOC45MTRjMy44MDA4LDAuMTAxIDEuNDE5OSw0Ljc0NyAwLjczMjQsNy43NGMtMi4yNDY4LDkuNzc2IDMuNzg1MiwyMC4zOTcgMC4yNzM1LDI5LjMzN2MtNi44MTg0LC0wLjUxNyAtMTIuNDIsLTMuMzAyIC0xNi40ODQ0LC03Ljc3N3ptMzEuNTEzNywyOC4xMjZjLTkuOTcwNywtMi44MjYgLTIyLjc0OTMsLTEwLjA3MSAtMjYuODQ2NSwtMTkuMDI4YzMuMTcyNiwwLjQ2MSA1LjM3NSwyLjA2MSA4LjUwNDcsMi4yNTljMS4xODI4LDAuMDc3IDIuNzMyNCwtMC40OTYgNC4wOTE4LC0wLjE1OGMyLjcwOSwwLjY3MiA0Ljk5NTMsNi43NDYgNy4wMzksOS4wMDZjMS45OTIyLDIuMjA3IDQuMzg2NywzLjE1IDYuMDI1NCw1LjE2MmMxLjA1MjgsMC41MDggMi42MDk0LDAuNDczIDIuNjY5MiwyLjA1NGMtMC40NTYzLDAuNDg4IC0wLjkzNjgsMC44NiAtMS40ODM2LDAuNzA1em01MS45MDMyLC0yLjY1OGMtMTAuMzQ5LDUuODM5IC0yNy44NjYxLDEwLjIzMSAtMzguODc0Nyw0Ljc0M2MtOC44ODI4LC00LjQyOSAtMjAuODg5OSwtMTEuNzU3IC0yNC45ODM2LC0yMS4wNDNjMy44MjQyLC04Ljk2MSAtMS4xMzI4LC0xNy4xNzIgLTEuNDQ5MiwtMjYuMjdjLTAuMTY4LC00Ljg0MSAyLjI3OTMsLTkuMDY3IDIuNDY2OCwtMTQuMzM3Yy0xLjMwODYsLTIuMTU5IC01LjMwNjcsLTIuNDI1IC04LjA3NDMsLTIuMjc3Yy0wLjkzMTYsNC42NjIgLTIuNTYyNSw5LjkwMiAtNy4zNjMyLDEwLjQyOGMtNi43OTMsMC43NDMgLTExLjc1OTgsLTQuODc5IC0xMi4wNjg0LC0xMC43NTRjLTAuMzY1MiwtNi45MDkgNS4zMDY2LC0xOC4zNiAxMy4zNDU3LC0xNy41NjVjMy4xMDU1LDAuMzA3IDMuODY4NCwzLjQyIDcuMjUyLDMuMzg4YzEuODMzOSwtMy42NTkgLTIuODI4OSwtNC44MDggLTMuMzA4NiwtNy40MjVjLTAuMTI1LC0wLjY3NiAwLjM4NjcsLTMuMzE4IDAuNjg0MywtNC41NTdjMS40NjAyLC02LjAzMyA0LjcxNTMsLTEzLjg0MSA3LjkxOTIsLTE4LjQzNGM0LjA2NjQsLTUuODI2IDEyLjA1NTUsLTYuNzA0IDIwLjY1MDQsLTcuMjc1YzEuNTM1MSwzLjMwNyA3LjE5MDIsMy4wMzUgMTAuODc1LDIuMTdjLTQuNDE2LDEuNzQ5IC04LjUyMTUsNS45ODkgLTExLjkyMzksOS43NDJjLTMuOTA4Miw0LjMwNiAtNy44NjcxLDguOTI1IC04LjA2NzEsMTQuNTUzYzcuMzg1NSwtMTAuMjQ2IDEzLjQ4NzEsLTE5LjE5NCAyNi45MTY4LC0yMy43MDFjMTAuMTYxOCwtMy40MDggMjIuMDI5OCwxLjU2MiAyOS44Mzc4LDcuMDQ1YzMuMjQsMi4yNzkgNS4xNzQsNS44OTUgNy40NzcsOS4yMDVjOC42MTcsMTIuMzk1IDEyLjYzOCwzMC4wODcgMTEuNzU0LDQ3LjIzNWMtMC4zNjQsNy4wNzIgLTAuMzQ4LDE0LjEyIC0yLjcyMSwxOC44NzhjLTIuNDgsNC45NzUgLTEwLjg2OCw5LjQyNiAtMTUuNzc4LDQuOTI2Yy0wLjkxLDQuODM4IDQuMDgzLDcuODMgOS45NDgsNi4wODljLTQuMTgyLDUuMzk3IC04LjU3MSwxMS44ODIgLTE0LjUxNSwxNS4yMzZ6bTE5LjI4MSwtMTU5LjU2NzJjOC4wODcsNC4wMjAzIDIzLjE5NywxMC44MjExIDI4LjI2NywtMC4wMTQ4YzEuODcxLC0zLjk5NDIgNC4wNjYsLTEwLjc0NjEgNS4wMzUsLTE0Ljg2OTJjMS4zNjksLTUuODE2OCAtMS40ODQsLTE4LjA0MyAtNy40NjMsLTE5Ljk5NDljLTUuMjgxLC0xLjcyMzggLTExLjQ0MywtMS42MTg4IC0xNy44MDQsLTAuMzQxYy0wLjc0OSwwLjYyMyAtMS41ODMsMS43MDkgLTIuMTY2LDIuODQxYy00LjU0MiwwLjE3NjIgLTguNzk1LC0wLjI0MzggLTEyLjM4MywtMi4xMTA5YzAuMzQsLTMuMzU5IC0xLjkzMiwtMy44OTgxIC00LjA2MiwtNC41ODk5Yy0xLjU3OSwtNi4yNjA5IDMuMTU5LC0xNC40MzcxIDIuMDI1LC0yMC4xNDYxYy0wLjgwOSwtNC4wNjcyIC01LjgxMywtNC42OTYxIC05LjQ5MSwtNS40NTdjLTAuMTIsLTIuMjYwMiAwLjE2MSwtNC4xNDY4OSAwLjQxMiwtNi4wNTljLTAuODQxLC0zLjA5ODgzIC00LjYxMywtNC44NjI4OSAtOC4xODcsLTUuMjk0OTJjLTExLjc1OSwtMS40MTQwNiAtMjkuNjEzMywtMi4wNDkyMiAtNDAuOTIzOSwyLjAxNzk3Yy0zLjE1NjIsNy43NDE3NSAtNS42NDI2LDE3LjE1Nzg1IC04LjI3MTUsMjUuOTk4MDVjLTExLjAzMTIsLTEuMTc4MSAtMTkuOTUzMSw0Ljc1OTggLTI4LjM2NCw4LjY1Yy0yLjkxMjEsMS4zNSAtNi45NDA2LDIuMDkzNyAtOC4wMjg1LDQuNDExN2MtMS4wNTQ3LDIuMjQ0MiAtMC42MjMxLDYuNTQ1MyAtMC44ODQ4LDEwLjYwODJjLTAuNjY2LDEwLjM3NyAtMS4yMzYzLDIwLjM4NiAtMy45NzY2LDMxLjAxMWMtMS4yMzA0LDQuNzY3OSAtMy4zNzUsOC45NzUgLTQuODcxMSwxMy41NjkxYy0xLjM4MjgsNC4yNTc5IC0zLjc5ODgsOS41MTk5IC00LjQyODksMTMuNzY1OWMtMC45MzQzLDYuMjkzIDQuOTkxNCw2LjY0MyA4Ljc4MDUsOS4zN2M1Ljg1NzQsNC4yMTcgMTAuNDU1MSw2LjU0OSAxNi43OTg4LDEwLjM1NWMxLjg3ODksMS4xMjcgNy41NDUsMy45OCA4LjE4OTUsNS4yOTRjMS4yODEyLDIuNjA1IC0yLjE5OTIsNi4yNzggLTMuMTI5Nyw4LjMyYy0xLjQ3MTksMy4yMjkgLTIuMjM5NSw1Ljk3MiAtMi40NTA0LDkuMTU4Yy01LjMyMTUsMC44NDEgLTkuMzU1NSw0LjAwOCAtMTEuNzkyMiw3LjU3OWMtNC4wMzA4LDUuOTEgLTYuODI2MiwxNi44NDQgLTMuMzM4NywyNS4xNjFjMC4yNzM1LDAuNjU1IDEuNjM3NSwxLjk0MyAxLjgzODcsMi45NDljMC4zOTY5LDEuOTgxIC0wLjc0NjksNC42MTUgLTAuODE4LDYuNzIyYy0wLjM2NjQsMTAuODEgMS44MjksMjAuMTI0IDkuMTA2MywyMy4zODRjMi45NTQzLDExLjc2OSAxMy41MjgxLDE1LjY4MiAyMy40OTAyLDIxLjUzMWMzLjcyMzksMi4xODYgNy44Mjg5LDMuNTgzIDEyLjA2ODQsNS4xNDNjMTUuMjA4Miw1LjU5NyAzOC41NDE5LDQuNTQzIDUxLjE2MzksLTUuMDAzYzUuMzUyLC00LjA0OCAxMy45MDcsLTEyLjU5NSAxNi45NjcsLTE4Ljc4M2M4LjA4MiwtMTYuMzM3IDcuNTA4LC00My42NCAxLjg1NSwtNjMuNTEzYy0wLjc2LC0yLjY2OCAtMS44NjIsLTYuNTkgLTMuNDAxLC05Ljc5NWMtMS4wNzMsLTIuMjM4IC00LjQwOCwtNi43MTYgLTQuMDAzLC04LjY5MmMwLjQxNywtMi4wNDMgNy42MDQsLTcuNSA5LjE0NSwtOC45ODZjMi43NzUsLTIuNjc3IDguMDQ3LC02LjIzIDguNDc0LC05LjYwOGMwLjQ1OSwtMy41OTUgLTEuNTg0LC04LjUxMyAtMi42MTksLTExLjk4MmMtMy40NiwtMTEuNTc2OSAtNi44MzYsLTIyLjI3ODEgLTEwLjc1OSwtMzIuNTk5MiIvPgogICAgPHBhdGggZmlsbD0iI2Y3ZTRjZCIgZmlsbC1ydWxlPSJldmVub2RkIiBpZD0icGF0aDEzMiIgZD0ibTEyMC44OTEsMTU3LjI1NWMwLjQzODcsMC41ODQgMi44NTA4LDEuNDcxIDYuMjI1OCwtMC4xNTRjMCwwIC00LC0wLjY2NyAtMy42NjcyLC03LjMzNmwtMS42NjY4LDAuMzM0YzAsMCAtMS43MjI2LDYuMDQ3IC0wLjg5MTgsNy4xNTYiLz4KICAgIDxwYXRoIGZpbGw9IiMxZDE5MTkiIGZpbGwtcnVsZT0iZXZlbm9kZCIgaWQ9InBhdGgxMzQiIGQ9Im0xNTAuMTE3LDk5LjkzNGMwLC0xLjAxMjEgLTAuODIxLC0xLjgzMjggLTEuODM0LC0xLjgzMjhjLTEuMDEyLDAgLTEuODMzLDAuODIwNyAtMS44MzMsMS44MzI4YzAsMS4wMTIgMC44MjEsMS44MzQgMS44MzMsMS44MzRjMS4wMTMsMCAxLjgzNCwtMC44MjIgMS44MzQsLTEuODM0Ii8+CiAgICA8cGF0aCBmaWxsPSIjMWQxOTE5IiBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGlkPSJwYXRoMTM2IiBkPSJtMTUxLjk1LDkxLjQzNGMwLC0xLjAxMjEgLTAuODIxLC0xLjgzMjggLTEuODM0LC0xLjgzMjhjLTEuMDEyLDAgLTEuODMzLDAuODIwNyAtMS44MzMsMS44MzI4YzAsMS4wMTIxIDAuODIxLDEuODM0IDEuODMzLDEuODM0YzEuMDEzLDAgMS44MzQsLTAuODIxOSAxLjgzNCwtMS44MzQiLz4KICAgPC9nPgogIDwvZz4KIDwvZz4KPC9zdmc+ -keywords: -- ci/cd -- pipeline -- jenkins diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/NOTES.txt b/charts/redhat/redhat/jenkins/0.0.3/src/templates/NOTES.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/_helpers.tpl b/charts/redhat/redhat/jenkins/0.0.3/src/templates/_helpers.tpl deleted file mode 100644 index 8a087c57fb..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "openshift-jenkins.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "openshift-jenkins.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "openshift-jenkins.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "openshift-jenkins.labels" -}} -helm.sh/chart: {{ include "openshift-jenkins.chart" . }} -{{ include "openshift-jenkins.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "openshift-jenkins.selectorLabels" -}} -app.kubernetes.io/name: {{ include "openshift-jenkins.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "openshift-jenkins.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "openshift-jenkins.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/configmap-trusted-ca-bundle.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/configmap-trusted-ca-bundle.yaml deleted file mode 100644 index 8464ea3603..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/configmap-trusted-ca-bundle.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - config.openshift.io/inject-trusted-cabundle: "true" - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/deploymentconfig.yaml deleted file mode 100644 index d7a4e4da8a..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - replicas: 1 - selector: - {{ include "openshift-jenkins.selectorLabels" . | nindent 4}} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 8 }} - spec: - containers: - - env: - - name: OPENSHIFT_ENABLE_OAUTH - value: "true" - - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT - value: "true" - - name: DISABLE_ADMINISTRATIVE_MONITORS - value: "false" - - name: KUBERNETES_MASTER - value: https://kubernetes.default:443 - - name: KUBERNETES_TRUST_CERTIFICATES - value: "true" - - name: JENKINS_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }} - - name: JNLP_SERVICE_NAME - value: {{ include "openshift-jenkins.fullname" . }}-jnlp - - name: ENABLE_FATAL_ERROR_LOG_FILE - value: "false" - - name: JENKINS_UC_INSECURE - value: "false" - - name: CASC_JENKINS_CONFIG - value: /var/lib/jenkins/proxy.yaml - image: "" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 2 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 420 - periodSeconds: 360 - successThreshold: 1 - timeoutSeconds: 240 - name: jenkins - readinessProbe: - failureThreshold: 3 - httpGet: - path: /login - port: 8080 - scheme: HTTP - initialDelaySeconds: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 240 - resources: - limits: - memory: 1Gi - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /var/lib/jenkins - name: jenkins-data - - mountPath: /etc/pki/ca-trust/source/anchors - name: jenkins-trusted-ca-bundle - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: jenkins - serviceAccountName: jenkins - terminationGracePeriodSeconds: 30 - volumes: - - name: jenkins-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "openshift-jenkins.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - configMap: - defaultMode: 420 - name: {{ include "openshift-jenkins.fullname" . }}-trusted-ca-bundle - optional: true - name: jenkins-trusted-ca-bundle - triggers: - - imageChangeParams: - automatic: true - containerNames: - - jenkins - from: - kind: ImageStreamTag - name: jenkins:2 - namespace: openshift - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index 45edd915c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end -}} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/rolebinding.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/rolebinding.yaml deleted file mode 100644 index d9ff0ccc27..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }}-edit -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: edit -subjects: -- kind: ServiceAccount - name: {{ include "openshift-jenkins.serviceAccountName" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/route.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/route.yaml deleted file mode 100644 index 72aebd92c3..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/route.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - annotations: - haproxy.router.openshift.io/timeout: 4m - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - name: {{ include "openshift-jenkins.fullname" . }} -spec: - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: {{ include "openshift-jenkins.fullname" . }} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/service-jnlp.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/service-jnlp.yaml deleted file mode 100644 index fc041abc59..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/service-jnlp.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }}-jnlp - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.servicejnlp.type }} - ports: - - port: {{ .Values.servicejnlp.port }} - targetPort: {{ .Values.servicejnlp.targetPort }} - protocol: TCP - name: {{ .Values.servicejnlp.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/service.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/service.yaml deleted file mode 100644 index a14452125f..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "openshift-jenkins.fullname" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - {{- include "openshift-jenkins.selectorLabels" . | nindent 4 }} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/serviceaccount.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/serviceaccount.yaml deleted file mode 100644 index 4d6bcbad64..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "openshift-jenkins.serviceAccountName" . }} - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.jenkins: "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"{{ include "openshift-jenkins.fullname" . }}\"}}" diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/templates/tests/test-connection.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/templates/tests/test-connection.yaml deleted file mode 100644 index 30a3fee7cd..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "openshift-jenkins.fullname" . }}-test-connection" - labels: - {{- include "openshift-jenkins.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "openshift-jenkins.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/values.schema.json b/charts/redhat/redhat/jenkins/0.0.3/src/values.schema.json deleted file mode 100644 index f5cc069d3e..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/values.schema.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "fullnameOverride": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string", - "pattern": "^(Always|Never|IfNotPresent)$" - }, - "tag": { - "type": "string" - } - } - }, - "imagePullSecrets": { - "type": "array" - }, - "nameOverride": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "persistence": { - "type": "object", - "properties": { - "accessModes": { - "type": "array", - "items": { - "type": "string" - } - }, - "annotations": { - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "storageClass": { - "type": "null" - } - } - }, - "replicaCount": { - "type": "integer" - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 512, - "sliderMax": 8000, - "sliderUnit": "m" - } - } - } - } - }, - "service": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - }, - "servicejnlp": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "targetPort": { - "type": "integer" - }, - "type": { - "type": "string" - } - } - } - } -} diff --git a/charts/redhat/redhat/jenkins/0.0.3/src/values.yaml b/charts/redhat/redhat/jenkins/0.0.3/src/values.yaml deleted file mode 100644 index 9a764985a8..0000000000 --- a/charts/redhat/redhat/jenkins/0.0.3/src/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Default values for openshift-jenkins. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "jenkins" -fullnameOverride: "jenkins" - -serviceAccount: - name: "jenkins" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - name: web - -servicejnlp: - type: ClusterIP - port: 50000 - targetPort: 50000 - name: agent - -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - enabled: false - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: - ## @param persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 8Gi - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi \ No newline at end of file diff --git a/charts/redhat/redhat/jenkins/OWNERS b/charts/redhat/redhat/jenkins/OWNERS deleted file mode 100644 index 814e8ffdd1..0000000000 --- a/charts/redhat/redhat/jenkins/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -chart: - name: jenkins - shortDescription: This is the Red Hat Openshift Jenkins chart -publicPgpKey: null -users: -- githubUsername: coreydaley -- githubUsername: jkhelil -- githubUsername: divyansh42 -- githubUsername: apoorvajagtap -- githubUsername: mbharatk -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 6f1bbf6964..0000000000 --- a/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Provides a Red Hat MariaDB database. - For more information about using this database image, including OpenShift considerations, - see https://github.com/sclorg/mariadb-container/blob/master/README.md. -annotations: - charts.openshift.io/name: Red Hat MariaDB database service imagestreams (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: mariadb-imagestreams -tags: database,mariadb -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index b5d79b50f9..0000000000 --- a/charts/redhat/redhat/mariadb-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,124 +0,0 @@ -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: mariadb - annotations: - openshift.io/display-name: MariaDB -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: MariaDB (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB database on RHEL. For more information about using - this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.5/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of MariaDB available on OpenShift, - including major version updates. - iconClass: icon-mariadb - tags: 'database,mariadb' - from: - kind: ImageStreamTag - name: 10.5-el8 - referencePolicy: - type: Local - - name: 10.3-el8 - annotations: - openshift.io/display-name: MariaDB 10.3 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.3 database on RHEL 8. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.3/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb' - version: '10.3' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/mariadb-103:latest' - referencePolicy: - type: Local - - name: 10.3-el7 - annotations: - openshift.io/display-name: MariaDB 10.3 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.3 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.3/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb' - version: '10.3' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/mariadb-103-rhel7:latest' - referencePolicy: - type: Local - - name: '10.3' - annotations: - openshift.io/display-name: MariaDB 10.3 - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.3 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.3/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb,hidden' - version: '10.3' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/mariadb-103-rhel7:latest' - referencePolicy: - type: Local - - name: 10.5-el7 - annotations: - openshift.io/display-name: MariaDB 10.5 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.5 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.5/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb' - version: '10.5' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/mariadb-105-rhel7:latest' - referencePolicy: - type: Local - - name: 10.5-el8 - annotations: - openshift.io/display-name: MariaDB 10.5 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.5 database on RHEL 8. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.5/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb' - version: '10.5' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/mariadb-105:latest' - referencePolicy: - type: Local - - name: 10.5-el9 - annotations: - openshift.io/display-name: MariaDB 10.5 (RHEL 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MariaDB 10.5 database on RHEL 9. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mariadb-container/tree/master/10.5/README.md. - iconClass: icon-mariadb - tags: 'database,mariadb' - version: '10.5' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel9/mariadb-105:latest' - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/mariadb-imagestreams/OWNERS b/charts/redhat/redhat/mariadb-imagestreams/OWNERS deleted file mode 100644 index 260607323c..0000000000 --- a/charts/redhat/redhat/mariadb-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mariadb-imagestreams - description: This is the Red Hat MariaDB imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/Chart.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/Chart.yaml deleted file mode 100644 index a1db3f9886..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.3/root/usr/share/container-scripts/mysql/README.md. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -name: mariadb-persistent -tags: database,mariadb -version: 0.0.1 -annotations: - charts.openshift.io/name: Red Hat MariaDB database service, with persistent storage (experimental). -apiVersion: v2 -appVersion: 0.0.1 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/README.md b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/README.md deleted file mode 100644 index 0194e3cb60..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# MariaDB helm chart - -A Helm chart for building and deploying a [MariaDB](https://github/sclorg/mariadb-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `database_service_name` | The name of the OpenShift Service exposed for the database. | `mariadb` | - | -| `mysql_user` | Username for MariaDB user that will be used for accessing the database. | - | Expresion like: `user[A-Z0-9]{3}` | -| `mysql_root_password` | Password for the MariaDB root user. | | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_database` | Name of the MariaDB database accessed. | `sampledb` | | -| `mysql_password` | Password for the MariaDB connection user. | | Expression like: `[a-zA-Z0-9]{16}` | -| `mariadb_version` | Version of MariaDB image to be used (10.3-el7, 10.3-el8, or latest). | `10.3-el8` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `openshift` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `volume_capacity` | Volume space available for data, e.g. 512Mi, 2Gi. | `1Gi` | | diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index 979d30cde5..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - app.openshift.io/runtime: mariadb - template: mariadb-persistent-template - name: {{ .Values.database_service_name }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: database-root-password - name: {{ .Values.database_service_name }} - - name: MYSQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "mariadb:{{ .Values.mariadb_version }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 30 - timeoutSeconds: 1 - name: mariadb - ports: - - containerPort: 3306 - readinessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - volumeMounts: - - mountPath: /var/lib/mysql/data - name: {{ .Values.database_service_name }}-data - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - mariadb - from: - kind: ImageStreamTag - name: mariadb:{{ .Values.mariadb_version }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index fba72619c3..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.openshift.io/runtime: mariadb - template: mariadb-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/secret.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/secret.yaml deleted file mode 100644 index 8ae14d904f..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: ".data['database-name']}" - template.openshift.io/expose-password: "{.data['database-password']}" - template.openshift.io/expose-root_password: "{.data['database-root-password']}" - template.openshift.io/expose-username: "{.data['database-user']}" - labels: - app.openshift.io/runtime: mariadb - template: mariadb-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.mysql_database }} - database-password: {{ .Values.mysql_password }} - database-root-password: {{ .Values.mysql_root_password }} - database-user: {{ .Values.mysql_user }} diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/service.yaml deleted file mode 100644 index 717cd1168c..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mariadb")].port} - labels: - app.openshift.io/runtime: mariadb - template: mariadb-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: mariadb - port: 3306 - selector: - name: {{ .Values.database_service_name }} diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/tests/test-mariadb-connection.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/tests/test-mariadb-connection.yaml deleted file mode 100644 index 87abe997a7..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/templates/tests/test-mariadb-connection.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "mariadb-connection-test" - image: "registry.redhat.io/rhel8/mariadb-105:latest" - imagePullPolicy: IfNotPresent - env: - - name: MARIADB_USER - value: "{{ .Values.mysql_user }}" - - name: MARIADB_PASSWORD - value: "{{ .Values.mysql_password }}" - - name: MARIADB_DATABASE - value: "{{ .Values.mysql_database }}" - command: - - /bin/bash - - -ec - - "echo \"SELECT 42 as testval\\g\" | mysql --connect-timeout=15 -h {{ .Values.database_service_name }} $MARIADB_DATABASE -u$MARIADB_USER -p$MARIADB_PASSWORD" - restartPolicy: Never diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.schema.json b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.schema.json deleted file mode 100644 index 65abd8f5fe..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.schema.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "mysql_database": { - "type": "string" - }, - "mysql_password": { - "type": "string" - }, - "mysql_root_password": { - "type": "string" - }, - "mysql_user": { - "type": "string" - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "mariadb_version": { - "type": "string", - "description": "Specify mariadb imagestream tag", - "enum": [ "latest", "10.5-el9", "10.3-el8", "10.5-el8", "10.3-el7", "10.3", "10.5-el7" ] - } - } -} - diff --git a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.yaml b/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.yaml deleted file mode 100644 index 5fcdee1d25..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/0.0.1/src/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -database_service_name: mariadb -mariadb_version: 10.3-el8 -memory_limit: 512Mi -mysql_database: testdb -mysql_password: testu -mysql_root_password: testur -mysql_user: testu -namespace: openshift -volume_capacity: 1Gi diff --git a/charts/redhat/redhat/mariadb-persistent/OWNERS b/charts/redhat/redhat/mariadb-persistent/OWNERS deleted file mode 100644 index ce1f8c1f43..0000000000 --- a/charts/redhat/redhat/mariadb-persistent/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mariadb-persistent - description: This is the Red Hat MariaDB persistent storage -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mongo-sed/1.0.0/mongo-sed-1.0.0.tgz b/charts/redhat/redhat/mongo-sed/1.0.0/mongo-sed-1.0.0.tgz deleted file mode 100644 index 5bbab4561f..0000000000 Binary files a/charts/redhat/redhat/mongo-sed/1.0.0/mongo-sed-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/mongo-sed/1.0.0/report.yaml b/charts/redhat/redhat/mongo-sed/1.0.0/report.yaml deleted file mode 100644 index 512a4a423c..0000000000 --- a/charts/redhat/redhat/mongo-sed/1.0.0/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /.kube/mongo-sed-1.0.0.tgz - digests: - chart: sha256:0c58aaebf6f6fed25017c33d1a073febbb448d3cb561e3dfc6611a3b2a016cfd - package: 3fcd1efd82f984ad24b27d32c6349bff57e5ec1861380d2c05e6461485597f64 - lastCertifiedTimestamp: "2022-03-15T11:59:46.057866+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.7' - chart: - name: mongo-sed - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart for MongoDB Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: MongoDB Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : quay.io/opencloudio/ibm-mongodb@sha256:d8af61f68bce9ce744dd0b6b1734ba9a6cd4d85cd28baa5798b7470256be6dce' - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist \ No newline at end of file diff --git a/charts/redhat/redhat/mongo-sed/OWNERS b/charts/redhat/redhat/mongo-sed/OWNERS deleted file mode 100644 index 3179eefede..0000000000 --- a/charts/redhat/redhat/mongo-sed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mongo-sed - shortDescription: MongoDB Service Endpoint Definition -publicPgpKey: null -users: -- githubUsername: fbm3307 -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 894b0e7795..0000000000 --- a/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Provides a MySQL 8.0 database. - For more information about using this database image, including OpenShift considerations, - see https://github.com/sclorg/mysql-container/blob/master/README.md. -annotations: - charts.openshift.io/name: Red Hat MySQL database service imagestreams (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: mysql-imagestreams -tags: database,mysql -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index 86103578b0..0000000000 --- a/charts/redhat/redhat/mysql-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,92 +0,0 @@ -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: mysql - annotations: - openshift.io/display-name: MySQL -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: MySQL (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MySQL database on RHEL. For more information about using - this database image, including OpenShift considerations, see - https://github.com/sclorg/mysql-container/blob/master/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of MySQL available on OpenShift, - including major version updates. - iconClass: icon-mysql-database - tags: mysql - from: - kind: ImageStreamTag - name: 8.0-el8 - referencePolicy: - type: Local - - name: 8.0-el9 - annotations: - openshift.io/display-name: MySQL 8.0 (RHEL 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MySQL 8.0 database on RHEL 9. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mysql-container/blob/master/README.md. - iconClass: icon-mysql-database - tags: mysql - version: '8.0' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel9/mysql-80:latest' - referencePolicy: - type: Local - - name: 8.0-el8 - annotations: - openshift.io/display-name: MySQL 8.0 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MySQL 8.0 database on RHEL 8. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mysql-container/blob/master/README.md. - iconClass: icon-mysql-database - tags: mysql - version: '8.0' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/mysql-80:latest' - referencePolicy: - type: Local - - name: 8.0-el7 - annotations: - openshift.io/display-name: MySQL 8.0 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MySQL 8.0 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mysql-container/blob/master/README.md. - iconClass: icon-mysql-database - tags: mysql - version: '8.0' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/mysql-80-rhel7:latest' - referencePolicy: - type: Local - - name: '8.0' - annotations: - openshift.io/display-name: MySQL 8.0 - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a MySQL 8.0 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/mysql-container/blob/master/README.md. - iconClass: icon-mysql-database - tags: 'mysql,hidden' - version: '8.0' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/mysql-80-rhel7:latest' - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/mysql-imagestreams/OWNERS b/charts/redhat/redhat/mysql-imagestreams/OWNERS deleted file mode 100644 index f4628a0c9d..0000000000 --- a/charts/redhat/redhat/mysql-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mysql-imagestreams - description: This is the Red Hat MySQL imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/Chart.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/Chart.yaml deleted file mode 100644 index 3c0b0d98a1..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - This content is expermental, do not use it in production. MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/8.0/root/usr/share/container-scripts/mysql/README.md. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -name: mysql-persistent -tags: database,mysql -version: 0.0.1 -annotations: - charts.openshift.io/name: Red Hat MySQL database service, with persistent storage (experimental). -apiVersion: v2 -appVersion: 0.0.1 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/README.md b/charts/redhat/redhat/mysql-persistent/0.0.1/src/README.md deleted file mode 100644 index 4938a23489..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# MySQL helm chart - -A Helm chart for building and deploying a [MySQL](https://github/sclorg/mysql-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `database_service_name` | The name of the OpenShift Service exposed for the database. | `mysql` | - | -| `mysql_user` | Username for MySQL user that will be used for accessing the database. | `testu` | Expresion like: `user[A-Z0-9]{3}` | -| `mysql_root_password` | Password for the MySQL root user. | `testur` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_database` | Name of the MySQL database accessed. | `testdb` | | -| `mysql_password` | Password for the MySQL connection user. | `testp` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_version` | Version of MySQL image to be used (8.0-el8, or latest). | `8.0-el8` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `mysql-persistent-testing` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `volume_capacity` | Volume space available for data, e.g. 512Mi, 2Gi. | `1Gi` | | diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index 14a914e385..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: database-root-password - name: {{ .Values.database_service_name }} - - name: MYSQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "mysql:{{ .Values.mysql_version }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 30 - timeoutSeconds: 1 - name: mysql - ports: - - containerPort: 3306 - readinessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - volumeMounts: - - mountPath: /var/lib/mysql/data - name: {{ .Values.database_service_name }}-data - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - mysql - from: - kind: ImageStreamTag - name: mysql:{{ .Values.mysql_version }} - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index a8b4264544..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/secret.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/secret.yaml deleted file mode 100644 index 5cc981ad90..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: '{.data[''database-name'']}' - template.openshift.io/expose-password: '{.data[''database-password'']}' - template.openshift.io/expose-root_password: '{.data[''database-root-password'']}' - template.openshift.io/expose-username: '{.data[''database-user'']}' - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.mysql_database }} - database-password: {{ .Values.mysql_password }} - database-root-password: {{ .Values.mysql_root_password }} - database-user: {{ .Values.mysql_user }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/service.yaml deleted file mode 100644 index a48fea4f0b..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mysql")].port} - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: mysql - port: 3306 - selector: - name: {{ .Values.database_service_name }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/tests/test-mysql-connection.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/tests/test-mysql-connection.yaml deleted file mode 100644 index 9a61899307..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/templates/tests/test-mysql-connection.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "mysql-connection-test" - image: "registry.redhat.io/rhel8/mysql-80:latest" - imagePullPolicy: IfNotPresent - env: - - name: MARIADB_USER - value: "{{ .Values.mysql_user }}" - - name: MARIADB_PASSWORD - value: "{{ .Values.mysql_password }}" - - name: MARIADB_DATABASE - value: "{{ .Values.mysql_database }}" - command: - - /bin/bash - - -ec - - "echo \"SELECT 42 as testval\\g\" | mysql --connect-timeout=15 -h {{ .Values.database_service_name }} $MARIADB_DATABASE -u$MARIADB_USER -p$MARIADB_PASSWORD" - restartPolicy: Never diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.schema.json b/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.schema.json deleted file mode 100644 index 732c8c80dc..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.schema.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "mysql_database": { - "type": "string" - }, - "mysql_password": { - "type": "string" - }, - "mysql_root_password": { - "type": "string" - }, - "mysql_user": { - "type": "string" - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "mysql_version": { - "type": "string", - "description": "Specify mysql imagestream tag", - "enum": [ "latest", "8.0-el9", "8.0-el8", "8.0-el7" ] - } - } -} - diff --git a/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.yaml b/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.yaml deleted file mode 100644 index 8973973680..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.1/src/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -database_service_name: mysql -memory_limit: 512Mi -mysql_database: testdb -mysql_password: testp # TODO: must define a default value for .mysql_password' -mysql_root_password: testur # TODO: must define a default value for .mysql_root_password' -mysql_user: testu # TODO: must define a default value for .mysql_user' -mysql_version: 8.0-el8 -namespace: openshift -volume_capacity: 1Gi diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/Chart.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/Chart.yaml deleted file mode 100644 index 79391a0dee..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: mysql-imagestreams - version: "0.0.1" - repository: https://github.com/openshift-helm-charts/charts -description: |- - This content is expermental, do not use it in production. MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/8.0/root/usr/share/container-scripts/mysql/README.md. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -name: mysql-persistent -tags: database,mysql -version: 0.0.2 -annotations: - charts.openshift.io/name: Red Hat MySQL database service, with persistent storage (experimental). -apiVersion: v2 -appVersion: 0.0.2 -kubeVersion: '>=1.20.0' -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/README.md b/charts/redhat/redhat/mysql-persistent/0.0.2/src/README.md deleted file mode 100644 index 4938a23489..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# MySQL helm chart - -A Helm chart for building and deploying a [MySQL](https://github/sclorg/mysql-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `database_service_name` | The name of the OpenShift Service exposed for the database. | `mysql` | - | -| `mysql_user` | Username for MySQL user that will be used for accessing the database. | `testu` | Expresion like: `user[A-Z0-9]{3}` | -| `mysql_root_password` | Password for the MySQL root user. | `testur` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_database` | Name of the MySQL database accessed. | `testdb` | | -| `mysql_password` | Password for the MySQL connection user. | `testp` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_version` | Version of MySQL image to be used (8.0-el8, or latest). | `8.0-el8` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `mysql-persistent-testing` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `volume_capacity` | Volume space available for data, e.g. 512Mi, 2Gi. | `1Gi` | | diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/deploymentconfig.yaml deleted file mode 100644 index 14a914e385..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: database-root-password - name: {{ .Values.database_service_name }} - - name: MYSQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "mysql:{{ .Values.mysql_version }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 30 - timeoutSeconds: 1 - name: mysql - ports: - - containerPort: 3306 - readinessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - volumeMounts: - - mountPath: /var/lib/mysql/data - name: {{ .Values.database_service_name }}-data - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - mysql - from: - kind: ImageStreamTag - name: mysql:{{ .Values.mysql_version }} - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index a8b4264544..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/secret.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/secret.yaml deleted file mode 100644 index 5cc981ad90..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: '{.data[''database-name'']}' - template.openshift.io/expose-password: '{.data[''database-password'']}' - template.openshift.io/expose-root_password: '{.data[''database-root-password'']}' - template.openshift.io/expose-username: '{.data[''database-user'']}' - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.mysql_database }} - database-password: {{ .Values.mysql_password }} - database-root-password: {{ .Values.mysql_root_password }} - database-user: {{ .Values.mysql_user }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/service.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/service.yaml deleted file mode 100644 index a48fea4f0b..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mysql")].port} - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: mysql - port: 3306 - selector: - name: {{ .Values.database_service_name }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/tests/test-mysql-connection.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/tests/test-mysql-connection.yaml deleted file mode 100644 index 9a61899307..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/templates/tests/test-mysql-connection.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "mysql-connection-test" - image: "registry.redhat.io/rhel8/mysql-80:latest" - imagePullPolicy: IfNotPresent - env: - - name: MARIADB_USER - value: "{{ .Values.mysql_user }}" - - name: MARIADB_PASSWORD - value: "{{ .Values.mysql_password }}" - - name: MARIADB_DATABASE - value: "{{ .Values.mysql_database }}" - command: - - /bin/bash - - -ec - - "echo \"SELECT 42 as testval\\g\" | mysql --connect-timeout=15 -h {{ .Values.database_service_name }} $MARIADB_DATABASE -u$MARIADB_USER -p$MARIADB_PASSWORD" - restartPolicy: Never diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.schema.json b/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.schema.json deleted file mode 100644 index 732c8c80dc..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.schema.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "mysql_database": { - "type": "string" - }, - "mysql_password": { - "type": "string" - }, - "mysql_root_password": { - "type": "string" - }, - "mysql_user": { - "type": "string" - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "mysql_version": { - "type": "string", - "description": "Specify mysql imagestream tag", - "enum": [ "latest", "8.0-el9", "8.0-el8", "8.0-el7" ] - } - } -} - diff --git a/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.yaml b/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.yaml deleted file mode 100644 index 8973973680..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.2/src/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -database_service_name: mysql -memory_limit: 512Mi -mysql_database: testdb -mysql_password: testp # TODO: must define a default value for .mysql_password' -mysql_root_password: testur # TODO: must define a default value for .mysql_root_password' -mysql_user: testu # TODO: must define a default value for .mysql_user' -mysql_version: 8.0-el8 -namespace: openshift -volume_capacity: 1Gi diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/Chart.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/Chart.yaml deleted file mode 100644 index d3da89bc22..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: mysql-imagestreams - version: "0.0.1" - repository: file://../../../../../redhat/redhat/mysql-imagestreams/0.0.1/src -description: |- - This content is expermental, do not use it in production. MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/8.0/root/usr/share/container-scripts/mysql/README.md. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -name: mysql-persistent -tags: database,mysql -version: 0.0.3 -annotations: - charts.openshift.io/name: Red Hat MySQL database service, with persistent storage (experimental). -apiVersion: v2 -appVersion: 0.0.3 -kubeVersion: '>=1.20.0' -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/README.md b/charts/redhat/redhat/mysql-persistent/0.0.3/src/README.md deleted file mode 100644 index 4938a23489..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# MySQL helm chart - -A Helm chart for building and deploying a [MySQL](https://github/sclorg/mysql-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `database_service_name` | The name of the OpenShift Service exposed for the database. | `mysql` | - | -| `mysql_user` | Username for MySQL user that will be used for accessing the database. | `testu` | Expresion like: `user[A-Z0-9]{3}` | -| `mysql_root_password` | Password for the MySQL root user. | `testur` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_database` | Name of the MySQL database accessed. | `testdb` | | -| `mysql_password` | Password for the MySQL connection user. | `testp` | Expression like: `[a-zA-Z0-9]{16}` | -| `mysql_version` | Version of MySQL image to be used (8.0-el8, or latest). | `8.0-el8` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `mysql-persistent-testing` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `volume_capacity` | Volume space available for data, e.g. 512Mi, 2Gi. | `1Gi` | | diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/deploymentconfig.yaml deleted file mode 100644 index 14a914e385..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: database-root-password - name: {{ .Values.database_service_name }} - - name: MYSQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "mysql:{{ .Values.mysql_version }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 30 - timeoutSeconds: 1 - name: mysql - ports: - - containerPort: 3306 - readinessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - volumeMounts: - - mountPath: /var/lib/mysql/data - name: {{ .Values.database_service_name }}-data - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - mysql - from: - kind: ImageStreamTag - name: mysql:{{ .Values.mysql_version }} - namespace: {{ .Values.namespace }} - type: ImageChange - - type: ConfigChange diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index a8b4264544..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/secret.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/secret.yaml deleted file mode 100644 index 5cc981ad90..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: '{.data[''database-name'']}' - template.openshift.io/expose-password: '{.data[''database-password'']}' - template.openshift.io/expose-root_password: '{.data[''database-root-password'']}' - template.openshift.io/expose-username: '{.data[''database-user'']}' - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.mysql_database }} - database-password: {{ .Values.mysql_password }} - database-root-password: {{ .Values.mysql_root_password }} - database-user: {{ .Values.mysql_user }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/service.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/service.yaml deleted file mode 100644 index a48fea4f0b..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mysql")].port} - labels: - template: mysql-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: mysql - port: 3306 - selector: - name: {{ .Values.database_service_name }} diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/tests/test-mysql-connection.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/tests/test-mysql-connection.yaml deleted file mode 100644 index 9a61899307..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/templates/tests/test-mysql-connection.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "mysql-connection-test" - image: "registry.redhat.io/rhel8/mysql-80:latest" - imagePullPolicy: IfNotPresent - env: - - name: MARIADB_USER - value: "{{ .Values.mysql_user }}" - - name: MARIADB_PASSWORD - value: "{{ .Values.mysql_password }}" - - name: MARIADB_DATABASE - value: "{{ .Values.mysql_database }}" - command: - - /bin/bash - - -ec - - "echo \"SELECT 42 as testval\\g\" | mysql --connect-timeout=15 -h {{ .Values.database_service_name }} $MARIADB_DATABASE -u$MARIADB_USER -p$MARIADB_PASSWORD" - restartPolicy: Never diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.schema.json b/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.schema.json deleted file mode 100644 index 732c8c80dc..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.schema.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "mysql_database": { - "type": "string" - }, - "mysql_password": { - "type": "string" - }, - "mysql_root_password": { - "type": "string" - }, - "mysql_user": { - "type": "string" - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "mysql_version": { - "type": "string", - "description": "Specify mysql imagestream tag", - "enum": [ "latest", "8.0-el9", "8.0-el8", "8.0-el7" ] - } - } -} - diff --git a/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.yaml b/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.yaml deleted file mode 100644 index 8973973680..0000000000 --- a/charts/redhat/redhat/mysql-persistent/0.0.3/src/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -database_service_name: mysql -memory_limit: 512Mi -mysql_database: testdb -mysql_password: testp # TODO: must define a default value for .mysql_password' -mysql_root_password: testur # TODO: must define a default value for .mysql_root_password' -mysql_user: testu # TODO: must define a default value for .mysql_user' -mysql_version: 8.0-el8 -namespace: openshift -volume_capacity: 1Gi diff --git a/charts/redhat/redhat/mysql-persistent/OWNERS b/charts/redhat/redhat/mysql-persistent/OWNERS deleted file mode 100644 index f8f3c68e40..0000000000 --- a/charts/redhat/redhat/mysql-persistent/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mysql-persistent - description: This is the Red Hat MySQL persistent storage chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/mysql-sed/0.1.0/mysql-sed-0.1.0.tgz b/charts/redhat/redhat/mysql-sed/0.1.0/mysql-sed-0.1.0.tgz deleted file mode 100644 index 53c4f02fb0..0000000000 Binary files a/charts/redhat/redhat/mysql-sed/0.1.0/mysql-sed-0.1.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/mysql-sed/0.1.0/report.yaml b/charts/redhat/redhat/mysql-sed/0.1.0/report.yaml deleted file mode 100644 index 38a4015079..0000000000 --- a/charts/redhat/redhat/mysql-sed/0.1.0/report.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.6.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /.kube/mysql-sed-0.1.0.tgz - digests: - chart: sha256:451087463b43fdffa1bd542bdec76f50909355cced7310d8093c4da38a15be48 - package: 6f3f5b053e2bd381fc7941f7a7528a82ab66f846ade4c23ff55a607ec7ac58d6 - lastCertifiedTimestamp: "2022-03-15T13:30:29.675151+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.7' - providerControlledDelivery: false - chart: - name: mysql-sed - home: "" - sources: [] - version: 0.1.0 - description: A Helm chart for MySQL Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 0.1.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: MYSQL Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/mysql-80-rhel7:latest' \ No newline at end of file diff --git a/charts/redhat/redhat/mysql-sed/OWNERS b/charts/redhat/redhat/mysql-sed/OWNERS deleted file mode 100644 index 67f08277e5..0000000000 --- a/charts/redhat/redhat/mysql-sed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: mysql-sed - shortDescription: MySQL Service Endpoint Definition -publicPgpKey: null -users: -- githubUsername: Kartikey-star -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 4c27d972cf..0000000000 --- a/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Build and serve static content via Nginx HTTP server - and a reverse proxy (nginx) on RHEL. https://github.com/sclorg/nginx-container/blob/master/README.md. -annotations: - charts.openshift.io/name: Red Hat Nginx HTTP server and a reverse proxy (nginx) (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: nginx-imagestreams -tags: builder,nginx -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index 35b00f3366..0000000000 --- a/charts/redhat/redhat/nginx-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - annotations: - openshift.io/display-name: Nginx HTTP server and a reverse proxy (nginx) - name: nginx -spec: - tags: - - annotations: - description: >- - Build and serve static content via Nginx HTTP server and a reverse - proxy (nginx) on RHEL. For more information about using this builder - image, including OpenShift considerations, see - https://github.com/sclorg/nginx-container/blob/master/1.20/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of Nginx available on OpenShift, - including major version updates. - iconClass: icon-nginx - openshift.io/display-name: Nginx HTTP server and a reverse proxy (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/nginx-ex.git' - supports: nginx - tags: 'builder,nginx' - from: - kind: ImageStreamTag - name: 1.20-ubi8 - referencePolicy: - type: Local - name: latest - - annotations: - description: >- - Build and serve static content via Nginx HTTP server and a reverse - proxy (nginx) on RHEL 8. For more information about using this builder - image, including OpenShift considerations, see - https://github.com/sclorg/nginx-container/blob/master/1.20/README.md. - iconClass: icon-nginx - openshift.io/display-name: Nginx HTTP server and a reverse proxy 1.20 (UBI 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/nginx-ex.git' - supports: nginx - tags: 'builder,nginx' - version: '1.20' - from: - kind: DockerImage - name: 'registry.redhat.io/ubi9/nginx-120:latest' - referencePolicy: - type: Local - name: 1.20-ubi9 - - annotations: - description: >- - Build and serve static content via Nginx HTTP server and a reverse - proxy (nginx) on RHEL 8. For more information about using this builder - image, including OpenShift considerations, see - https://github.com/sclorg/nginx-container/blob/master/1.20/README.md. - iconClass: icon-nginx - openshift.io/display-name: Nginx HTTP server and a reverse proxy 1.20 (UBI 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/nginx-ex.git' - supports: nginx - tags: 'builder,nginx' - version: '1.20' - from: - kind: DockerImage - name: 'registry.redhat.io/ubi8/nginx-120:latest' - referencePolicy: - type: Local - name: 1.20-ubi8 - - annotations: - description: >- - Build and serve static content via Nginx HTTP server and a reverse - proxy (nginx) on RHEL 7. For more information about using this builder - image, including OpenShift considerations, see - https://github.com/sclorg/nginx-container/blob/master/1.20/README.md. - iconClass: icon-nginx - openshift.io/display-name: Nginx HTTP server and a reverse proxy 1.20 (UBI 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - sampleRepo: 'https://github.com/sclorg/nginx-ex.git' - supports: nginx - tags: 'builder,nginx' - version: '1.20' - from: - kind: DockerImage - name: 'registry.redhat.io/ubi7/nginx-120:latest' - referencePolicy: - type: Local - name: 1.20-ubi7 diff --git a/charts/redhat/redhat/nginx-imagestreams/OWNERS b/charts/redhat/redhat/nginx-imagestreams/OWNERS deleted file mode 100644 index f0dd0fddcb..0000000000 --- a/charts/redhat/redhat/nginx-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: nginx-imagestreams - description: This is the Red Hat Nginx Server imagestream chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/nodejs-ex-k/0.2.1/nodejs-ex-k-0.2.1.tgz b/charts/redhat/redhat/nodejs-ex-k/0.2.1/nodejs-ex-k-0.2.1.tgz deleted file mode 100644 index fa42c5a5dd..0000000000 Binary files a/charts/redhat/redhat/nodejs-ex-k/0.2.1/nodejs-ex-k-0.2.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/nodejs-ex-k/0.2.1/report.yaml b/charts/redhat/redhat/nodejs-ex-k/0.2.1/report.yaml deleted file mode 100644 index df81e52ed4..0000000000 --- a/charts/redhat/redhat/nodejs-ex-k/0.2.1/report.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/nodejs-ex-k-0.2.1.tgz - digest: sha256:ee5c3d26bfc17ce6333678c1279dbed06a2c7d3cd0bd8f2b4128a1a7a7cf8acf - digests: - chart: sha256:ee5c3d26bfc17ce6333678c1279dbed06a2c7d3cd0bd8f2b4128a1a7a7cf8acf - package: 4340070f6b0d04ebb2ea4a10046b89c9f1706c62ae67bdc247ff6a59b9d035ec - lastCertifiedTimestamp: "2021-07-09T23:02:59.065099+00:00" - certifiedOpenShiftVersions: 4.7.0 - chart: - name: nodejs-ex-k - home: "" - sources: [] - version: 0.2.1 - description: A Helm chart for Kubernetes - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.16.0 - deprecated: false - annotations: {} - kubeversion: "" - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: FAIL - reason: Chart does not have a README - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : : Bad response code from Pyxis: 400 - : https://catalog.redhat.com/api/containers/v1/repositories?filter=repository%3D%3D+' diff --git a/charts/redhat/redhat/nodejs-ex-k/OWNERS b/charts/redhat/redhat/nodejs-ex-k/OWNERS deleted file mode 100644 index 1bcc31099b..0000000000 --- a/charts/redhat/redhat/nodejs-ex-k/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: nodejs-ex-k - shortDescription: This is the Red Hat NodeJs EX K chart -publicPgpKey: null -users: -- githubUsername: dperaza4dustbit -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/nodejs/0.0.1/nodejs-0.0.1.tgz b/charts/redhat/redhat/nodejs/0.0.1/nodejs-0.0.1.tgz deleted file mode 100644 index 00f75dba9e..0000000000 Binary files a/charts/redhat/redhat/nodejs/0.0.1/nodejs-0.0.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/nodejs/0.0.1/report.yaml b/charts/redhat/redhat/nodejs/0.0.1/report.yaml deleted file mode 100644 index 091deedbb5..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.1/report.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/nodejs-0.0.1.tgz - digest: sha256:3696fe9d93f49c0a87c2424b792056ce60ef373ce11b6c28b53674417b474314 - digests: - chart: sha256:3696fe9d93f49c0a87c2424b792056ce60ef373ce11b6c28b53674417b474314 - package: eeb75da3ec2e4d63fcc69aaa51d5d5a6fe0573414ac8d7341f73faed7c439ac4 - lastCertifiedTimestamp: "2021-07-09T22:47:54.970912+00:00" - certifiedOpenShiftVersions: 4.7.5 - chart: - name: nodejs - home: "" - sources: [] - version: 0.0.1 - description: A Helm chart to build and deploy Node.js applications - keywords: - - runtimes - - nodejs - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : testRelease:latest : Respository not - found: testRelease' - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install nodejs-3xh8usxv7m /root/.cache/chart-verifier/https___redhat_developer_github_io_redhat_helm_charts_charts_nodejs_0_0_1_tgz/nodejs --namespace davptest --wait --values /tmp/chart-testing-349700203/values.yaml": exit status 1 - --- - Error: timed out waiting for the condition - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/Chart.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/Chart.yaml deleted file mode 100644 index c794ea09d5..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: nodejs -version: 0.0.2 -kubeVersion: '>= 1.21.0-0' -description: A Helm chart to build and deploy Node.js applications -keywords: - - runtimes - - nodejs diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/README.md b/charts/redhat/redhat/nodejs/0.0.2/src/README.md deleted file mode 100644 index 8873eda412..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# Node.js Helm Chart -A Helm chart for building and deploying a [Node.js](https://nodejs.org/) application on OpenShift. - -## Prerequisites -Below are prerequisites that may apply to your use case. - -### Push Secret -You will need to create a push secret if you want to push your image to an external registry. Use the following command as a reference to create your push secret: -```bash -oc create secret docker-registry my-push-secret --docker-server=$SERVER_URL --docker-username=$USERNAME --docker-password=$PASSWORD --docker-email=$EMAIL -``` - -You can use this secret by passing `--set build.output.pushSecret=my-push-secret` and `--set build.output.kind=DockerImage` to `helm install`, or you can configure these in a values file: -```yaml -build: - output: - kind: DockerImage - pushSecret: my-push-secret -``` - -## Values -This section describes the Values used to configure this chart. - -Below is a table the values used to configure this chart. - -| Value | Description | Default | Additional Information | -| ----- | ----------- | ------- | ---------------------- | -| `image.name` | Name of the image you want to build/deploy | Defaults to the Helm release name. | The chart will create/reference an [ImageStream](https://docs.openshift.com/container-platform/4.6/openshift_images/image-streams-manage.html) based on this value. | -| `image.tag` | Tag that you want to build/deploy | `latest` | The chart will create/reference an [ImageStreamTag](https://docs.openshift.com/container-platform/4.6/openshift_images/image-streams-manage.html#images-using-imagestream-tags_image-streams-managing) based on the name provided | -| `build.enabled` | Determines if build-related resources should be created. | `true` | Set this to `false` if you want to deploy a previously built image. Leave this set to `true` if you want to build and deploy a new image. | -| `build.uri` | Git URI that references your git repo | https://github.com/nodeshift-starters/nodejs-rest-http | This value defaults to a sample application. Be sure to override this if you want to build and deploy your own application. | -| `build.ref` | Git ref containing the application you want to build | main | - | -| `build.contextDir` | The sub-directory where the application source code exists | - | - | -| `build.output.kind` | Determines if the image will be pushed to an ImageStreamTag or a DockerImage (external registry) | ImageStreamTag | More information: More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html | -| `build.output.pushSecret` | Push secret name | - | Used only if build.output.kind == 'DockerImage' | -| `build.pullSecret` | Image pull secret | - | More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html | -| `build.env` | Freeform `env` stanza | - | More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | -| `build.resources` | Freeform `resources` stanza | - | More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| `deploy.replicas` | Number of pod replicas to deploy | `1` | - | -| `deploy.resources` | Freeform `resources` stanza | - | More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| `deploy.serviceType` | Type of service to create | `ClusterIP` | More information: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | -| `deploy.ports` | Freeform service `ports` stanza. | See [values.yaml](./values.yaml) | More information: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service | -| `deploy.route.enabled` | Determines if a Route should be created | `true` | Allows clients outside of OpenShift to access your application | -| `deploy.route.targetPort` | The port that the Route should target traffic to | `http` | - | -| `deploy.route.tls.enabled` | Determines if the Route should be TLS-encrypted | `true` | More information: https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html | -| `deploy.route.tls.termination` | Determines the type of TLS termination to use | `edge` | Options: `edge`, `reencrypt`, `passthrough` | -| `deploy.route.tls.insecureEdgeTerminationPolicy` | Determines if insecure traffic should be redirected | `Redirect` | Options: "Allow", "Disable", "Redirect" | -| `deploy.route.tls.key` | Provides key file contents | - | This is a secret. Do not check this value into git. | -| `deploy.route.tls.caCertificate` | Provides the cert authority certificate contents | - | - | -| `deploy.route.tls.certificate` | Provides certificate contents | - | - | -| `deploy.route.tls.destinationCACertificate` | Provides the destination CA Certificate for reencrypt routes | - | - | -| `deploy.livenessProbe` | Freeform `livenessProbe` stanza. | See [values.yaml](./values.yaml) | More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health | -| `deploy.readinessProbe` | Freeform `readinessProbe` stanza. | See [values.yaml](./values.yaml) | More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health | -| `deploy.env` | Freeform `env` stanza | - | More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | -| `deploy.envFrom` | Freeform `envFrom` stanza | - | More information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables | -| `deploy.volumeMounts` | Freeform volume mounts | - | More information: https://kubernetes.io/docs/concepts/storage/volumes/ | -| `deploy.volumes` | Freeform volumes | - | More information: https://kubernetes.io/docs/concepts/storage/volumes/ | -| `deploy.initContainers` | Freeform init containers | - | More information: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | -| `deploy.extraContainers` | Freeform containers | - | More information: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates | -| `global.nameOverride` | Overrides the release name | - | Resources are named after the release name. Set this value if you want to override the release name. | diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/NOTES.txt b/charts/redhat/redhat/nodejs/0.0.2/src/templates/NOTES.txt deleted file mode 100644 index 635c5bdf29..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Release.IsInstall }} -Your Node.js app is building! To view the build logs, run: - -oc logs bc/{{ include "nodejs.name" . }} --follow - -Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out. -{{- end }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/_helpers.tpl b/charts/redhat/redhat/nodejs/0.0.2/src/templates/_helpers.tpl deleted file mode 100644 index 67a88b1156..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{- define "nodejs.name" -}} -{{ default .Release.Name .Values.global.nameOverride }} -{{- end -}} - -{{- define "nodejs.labels" -}} -helm.sh/chart: {{ .Chart.Name }} -{{ include "nodejs.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{- define "nodejs.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nodejs.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{- define "nodejs.imageName" -}} -{{ default (include "nodejs.name" .) .Values.image.name }}:{{ .Values.image.tag }} -{{- end -}} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/buildconfig.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/buildconfig.yaml deleted file mode 100644 index 7bb0879be0..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/buildconfig.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.build.enabled }} -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - name: {{ include "nodejs.name" . }} - labels: - {{- include "nodejs.labels" . | nindent 4 }} -spec: - source: - type: Git - git: - uri: {{ .Values.build.uri }} - ref: {{ .Values.build.ref }} -{{- if .Values.build.contextDir }} - contextDir: {{ .Values.build.contextDir }} -{{- end }} - strategy: - type: Source - sourceStrategy: - from: - kind: ImageStreamTag - namespace: {{ .Values.build.source.namespace }} - name: {{ .Values.build.source.name }} - {{- if .Values.build.pullSecret }} - pullSecret: - name: {{ .Values.build.pullSecret }} - {{- end }} - {{- if .Values.build.env }} - env: - {{- tpl (toYaml .Values.build.env) . | nindent 8 }} - {{- end }} - output: - to: - kind: {{ .Values.build.output.kind }} - name: {{ include "nodejs.imageName" . }} - {{- if and (eq .Values.build.output.kind "DockerImage") .Values.build.output.pushSecret }} - pushSecret: - name: {{ .Values.build.output.pushSecret }} - {{- end }} -{{- if .Values.build.resources }} - resources: - {{- toYaml .Values.build.resources | nindent 4 }} -{{- end }} - triggers: - - type: ConfigChange -{{- end }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/deployment.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/deployment.yaml deleted file mode 100644 index 34e4d47574..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/deployment.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nodejs.name" . }} - labels: - {{- include "nodejs.labels" . | nindent 4 }} -{{- if and .Values.build.enabled (eq .Values.build.output.kind "ImageStreamTag") }} - annotations: - image.openshift.io/triggers: |- - [ - { - "from":{ - "kind":"ImageStreamTag", - "name":"{{ include "nodejs.imageName" . }}" - }, - "fieldPath":"spec.template.spec.containers[0].image" - } - ] -{{- end }} -spec: - replicas: {{ .Values.deploy.replicas }} - selector: - matchLabels: - {{- include "nodejs.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "nodejs.labels" . | nindent 8 }} - spec: -{{- if .Values.deploy.initContainers }} - initContainers: - {{- tpl (toYaml .Values.deploy.initContainers) . | nindent 8 }} -{{- end }} - containers: - - name: web - image: {{ include "nodejs.imageName" . }} - ports: -{{- range .Values.deploy.ports }} - - name: {{ .name }} - containerPort: {{ .targetPort }} - protocol: {{ .protocol }} -{{- end }} -{{- if .Values.deploy.resources }} - resources: - {{- toYaml .Values.deploy.resources | nindent 12 }} -{{- end }} -{{- if .Values.deploy.livenessProbe }} - livenessProbe: - {{- tpl (toYaml .Values.deploy.livenessProbe) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.readinessProbe }} - readinessProbe: - {{- tpl (toYaml .Values.deploy.readinessProbe) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.env }} - env: - {{- tpl (toYaml .Values.deploy.env) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.envFrom }} - envFrom: - {{- tpl (toYaml .Values.deploy.envFrom) . | nindent 12 }} -{{- end }} - volumeMounts: -{{- if .Values.deploy.volumeMounts }} - {{- tpl (toYaml .Values.deploy.volumeMounts) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.extraContainers }} - {{- tpl (toYaml .Values.deploy.extraContainers) . | nindent 8 }} -{{- end }} - volumes: -{{- if .Values.deploy.applicationProperties.enabled }} - - name: application-properties - configMap: - name: {{ include "nodejs.name" . }} -{{- end }} -{{- if .Values.deploy.volumes }} - {{- tpl (toYaml .Values.deploy.volumes) . | nindent 8 }} -{{- end }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/imagestream.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/imagestream.yaml deleted file mode 100644 index f9fbf53bef..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/imagestream.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.build.enabled (eq .Values.build.output.kind "ImageStreamTag") }} -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ include "nodejs.name" . }} - labels: - {{- include "nodejs.labels" . | nindent 4 }} -spec: - lookupPolicy: - local: true -{{- end }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/route.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/route.yaml deleted file mode 100644 index a9769a7815..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/route.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.deploy.route.enabled }} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "nodejs.name" . }} - labels: - {{- include "nodejs.labels" . | nindent 4 }} -spec: - to: - kind: Service - name: {{ include "nodejs.name" . }} - port: - targetPort: {{ tpl .Values.deploy.route.targetPort . }} -{{- if .Values.deploy.route.tls.enabled }} - tls: - termination: {{ .Values.deploy.route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .Values.deploy.route.tls.insecureEdgeTerminationPolicy }} - {{- if .Values.deploy.route.tls.key }} - key: |- - {{- .Values.deploy.route.tls.key | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .Values.deploy.route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.caCertificate }} - caCertificate: |- - {{- .Values.deploy.route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.certificate }} - certificate: |- - {{- .Values.deploy.route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/service.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/service.yaml deleted file mode 100644 index e1c64a490a..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "nodejs.name" . }} - labels: - {{- include "nodejs.labels" . | nindent 4 }} -spec: - type: {{ .Values.deploy.serviceType }} - selector: - {{- include "nodejs.selectorLabels" . | nindent 4 }} - ports: - {{- tpl (toYaml .Values.deploy.ports) . | nindent 4 }} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/templates/tests/test-chart.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/templates/tests/test-chart.yaml deleted file mode 100644 index c70cb8db00..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/templates/tests/test-chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-test" - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": test -spec: -{{- if .Values.build.pullSecret }} - {{- include "imagePullSecrets" . | nindent 2 }} -{{- end }} - containers: - - name: {{ .Release.Name }}-test - image: image-registry.openshift-image-registry.svc:5000/default/{{ .Release.Name }}:{{ .Values.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/sh - - -c - - | - echo "Checking for node process" - npm start& - PROCESS=`ps -ef | grep node | grep -v grep` - echo "$PROCESS" - if [ -z "$PROCESS" ] - then - echo "Process not found" - exit 1 - fi - echo "Process Found" - exit 0 - restartPolicy: Never diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/values.schema.json b/charts/redhat/redhat/nodejs/0.0.2/src/values.schema.json deleted file mode 100644 index 39da4929ee..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/values.schema.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "properties": { - "image": { - "type": "object", - "description": "Defines the image you want to build/deploy", - "properties": { - "name": { - "type": ["string", "null"], - "description": "Name of the image you want to build/deploy. Defaults to the release name." - }, - "tag": { - "type": "string", - "description": "Tag that you want to build/deploy" - } - } - }, - "deploy": { - "type": "object", - "title": "Deploy", - "description": "Specifiy deployment settings", - "required": [ - "replicas" - ], - "replicas": { - "default": 1, - "description": "Define number of nodejs pods running", - "title": "Replica Count", - "type": "integer" - }, - "serviceType": { - "type": "string", - "title": "Service Type", - "description": "Select Service type", - "default": "ClusterIP" - }, - "ports": { - "type": "object", - "title": "ports", - "description": "Specify Deployment Ports for Container", - "required": [ - "name", - "port", - "targetPort", - "protocol" - ], - "name": { - "type": "string", - "title": "Name", - "default": "http" - }, - "port": { - "type": "integer", - "title": "Port", - "description": "Define Port", - "default": 8080 - }, - "targetPort": { - "type": "integer", - "title": "Target Port", - "description": "Define Target Port", - "default": 8080 - }, - "protocol": { - "type": "string", - "description": "Specify which protocol to use", - "title": "Protocol", - "default": "TCP" - } - } - }, - "build": { - "type": "object", - "title": "Build", - "description": "Specify what repo to build from", - "required": [ - "enabled", - "uri", - "ref" - ], - "additionalProperties": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Enabled", - "description": "Uncheck if you want to use an already built image", - "default": true - }, - "uri": { - "type": "string", - "title": "uri", - "description": "Define repository uri", - "examples": [ - "https://github.com/nodeshift-starters/nodejs-rest-http" - ] - }, - "ref": { - "type": "string", - "title": "ref", - "description": "Define repo ref", - "examples": [ - "main", - "master" - ] - }, - "contextDir": { - "type": ["string", "null"], - "title": "contextDir", - "description": "What directory in the repo should the image build from" - }, - "output": { - "type": "object", - "description": "Specifies where the image will be pushed to once built. More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html", - "properties": { - "kind": { - "type": "string", - "description": "Determines how the image will be pushed", - "enum": ["ImageStreamTag", "DockerImage"] - }, - "pushSecret": { - "type": ["string", "null"], - "description": "Push secret name, used only if kind == 'DockerImage'" - } - } - }, - "pullSecret": { - "type": ["string", "null"], - "description": "The image pull secret. More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html" - }, - "env": { - "type": ["array", "null"], - "description": "Freeform env field. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/" - }, - "resources": { - "type": ["object", "null"], - "description": "Freeform resources field. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - }, - "source": { - "type": "object", - "description": "Specifies details for the source imagestream", - "properties": { - "namespace": { - "type": "string", - "description": "Namespace for source imagestream", - "default": "openshift" - }, - "name": { - "type": "string", - "description": "Name of source image", - "default": "nodejs:12" - } - } - } - } - }, - "global": { - "type": "object", - "description": "Values that should be global across parent and dependent Helm charts", - "properties": { - "nameOverride": { - "type": ["string", "null"], - "description": "Overrides the release name. Impacts the image name (if image.name is left blank) and impacts the name of created OCP resources" - } - } - } - } -} diff --git a/charts/redhat/redhat/nodejs/0.0.2/src/values.yaml b/charts/redhat/redhat/nodejs/0.0.2/src/values.yaml deleted file mode 100644 index 837d855074..0000000000 --- a/charts/redhat/redhat/nodejs/0.0.2/src/values.yaml +++ /dev/null @@ -1,149 +0,0 @@ -image: - ## Name of the image you want to build/deploy - ## Defaults to the release name - name: - ## Tag that you want to build/deploy - tag: latest - -## Build-specific values (for configuring BuildConfig and ImageStream) -build: - ## Should build-related resources such as BuildConfig and ImageStream be created? - ## Set this to false if you just want to deploy a previously built image. - enabled: true - - ## Git URI, Ref, and ContextDir - uri: https://github.com/nodeshift-starters/nodejs-rest-http - ref: main - contextDir: - - ## Specifies where the image will be pushed to once built - ## More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html - output: - ## Choices: ImageStreamTag, DockerImage - ## ImageStreamTag publishes to the internal registry - ## DockerImage publishes to an external registry (referred to by image.name and image.tag) - kind: ImageStreamTag - ## Push secret name, used only if kind == "DockerImage" - pushSecret: - - ## Image pull secret. More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html - pullSecret: - - ## Freeform env for the OCP build. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ - env: - # - name: VAR_NAME - # value: var-value - - ## Freeform resources for the OCP build. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - # limits: - # cpu: "4" - # memory: 6Gi - # requests: - # cpu: "2" - # memory: 4Gi - - source: - namespace: openshift - name: nodejs:12 - -## Application/Deployment-specific values (For configuring Deployment, Service, Route, ConfigMap, etc) -deploy: - ## Number of pod replicas to deploy - replicas: 1 - - ## Freeform resources for Node. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - - ## Type of service to create. More information: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - serviceType: ClusterIP - - ## Freeform service ports. More information: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - ports: - - name: http - port: 8080 - targetPort: 8080 - protocol: TCP - - ## For creating a Route, allowing your application to be accessed from outside the OCP cluster - route: - enabled: true - targetPort: http - ## More information: https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html - tls: - enabled: true - termination: edge - insecureEdgeTerminationPolicy: Redirect - ## IMPORTANT: Do not check 'key' into git! - key: - caCertificate: - certificate: - destinationCACertificate: - - ## Freeform Liveness Probe. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health - livenessProbe: - tcpSocket: - port: http - ## If you don't want a livenessProbe, override like this in your values file - # livenessProbe: '' - - ## Freeform Readiness Probe. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health - readinessProbe: - httpGet: - path: / - port: http - ## If you don't want a readinessProbe, override like this in your values file - # readinessProve: '' - - ## Freeform env for the Quarkus app. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ - env: - # - name: VAR_NAME - # value: var-value - - ## Freeform envFrom for the Quarkus app. More information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables - envFrom: - # - configMapRef: - # name: special-config - - ## Application properties file for configuring the Quarkus app - applicationProperties: - ## Determines if application properties should be created in a configmap and mounted to the Quarkus container - enabled: false - ## Location to mount the properties file - mountPath: /deployments/config/ - ## Application properties file contents - properties: |- - ## Properties go here - - ## Freeform volume mounts. More information: https://kubernetes.io/docs/concepts/storage/volumes/ - volumeMounts: - # - name: my-config - # mountPath: /etc/config - - ## Freeform volumes. More information: https://kubernetes.io/docs/concepts/storage/volumes/ - volumes: - # - name: my-config - # configMap: - # name: my-configmap - - ## Freeform init containers: More information: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - initContainers: - # - name: my-init-container - # command: ["echo", "hello"] - # image: registry.redhat.io/ubi8/ubi-minimal - - ## Freeform containers: More information: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates - extraContainers: - # - name: my-extra-container - # command: ["sleep", "infinity"] - # image: registry.redhat.io/ubi8/ubi-minimal - -global: - ## Override the release name - nameOverride: diff --git a/charts/redhat/redhat/nodejs/OWNERS b/charts/redhat/redhat/nodejs/OWNERS deleted file mode 100644 index 9a16089082..0000000000 --- a/charts/redhat/redhat/nodejs/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: nodejs - shortDescription: This is the Red Hat NodeJs chart -publicPgpKey: null -users: -- githubUsername: dperaza4dustbit -- githubUsername: AshCripps -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 92289fefd4..0000000000 --- a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - Red Hat PostgreSQL database service imagestreams. - For more information about PostgreSQL container see https://github.com/sclorg/postgresql-container/. -annotations: - charts.openshift.io/name: Red Hat PostgreSQL database service imagestreams. -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: postgresql-imagestreams -tags: database,postgresql -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/README.md b/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/README.md deleted file mode 100644 index 32e3ed9931..0000000000 --- a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# PostgreSQL Helm Chart imagestreams - -The file contains all supported PostgreSQL imagestreams. - -For more information about helm charts see the offical [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## How to start with helm charts - -The first download and install Helm. Follow instructions mentioned [here](https://helm.sh/docs/intro/install/). - -## How to work with PostgreSQL helm chart - -Before deploying helm chart to OpenShift, you have to create a package. -This can be done by command: - -```commandline -$ helm package ./ -``` - -that will create a helm package named, `postgresql-imagestreams-v0.0.1.tgz` in this directory. - -The next step is to upload Helm Chart to OpenShift. This is done by command: - -```commandline -$ helm install postgresql-imagestreams postgresql-imagestreams-v0.0.1.tgz -``` - -In order to check if everything is imported properly, run command: -```commandline -$ oc get is -o json -``` -that will print all support PostgreSQL imagestreams. - - -## Troubleshooting -For case you need a computer readable output you can add to command mentioned above option `-o json`. - -In case of installation failed for reason like: -```commandline -// Error: INSTALLATION FAILED: cannot re-use a name that is still in use -``` -you have to uninstall previous PostgreSQL Helm Chart by command: - -```commandline -$ helm uninstall postgresql-imagestreams -``` - - diff --git a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index 252121d385..0000000000 --- a/charts/redhat/redhat/postgresql-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,181 +0,0 @@ -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: postgresql - annotations: - openshift.io/display-name: PostgreSQL -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: PostgreSQL (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL database on RHEL. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of PostgreSQL available on OpenShift, - including major version updates. - iconClass: icon-postgresql - tags: 'database,postgresql' - from: - kind: ImageStreamTag - name: 13-el8 - referencePolicy: - type: Local - - name: 13-el9 - annotations: - openshift.io/display-name: PostgreSQL 13 (RHEL 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 13 database on RHEL 9. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '13' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel9/postgresql-13:latest' - referencePolicy: - type: Local - - name: 13-el8 - annotations: - openshift.io/display-name: PostgreSQL 13 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 13 database on RHEL 8. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '13' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/postgresql-13:latest' - referencePolicy: - type: Local - - name: 13-el7 - annotations: - openshift.io/display-name: PostgreSQL 13 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 13 database on RHEL 7. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '13' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/postgresql-13-rhel7:latest' - referencePolicy: - type: Local - - name: 12-el8 - annotations: - openshift.io/display-name: PostgreSQL 12 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 12 database on RHEL 8. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '12' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/postgresql-12:latest' - referencePolicy: - type: Local - - name: 12-el7 - annotations: - openshift.io/display-name: PostgreSQL 12 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 12 database on RHEL 7. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '12' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/postgresql-12-rhel7:latest' - referencePolicy: - type: Local - - name: '12' - annotations: - openshift.io/display-name: PostgreSQL (Ephemeral) 12 - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 12 database on RHEL 7. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql,hidden' - version: '12' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/postgresql-12-rhel7:latest' - referencePolicy: - type: Local - - name: 10-el8 - annotations: - openshift.io/display-name: PostgreSQL 10 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 10 database on RHEL 8. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '10' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/postgresql-10:latest' - referencePolicy: - type: Local - - name: 10-el7 - annotations: - openshift.io/display-name: PostgreSQL 10 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 10 database on RHEL 7. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql' - version: '10' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/postgresql-10-rhel7:latest' - referencePolicy: - type: Local - - name: '10' - annotations: - openshift.io/display-name: PostgreSQL (Ephemeral) 10 - openshift.io/provider-display-name: 'Red Hat, Inc.' - description: >- - Provides a PostgreSQL 10 database on RHEL 7. For more information - about using this database image, including OpenShift considerations, - see - https://github.com/sclorg/postgresql-container/blob/master/README.md. - iconClass: icon-postgresql - tags: 'database,postgresql,hidden' - version: '10' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/postgresql-10-rhel7:latest' - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/postgresql-imagestreams/OWNERS b/charts/redhat/redhat/postgresql-imagestreams/OWNERS deleted file mode 100644 index b295dc4709..0000000000 --- a/charts/redhat/redhat/postgresql-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: postgresql-imagestreams - description: The Red Hat PostgreSQL imagestreams -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/Chart.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/Chart.yaml deleted file mode 100644 index f687667b60..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -annotations: - charts.openshift.io/name: Red Hat PostgreSQL database service, with persistent storage. -apiVersion: v2 -appVersion: 0.0.1 -name: postgresql-persistent -tags: database,postgresql -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 - diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/README.md b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/README.md deleted file mode 100644 index a76c764915..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# PostgreSQL helm chart - -This repository contains helm chart for PostgreSQL image build and deployed on OpenShift. - -For more information about helm charts see the offical [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## How to start with helm charts - -The first download and install Helm. Follow instructions mentioned [here](https://helm.sh/docs/intro/install/). - -## Prerequisite for PostgreSQL-persistent helm chart -Before deploying helm chart to OpenShift, you have to create a package for postgresql-imagestream. -See details [postgresql-imagestreams](../postgresql-imagestreams/README.md) - - -## How to work with PostgreSQL-persistent helm chart - -The default PostgreSQL helm chart configuration is for RHEL7 PostgreSQL version 10. - -This can be done by command: - -```commandline -$ helm package ./ -``` - -that will create a helm package named, `postgresql-persistent-v0.0.1.tgz` in this directory. - -The next step is to upload Helm Chart to OpenShift. This is done by command: - -```commandline -$ helm install postgresql-persistent postgresql-persistent-v0.0.1.tgz -``` - -In case you would like to use this helm chart for different versions and even RHEL versions. -you need to modify installing command. - -E.g. For RHEL8 - -```commandline -$ helm install postgresql-persistent postgresql-persistent-v0.0.1.tgz --set image.repository=registry.redhat.io/rhel8/postgresql-13 --set image.version=13 -``` -The values that can be overwritten are specified in file [values.yaml](./values.yaml) - -To test in PostgreSQL helm chart is working properly run command: - -```commandline -$ helm test postgresql-persistent --logs -``` -that will print output like: -```commandline -NAME: postgresql-persistent -LAST DEPLOYED: Mon Mar 27 09:36:23 2023 -NAMESPACE: pgsql-13 -STATUS: deployed -REVISION: 1 -TEST SUITE: postgresql-persistent-connection-test -Last Started: Mon Mar 27 09:37:13 2023 -Last Completed: Mon Mar 27 09:37:19 2023 -Phase: Succeeded - -POD LOGS: postgresql-persistent-connection-test -postgresql-testing:5432 - accepting connections -``` -## Troubleshooting -For case you need a computer readable output you can add to command mentioned above option `-o json`. - -In case of installation failed for reason like: -```commandline -// Error: INSTALLATION FAILED: cannot re-use a name that is still in use -``` -you have to uninstall previous PostgreSQL Helm Chart by command: - -```commandline -$ helm uninstall postgresql-persistent -``` - - diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index 5107172baf..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: postgresql-persistent-template - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - capabilities: {} - env: - - name: POSTGRESQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: POSTGRESQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: POSTGRESQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "postgresql:{{ .Values.image.tag }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /usr/libexec/check-container - - --live - initialDelaySeconds: 120 - timeoutSeconds: 10 - name: "postgresql-{{ .Values.image.tag }}-testing" - ports: - - containerPort: {{ .Values.config.port }} - protocol: TCP - readinessProbe: - exec: - command: - - /usr/libexec/check-container - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - volumeMounts: - - mountPath: /var/lib/pgsql/data - name: {{ .Values.database_service_name }}-data - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - "postgresql-{{ .Values.image.tag }}-testing" - from: - kind: ImageStreamTag - {{- range .Values.image.tag }} - name: "postgresql:{{ . }}" - {{- end }} - namespace: {{ .Values.namespace }} - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange -status: {} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index cdb599d32e..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/secret.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/secret.yaml deleted file mode 100644 index 1b5e8d4ad7..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: '{.data[''database-name'']}' - template.openshift.io/expose-password: '{.data[''database-password'']}' - template.openshift.io/expose-username: '{.data[''database-user'']}' - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.config.postgresql_database }} - database-password: {{ .Values.config.postgresql_password }} - database-user: {{ .Values.config.postgresql_user }} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/service.yaml deleted file mode 100644 index cc08371870..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port} - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: postgresql - nodePort: 0 - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - name: {{ .Values.database_service_name }} - sessionAffinity: None - type: ClusterIP -status: - loadBalancer: {} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/tests/test-postgresql-connection.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/tests/test-postgresql-connection.yaml deleted file mode 100644 index 5e655462a6..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/templates/tests/test-postgresql-connection.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "postgresql-{{ .Values.image.tag }}-connection-test" - image: "image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace}}/postgresql:{{ .Values.image.tag }}" - imagePullPolicy: IfNotPresent - env: - - name: POSTGRESQL_USER - value: "{{ .Values.config.postgresql_user }}" - - name: PGPASSWORD - value: "{{ .Values.config.postgresql_password }}" - - name: POSTGRESQL_DATABASE - value: "{{ .Values.config.postgresql_database }}" - - name: POSTGRESQL_PORT - value: "{{ .Values.config.port }}" - command: - - /bin/bash - - -ec - - "PGPASSWORD=$PGPASSWORD /usr/bin/pg_isready -d $POSTGRESQL_DATABASE -h {{ .Values.database_service_name }} -p $POSTGRESQL_PORT -U $POSTGRESQL_USER" - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.schema.json b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.schema.json deleted file mode 100644 index 391ee08b64..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.schema.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "config": { - "type": "object", - "properties": { - "postgresql_database": { - "type": "string" - }, - "postgresql_password": { - "type": "string" - }, - "postgresql_user": { - "type": "string" - }, - "port": { - "type": "integer" - } - } - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "image": { - "type": "object", - "properties": { - "tag": { - "type": "string", - "description": "Specify postgresql imagestream tag", - "enum": ["latest", "13-el9", "13-el8", "13-el7", "12-el8", "12-el7", "12", "10-el8", "10-el7", "10" ] - } - } - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.yaml deleted file mode 100644 index a0d54d416e..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.1/src/values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -database_service_name: postgresql-testing -memory_limit: 512Mi -namespace: postgresql-persistent-testing -volume_capacity: 1Gi -config: - postgresql_database: testdb - postgresql_password: testp - postgresql_user: testu - port: 5432 -image: - tag: - - "latest" - - "13-el9" - - "13-el8" - - "13-el7" - - "12-el8" - - "12-el7" - - "12" - - "10-el8" - - "10-el7" - - "10" diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/Chart.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/Chart.yaml deleted file mode 100644 index 6c4e22435e..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/. - - NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. -annotations: - charts.openshift.io/name: Red Hat PostgreSQL database service, with persistent storage. -apiVersion: v2 -appVersion: 0.0.2 -name: postgresql-persistent -tags: database,postgresql -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.2 - diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/README.md b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/README.md deleted file mode 100644 index 8c628a36fb..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# PostgreSQL helm chart - -This repository contains helm chart for PostgreSQL image build and deployed on OpenShift. - -For more information about helm charts see the offical [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## How to start with helm charts - -The first download and install Helm. Follow instructions mentioned [here](https://helm.sh/docs/intro/install/). - -## Prerequisite for PostgreSQL-persistent helm chart -Before deploying helm chart to OpenShift, you have to create a package for postgresql-imagestream. -See details [postgresql-imagestreams](../postgresql-imagestreams/README.md) - - -## How to work with PostgreSQL-persistent helm chart - -The default PostgreSQL helm chart configuration is for RHEL7 PostgreSQL version 10. - -This can be done by command: - -```commandline -$ helm package ./ -``` - -that will create a helm package named, `postgresql-persistent-0.0.2.tgz` in this directory. - -The next step is to upload Helm Chart to OpenShift. This is done by command: - -```commandline -$ helm install postgresql-persistent postgresql-persistent-0.0.2.tgz -``` - -In case you would like to use this helm chart for different versions and even RHEL versions. -you need to modify installing command. - -E.g. For RHEL8 - -```commandline -$ helm install postgresql-persistent postgresql-persistent-0.0.2.tgz --set image.repository=registry.redhat.io/rhel8/postgresql-13 --set image.version=13 -``` -The values that can be overwritten are specified in file [values.yaml](./values.yaml) - -To test in PostgreSQL helm chart is working properly run command: - -```commandline -$ helm test postgresql-persistent --logs -``` -that will print output like: -```commandline -NAME: postgresql-persistent -LAST DEPLOYED: Mon Mar 27 09:36:23 2023 -NAMESPACE: pgsql-13 -STATUS: deployed -REVISION: 1 -TEST SUITE: postgresql-persistent-connection-test -Last Started: Mon Mar 27 09:37:13 2023 -Last Completed: Mon Mar 27 09:37:19 2023 -Phase: Succeeded - -POD LOGS: postgresql-persistent-connection-test -postgresql-testing:5432 - accepting connections -``` -## Troubleshooting -For case you need a computer readable output you can add to command mentioned above option `-o json`. - -In case of installation failed for reason like: -```commandline -// Error: INSTALLATION FAILED: cannot re-use a name that is still in use -``` -you have to uninstall previous PostgreSQL Helm Chart by command: - -```commandline -$ helm uninstall postgresql-persistent -``` - - diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/deploymentconfig.yaml deleted file mode 100644 index 764ae1dd9d..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: postgresql-persistent-template - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - name: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - capabilities: {} - env: - - name: POSTGRESQL_USER - valueFrom: - secretKeyRef: - key: database-user - name: {{ .Values.database_service_name }} - - name: POSTGRESQL_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - - name: POSTGRESQL_DATABASE - valueFrom: - secretKeyRef: - key: database-name - name: {{ .Values.database_service_name }} - image: "postgresql:{{ .Values.image.tag }}" - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /usr/libexec/check-container - - --live - initialDelaySeconds: 120 - timeoutSeconds: 10 - name: "postgresql-{{ .Values.image.tag }}-testing" - ports: - - containerPort: {{ .Values.config.port }} - protocol: TCP - readinessProbe: - exec: - command: - - /usr/libexec/check-container - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - volumeMounts: - - mountPath: /var/lib/pgsql/data - name: {{ .Values.database_service_name }}-data - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - "postgresql-{{ .Values.image.tag }}-testing" - from: - kind: ImageStreamTag - name: "postgresql:{{ .Values.image.tag }}" - namespace: {{ .Values.namespace }} - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange -status: {} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index cdb599d32e..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/secret.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/secret.yaml deleted file mode 100644 index 1b5e8d4ad7..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-database_name: '{.data[''database-name'']}' - template.openshift.io/expose-password: '{.data[''database-password'']}' - template.openshift.io/expose-username: '{.data[''database-user'']}' - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-name: {{ .Values.config.postgresql_database }} - database-password: {{ .Values.config.postgresql_password }} - database-user: {{ .Values.config.postgresql_user }} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/service.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/service.yaml deleted file mode 100644 index cc08371870..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port} - labels: - template: postgresql-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: postgresql - nodePort: 0 - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - name: {{ .Values.database_service_name }} - sessionAffinity: None - type: ClusterIP -status: - loadBalancer: {} diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/tests/test-postgresql-connection.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/tests/test-postgresql-connection.yaml deleted file mode 100644 index 5e655462a6..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/templates/tests/test-postgresql-connection.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "postgresql-{{ .Values.image.tag }}-connection-test" - image: "image-registry.openshift-image-registry.svc:5000/{{ .Values.namespace}}/postgresql:{{ .Values.image.tag }}" - imagePullPolicy: IfNotPresent - env: - - name: POSTGRESQL_USER - value: "{{ .Values.config.postgresql_user }}" - - name: PGPASSWORD - value: "{{ .Values.config.postgresql_password }}" - - name: POSTGRESQL_DATABASE - value: "{{ .Values.config.postgresql_database }}" - - name: POSTGRESQL_PORT - value: "{{ .Values.config.port }}" - command: - - /bin/bash - - -ec - - "PGPASSWORD=$PGPASSWORD /usr/bin/pg_isready -d $POSTGRESQL_DATABASE -h {{ .Values.database_service_name }} -p $POSTGRESQL_PORT -U $POSTGRESQL_USER" - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.schema.json b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.schema.json deleted file mode 100644 index 391ee08b64..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.schema.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "config": { - "type": "object", - "properties": { - "postgresql_database": { - "type": "string" - }, - "postgresql_password": { - "type": "string" - }, - "postgresql_user": { - "type": "string" - }, - "port": { - "type": "integer" - } - } - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "image": { - "type": "object", - "properties": { - "tag": { - "type": "string", - "description": "Specify postgresql imagestream tag", - "enum": ["latest", "13-el9", "13-el8", "13-el7", "12-el8", "12-el7", "12", "10-el8", "10-el7", "10" ] - } - } - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.yaml b/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.yaml deleted file mode 100644 index f9502673c2..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/0.0.2/src/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -database_service_name: postgresql-testing -memory_limit: 512Mi -namespace: postgresql-persistent-testing -volume_capacity: 1Gi -config: - postgresql_database: testdb - postgresql_password: testp - postgresql_user: testu - port: 5432 -image: - tag: "latest" diff --git a/charts/redhat/redhat/postgresql-persistent/OWNERS b/charts/redhat/redhat/postgresql-persistent/OWNERS deleted file mode 100644 index cda0ec265f..0000000000 --- a/charts/redhat/redhat/postgresql-persistent/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: postgresql-persistent - description: This is the Red Hat PostgreSQL persistent storage -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/psql-sed/1.0.0/psql-sed-1.0.0.tgz b/charts/redhat/redhat/psql-sed/1.0.0/psql-sed-1.0.0.tgz deleted file mode 100644 index c4bc4d6ea8..0000000000 Binary files a/charts/redhat/redhat/psql-sed/1.0.0/psql-sed-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/psql-sed/1.0.0/report.yaml b/charts/redhat/redhat/psql-sed/1.0.0/report.yaml deleted file mode 100644 index 4be9f4634f..0000000000 --- a/charts/redhat/redhat/psql-sed/1.0.0/report.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.3.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: /.kube/psql-sed-1.0.0.tgz - digest: sha256:9f6343df9aac5a44a06589169f912a9be9582df0e0ff9cb80865b0927e79c452 - digests: - chart: sha256:9f6343df9aac5a44a06589169f912a9be9582df0e0ff9cb80865b0927e79c452 - package: b775e389fc61719c9f6360c175f24dc0e1fc2465eab121db12725c0a7aebbc01 - lastCertifiedTimestamp: "2022-03-15T00:32:30.409953+00:00" - certifiedOpenShiftVersions: 4.9.0 - chart: - name: psql-sed - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart for PostgreSQL Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: PostgreSQL Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README diff --git a/charts/redhat/redhat/psql-sed/OWNERS b/charts/redhat/redhat/psql-sed/OWNERS deleted file mode 100644 index 7d8a9a03fd..0000000000 --- a/charts/redhat/redhat/psql-sed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: psql-sed - shortDescription: PostgreSQL Service Endpoint Definition -publicPgpKey: null -users: -- githubUsername: dperaza4dustbit -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/quarkus/0.0.3/quarkus-0.0.3.tgz b/charts/redhat/redhat/quarkus/0.0.3/quarkus-0.0.3.tgz deleted file mode 100644 index a5ab0e3759..0000000000 Binary files a/charts/redhat/redhat/quarkus/0.0.3/quarkus-0.0.3.tgz and /dev/null differ diff --git a/charts/redhat/redhat/quarkus/0.0.3/report.yaml b/charts/redhat/redhat/quarkus/0.0.3/report.yaml deleted file mode 100644 index c0c6843904..0000000000 --- a/charts/redhat/redhat/quarkus/0.0.3/report.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.1.0 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/quarkus-0.0.3.tgz - digest: sha256:fc2516e2e7350d9edc2dd491348ded34ee97085269b303f26b68eb2a8ec0ef88 - digests: - chart: sha256:fc2516e2e7350d9edc2dd491348ded34ee97085269b303f26b68eb2a8ec0ef88 - package: 6d8f1b945c037f1f252e532430c21ef723bc11fab369ef26d316fff69c4ffade - lastCertifiedTimestamp: "2021-07-09T21:36:27.096408+00:00" - certifiedOpenShiftVersions: 4.7.5 - chart: - name: quarkus - home: "" - sources: [] - version: 0.0.3 - description: A Helm chart to build and deploy Quarkus applications - keywords: - - runtimes - - quarkus - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: [] - type: "" - chart-overrides: "" -results: - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : testRelease:latest : Respository not - found: testRelease' - - check: v1.0/chart-testing - type: Mandatory - outcome: FAIL - reason: |- - Error running process: executing helm with args "install quarkus-0nn685i6st /root/.cache/chart-verifier/https___redhat_developer_github_io_redhat_helm_charts_charts_quarkus_0_0_3_tgz/quarkus --namespace davptest --wait --values /tmp/chart-testing-077068075/values.yaml": exit status 1 - --- - Error: Unauthorized - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist diff --git a/charts/redhat/redhat/quarkus/OWNERS b/charts/redhat/redhat/quarkus/OWNERS deleted file mode 100644 index 1e1a993230..0000000000 --- a/charts/redhat/redhat/quarkus/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: quarkus - shortDescription: This is the Red Hat Quarkus chart -publicPgpKey: null -users: -- githubUsername: dperaza4dustbit -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redhat-developer-hub/1.2.5/redhat-developer-hub-1.2.5.tgz b/charts/redhat/redhat/redhat-developer-hub/1.2.5/redhat-developer-hub-1.2.5.tgz new file mode 100644 index 0000000000..8babecb021 Binary files /dev/null and b/charts/redhat/redhat/redhat-developer-hub/1.2.5/redhat-developer-hub-1.2.5.tgz differ diff --git a/charts/redhat/redhat/redhat-developer-hub/1.4-69-CI/redhat-developer-hub-1.4-69-CI.tgz b/charts/redhat/redhat/redhat-developer-hub/1.4-69-CI/redhat-developer-hub-1.4-69-CI.tgz new file mode 100644 index 0000000000..28773b0226 Binary files /dev/null and b/charts/redhat/redhat/redhat-developer-hub/1.4-69-CI/redhat-developer-hub-1.4-69-CI.tgz differ diff --git a/charts/redhat/redhat/developer-hub/OWNERS b/charts/redhat/redhat/redhat-developer-hub/OWNERS old mode 100644 new mode 100755 similarity index 59% rename from charts/redhat/redhat/developer-hub/OWNERS rename to charts/redhat/redhat/redhat-developer-hub/OWNERS index bc9c2c65c7..2401ced149 --- a/charts/redhat/redhat/developer-hub/OWNERS +++ b/charts/redhat/redhat/redhat-developer-hub/OWNERS @@ -1,12 +1,12 @@ chart: - name: developer-hub + name: redhat-developer-hub shortDescription: A Helm chart for deploying Red Hat Developer Hub publicPgpKey: null users: - - githubUsername: tumido - - githubUsername: christophe-f - - githubUsername: sabre1041 + - githubUsername: rhdh-bot - githubUsername: nickboldt + - githubUsername: schultzp2020 + - githubUsername: kadel vendor: label: redhat name: Red Hat diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 35d77a23fd..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Build and run NodeJS applications on UBI. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. -annotations: - charts.openshift.io/name: Red Hat PHP applications on UBI (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redhat-nodejs-imagestreams -tags: builder,nodejs -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/templates/nodejs-imagestream.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/templates/nodejs-imagestream.yaml deleted file mode 100644 index a0b8aadfd3..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.1/src/templates/nodejs-imagestream.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: nodejs - annotations: - openshift.io/display-name: Node.js -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Node.js (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Node.js applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major version updates. - iconClass: icon-nodejs - tags: builder,nodejs - supports: nodejs - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: ImageStreamTag - name: 16-ubi8 - referencePolicy: - type: Local - - name: 16-ubi9 - annotations: - openshift.io/display-name: Node.js 16 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi9-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 9 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 16-ubi8 - annotations: - openshift.io/display-name: Node.js 16 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi8-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 8 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 14-ubi7 - annotations: - openshift.io/display-name: Node.js 14 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 14 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/14/README.md. - iconClass: icon-nodejs - tags: builder,nodejs,hidden - version: '14' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/nodejs-14:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/Chart.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/Chart.yaml deleted file mode 100644 index 00bd5d7fb2..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Build and run NodeJS applications on UBI. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. -annotations: - charts.openshift.io/name: Red Hat NodeJS imagestreams (experimental). - charts.openshift.io/provider: Red Hat - charts.openshift.io/providerType: redhat -apiVersion: v2 -appVersion: 0.0.2 -kubeVersion: '>=1.20.0' -name: redhat-nodejs-imagestreams -tags: builder,nodejs -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.2 diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/README.md b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/README.md deleted file mode 100644 index 86fb4044f2..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# NodeJS imagestream helm chart - -A Helm chart for importing NodeJS imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/nodejs-imagestream.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/nodejs-imagestream.yaml deleted file mode 100644 index 60c8b8ee07..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/nodejs-imagestream.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: nodejs - annotations: - openshift.io/display-name: Node.js -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Node.js (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Node.js applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major version updates. - iconClass: icon-nodejs - tags: builder,nodejs - supports: nodejs - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: ImageStreamTag - name: 16-ubi8 - referencePolicy: - type: Local - - name: 18-ubi9 - annotations: - openshift.io/display-name: Node.js 18 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-18:latest - referencePolicy: - type: Local - - name: 18-ubi9-minimal - annotations: - openshift.io/display-name: Node.js 18 (UBI 9 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 9 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-18-minimal:latest - referencePolicy: - type: Local - - name: 16-ubi9 - annotations: - openshift.io/display-name: Node.js 16 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi9-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 9 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 18-ubi8 - annotations: - openshift.io/display-name: Node.js 18 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-18:latest - referencePolicy: - type: Local - - name: 18-ubi8-minimal - annotations: - openshift.io/display-name: Node.js 18 (UBI 8 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 8 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-18-minimal:latest - referencePolicy: - type: Local - - name: 16-ubi8 - annotations: - openshift.io/display-name: Node.js 16 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi8-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 8 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 14-ubi7 - annotations: - openshift.io/display-name: Node.js 14 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 14 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/14/README.md. - iconClass: icon-nodejs - tags: builder,nodejs,hidden - version: '14' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/nodejs-14:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index a9541eca9b..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "nodejs-imagestream-test" - image: "registry.access.redhat.com/ubi8/nodejs-18" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - node -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.schema.json b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.yaml deleted file mode 100644 index e9f2b1b892..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.2/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: helm-chart-testing diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/Chart.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/Chart.yaml deleted file mode 100644 index 077395da65..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Build and run NodeJS applications on UBI. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. -annotations: - charts.openshift.io/name: Red Hat NodeJS imagestreams (experimental). - charts.openshift.io/provider: Red Hat - charts.openshift.io/providerType: redhat -apiVersion: v2 -appVersion: 0.0.3 -kubeVersion: '>=1.20.0' -name: redhat-nodejs-imagestreams -tags: builder,nodejs -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.3 diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/README.md b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/README.md deleted file mode 100644 index 86fb4044f2..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# NodeJS imagestream helm chart - -A Helm chart for importing NodeJS imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/nodejs-imagestream.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/nodejs-imagestream.yaml deleted file mode 100644 index 60c8b8ee07..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/nodejs-imagestream.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: nodejs - annotations: - openshift.io/display-name: Node.js -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Node.js (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Node.js applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major version updates. - iconClass: icon-nodejs - tags: builder,nodejs - supports: nodejs - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: ImageStreamTag - name: 16-ubi8 - referencePolicy: - type: Local - - name: 18-ubi9 - annotations: - openshift.io/display-name: Node.js 18 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-18:latest - referencePolicy: - type: Local - - name: 18-ubi9-minimal - annotations: - openshift.io/display-name: Node.js 18 (UBI 9 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 9 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-18-minimal:latest - referencePolicy: - type: Local - - name: 16-ubi9 - annotations: - openshift.io/display-name: Node.js 16 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi9-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 9 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 9 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 18-ubi8 - annotations: - openshift.io/display-name: Node.js 18 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/18/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-18:latest - referencePolicy: - type: Local - - name: 18-ubi8-minimal - annotations: - openshift.io/display-name: Node.js 18 (UBI 8 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 18 applications on UBI 8 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/18-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '18' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-18-minimal:latest - referencePolicy: - type: Local - - name: 16-ubi8 - annotations: - openshift.io/display-name: Node.js 16 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/16/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16:latest - referencePolicy: - type: Local - - name: 16-ubi8-minimal - annotations: - openshift.io/display-name: Node.js 16 (UBI 8 Minimal) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 16 applications on UBI 8 Minimal. For more - information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-nodejs-container/blob/master/16-minimal/README.md. - iconClass: icon-nodejs - tags: builder,nodejs - version: '16' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/nodejs-16-minimal:latest - referencePolicy: - type: Local - - name: 14-ubi7 - annotations: - openshift.io/display-name: Node.js 14 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Node.js 14 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/14/README.md. - iconClass: icon-nodejs - tags: builder,nodejs,hidden - version: '14' - sampleRepo: https://github.com/sclorg/nodejs-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/nodejs-14:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index a9541eca9b..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "nodejs-imagestream-test" - image: "registry.access.redhat.com/ubi8/nodejs-18" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - node -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.schema.json b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.yaml b/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/0.0.3/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-nodejs-imagestreams/OWNERS b/charts/redhat/redhat/redhat-nodejs-imagestreams/OWNERS deleted file mode 100644 index 971e8ad089..0000000000 --- a/charts/redhat/redhat/redhat-nodejs-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redhat-nodejs-imagestreams - description: This is the Red Hat NodeJS imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 1f02d4e7b6..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Perl imagestreams for using on OpenShift 4. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-perl-container/blob/master/5.32/README.md. -annotations: - charts.openshift.io/name: Red Hat Perl imagestreams (experimental). - charts.openshift.io/provider: Red Hat - charts.openshift.io/providerType: redhat -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redhat-perl-imagestreams -tags: builder,perl -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/README.md b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/README.md deleted file mode 100644 index ee8157f950..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Perl imagestreams helm chart - -A Helm chart for importing Perl imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/perl-imagestreams.yaml b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/perl-imagestreams.yaml deleted file mode 100644 index c534a083e2..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/perl-imagestreams.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: perl - annotations: - openshift.io/display-name: Perl -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Perl (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Perl applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.32/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major version updates. - iconClass: icon-perl - tags: builder,perl - supports: perl - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: ImageStreamTag - name: 5.32-ubi8 - referencePolicy: - type: Local - - name: 5.32-ubi9 - annotations: - openshift.io/display-name: Perl 5.32 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.32 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.32/README.md. - iconClass: icon-perl - tags: builder,perl - supports: perl:5.32,perl - version: '5.32' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/perl-532:latest - referencePolicy: - type: Local - - name: 5.32-ubi8 - annotations: - openshift.io/display-name: Perl 5.32 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.32 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.32/README.md. - iconClass: icon-perl - tags: builder,perl - supports: perl:5.32,perl - version: '5.32' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/perl-532:latest - referencePolicy: - type: Local - - name: 5.30-ubi8 - annotations: - openshift.io/display-name: Perl 5.30 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.30 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.30-mod_fcgid/README.md. - iconClass: icon-perl - tags: builder,perl - supports: perl:5.30,perl - version: '5.30' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/perl-530:latest - referencePolicy: - type: Local - - name: 5.30-el7 - annotations: - openshift.io/display-name: Perl 5.30 (RHEL 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.30 applications on RHEL 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.30/README.md. - iconClass: icon-perl - tags: builder,perl - supports: perl:5.30,perl - version: '5.30' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/rhscl/perl-530-rhel7:latest - referencePolicy: - type: Local - - name: '5.30' - annotations: - openshift.io/display-name: Perl 5.30 - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.30 applications on RHEL 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.30/README.md. - iconClass: icon-perl - tags: builder,perl,hidden - supports: perl:5.30,perl - version: '5.30' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/rhscl/perl-530-rhel7:latest - referencePolicy: - type: Local - - name: 5.26-ubi8 - annotations: - openshift.io/display-name: Perl 5.26 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Perl 5.26 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.26-mod_fcgid/README.md. - iconClass: icon-perl - tags: builder,perl - supports: perl:5.26,perl - version: '5.26' - sampleRepo: https://github.com/sclorg/dancer-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/perl-526:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index a59a05dbdc..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "perl-imagestream-test" - image: "registry.access.redhat.com/ubi9/perl-532" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - perl -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.schema.json b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.yaml b/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/0.0.1/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-perl-imagestreams/OWNERS b/charts/redhat/redhat/redhat-perl-imagestreams/OWNERS deleted file mode 100644 index 43cd37017d..0000000000 --- a/charts/redhat/redhat/redhat-perl-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redhat-perl-imagestreams - description: This is the Red Hat Perl imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 45b5e7c1b9..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Import PHP imagestreams to OpenShift 4. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-php-container/blob/master/8.1/README.md. -annotations: - charts.openshift.io/name: Red Hat PHP imagestreams on UBI (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redhat-php-imagestreams -tags: builder,php -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/README.md b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/README.md deleted file mode 100644 index 0cea533a04..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# PHP imagestreams helm chart - -A Helm chart for importing PHP imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/php-imagestream.yaml b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/php-imagestream.yaml deleted file mode 100644 index bd9823784c..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/php-imagestream.yaml +++ /dev/null @@ -1,123 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: php - annotations: - openshift.io/display-name: PHP -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: PHP (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run PHP applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/8.0/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major version updates. - iconClass: icon-php - tags: builder,php - supports: php - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: ImageStreamTag - name: 8.0-ubi8 - referencePolicy: - type: Local - - name: 8.1-ubi9 - annotations: - openshift.io/display-name: PHP 8.1 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 8.1 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/8.1/README.md. - iconClass: icon-php - tags: builder,php - supports: php:8.1,php - version: '8.1' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/php-81:latest - referencePolicy: - type: Local - - name: 8.0-ubi9 - annotations: - openshift.io/display-name: PHP 8.0 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 8.0 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/8.0/README.md. - iconClass: icon-php - tags: builder,php - supports: php:8.0,php - version: '8.0' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/php-80:latest - referencePolicy: - type: Local - - name: 8.0-ubi8 - annotations: - openshift.io/display-name: PHP 8.0 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 8.0 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/8.0/README.md. - iconClass: icon-php - tags: builder,php - supports: php:8.0,php - version: '8.0' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/php-80:latest - referencePolicy: - type: Local - - name: 7.4-ubi8 - annotations: - openshift.io/display-name: PHP 7.4 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 7.4 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.4/README.md. - iconClass: icon-php - tags: builder,php - supports: php:7.4,php - version: '7.4' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/php-74:latest - referencePolicy: - type: Local - - name: 7.3-ubi7 - annotations: - openshift.io/display-name: PHP 7.3 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 7.3 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.3/README.md. - iconClass: icon-php - tags: builder,php - supports: php:7.3,php - version: '7.3' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/php-73:latest - referencePolicy: - type: Local - - name: '7.3' - annotations: - openshift.io/display-name: PHP 7.3 - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run PHP 7.3 applications on RHEL 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.3/README.md. - iconClass: icon-php - tags: builder,php,hidden - supports: php:7.3,php - version: '7.3' - sampleRepo: https://github.com/sclorg/cakephp-ex.git - from: - kind: DockerImage - name: registry.redhat.io/rhscl/php-73-rhel7:latest - referencePolicy: - type: Local - diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index 579b5befc3..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "php-imagestream-test" - image: "registry.access.redhat.com/ubi9/php-81" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - php -v - lookupPolicy: - local: true - restartPolicy: Never diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.schema.json b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.yaml b/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/0.0.1/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-php-imagestreams/OWNERS b/charts/redhat/redhat/redhat-php-imagestreams/OWNERS deleted file mode 100644 index 884054b9a8..0000000000 --- a/charts/redhat/redhat/redhat-php-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redhat-php-imagestreams - description: This is the Red Hat PHP imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index 9b52da965b..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Python imagestreams for using on OpenShift 4. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-python-container/blob/master/3.11/README.md. -annotations: - charts.openshift.io/name: Red Hat Python imagestreams (experimental). - charts.openshift.io/provider: Red Hat - charts.openshift.io/providerType: redhat -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redhat-python-imagestreams -tags: builder,python -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/README.md b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/README.md deleted file mode 100644 index 7c30c039eb..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Python imagestreams helm chart - -A Helm chart for importing Python imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/python-imagestream.yaml b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/python-imagestream.yaml deleted file mode 100644 index 3e2c84f6bd..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/python-imagestream.yaml +++ /dev/null @@ -1,170 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: python - annotations: - openshift.io/display-name: Python -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Python (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Python applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.9/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major version updates. - iconClass: icon-python - tags: builder,python - supports: python - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: ImageStreamTag - name: 3.9-ubi8 - referencePolicy: - type: Local - - name: 3.11-ubi9 - annotations: - openshift.io/display-name: Python 3.11 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.11 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.11/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.11,python - version: '3.11' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/python-311:latest - referencePolicy: - type: Local - - name: 3.9-ubi9 - annotations: - openshift.io/display-name: Python 3.9 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.9 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.9/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.9,python - version: '3.9' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/python-39:latest - referencePolicy: - type: Local - - name: 3.11-ubi8 - annotations: - openshift.io/display-name: Python 3.11 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.11 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.11/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.11,python - version: '3.11' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/python-311:latest - referencePolicy: - type: Local - - name: 3.9-ubi8 - annotations: - openshift.io/display-name: Python 3.9 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.9 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.9/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.9,python - version: '3.9' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/python-39:latest - referencePolicy: - type: Local - - name: 3.8-ubi8 - annotations: - openshift.io/display-name: Python 3.8 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.8 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.8/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.8,python - version: '3.8' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/python-38:latest - referencePolicy: - type: Local - - name: 3.8-ubi7 - annotations: - openshift.io/display-name: Python 3.8 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.8 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.8/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.8,python - version: '3.8' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/python-38:latest - referencePolicy: - type: Local - - name: '3.8' - annotations: - openshift.io/display-name: Python 3.8 - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.8 applications on RHEL 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.8/README.md. - iconClass: icon-python - tags: builder,python,hidden - supports: python:3.8,python - version: '3.8' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/rhscl/python-38-rhel7:latest - referencePolicy: - type: Local - - name: 3.6-ubi8 - annotations: - openshift.io/display-name: Python 3.6 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 3.6 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.6/README.md. - iconClass: icon-python - tags: builder,python - supports: python:3.6,python - version: '3.6' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/python-36:latest - referencePolicy: - type: Local - - name: 2.7-ubi8 - annotations: - openshift.io/display-name: Python 2.7 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Python 2.7 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md. - iconClass: icon-python - tags: builder,python - supports: python:2.7,python - version: '2.7' - sampleRepo: https://github.com/sclorg/django-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/python-27:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index 398ee877a9..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "perl-imagestream-test" - image: "registry.access.redhat.com/ubi9/python-311" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - python -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.schema.json b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.yaml b/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/0.0.1/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-python-imagestreams/OWNERS b/charts/redhat/redhat/redhat-python-imagestreams/OWNERS deleted file mode 100644 index 825049bf33..0000000000 --- a/charts/redhat/redhat/redhat-python-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redhat-python-imagestreams - description: This is the Red Hat Python imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index fd1401018c..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Ruby imagestreams on UBI. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. -annotations: - charts.openshift.io/name: Red Hat Ruby imagestreams on UBI (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redhat-ruby-imagestreams -tags: builder,ruby -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/README.md b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/README.md deleted file mode 100644 index 8d080a3416..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Ruby imagestreams helm chart - -A Helm chart for importing Ruby imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/ruby-imagestream.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/ruby-imagestream.yaml deleted file mode 100644 index d7da399e4c..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/ruby-imagestream.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: ruby - annotations: - openshift.io/display-name: Ruby -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Ruby (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Ruby applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/3.0/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major version updates. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: ImageStreamTag - name: 3.0-ubi8 - referencePolicy: - type: Local - - name: 3.1-ubi9 - annotations: - openshift.io/display-name: Ruby 3.1 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.1 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.1/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.1,ruby - version: '3.1' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/ruby-31:latest - referencePolicy: - type: Local - - name: 3.0-ubi9 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/ruby-30:latest - referencePolicy: - type: Local - - name: 3.1-ubi8 - annotations: - openshift.io/display-name: Ruby 3.1 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.1 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.1/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.1,ruby - version: '3.1' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-31:latest - referencePolicy: - type: Local - - name: 3.0-ubi8 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-30:latest - referencePolicy: - type: Local - - name: 3.0-ubi7 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/ruby-30:latest - referencePolicy: - type: Local - - name: 2.5-ubi8 - annotations: - openshift.io/display-name: Ruby 2.5 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 2.5 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.5/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:2.5,ruby - version: '2.5' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-25:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index 8e264c20b9..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "ruby-imagestream-test" - image: "registry.redhat.io/ubi9/ruby-31:latest" - #image: "ruby:31-ubi9" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - ruby -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.schema.json b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.1/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/Chart.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/Chart.yaml deleted file mode 100644 index 5d61c39068..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -description: |- - This content is experimental, do not use it in production. Ruby imagestreams on UBI. - For more information about using this builder image, including OpenShift considerations, - see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. -annotations: - charts.openshift.io/name: Red Hat Ruby imagestreams on UBI (experimental). -apiVersion: v2 -appVersion: 0.0.2 -kubeVersion: '>=1.20.0' -name: redhat-ruby-imagestreams -tags: builder,ruby -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.2 diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/README.md b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/README.md deleted file mode 100644 index 8d080a3416..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Ruby imagestreams helm chart - -A Helm chart for importing Ruby imagestreams on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/ruby-imagestream.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/ruby-imagestream.yaml deleted file mode 100644 index d7da399e4c..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/ruby-imagestream.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -kind: ImageStream -apiVersion: image.openshift.io/v1 -metadata: - name: ruby - annotations: - openshift.io/display-name: Ruby -spec: - tags: - - name: latest - annotations: - openshift.io/display-name: Ruby (Latest) - openshift.io/provider-display-name: Red Hat, Inc. - description: |- - Build and run Ruby applications on UBI. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/3.0/README.md. - - WARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major version updates. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: ImageStreamTag - name: 3.0-ubi8 - referencePolicy: - type: Local - - name: 3.1-ubi9 - annotations: - openshift.io/display-name: Ruby 3.1 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.1 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.1/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.1,ruby - version: '3.1' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/ruby-31:latest - referencePolicy: - type: Local - - name: 3.0-ubi9 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 9) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 9. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi9/ruby-30:latest - referencePolicy: - type: Local - - name: 3.1-ubi8 - annotations: - openshift.io/display-name: Ruby 3.1 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.1 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.1/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.1,ruby - version: '3.1' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-31:latest - referencePolicy: - type: Local - - name: 3.0-ubi8 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-30:latest - referencePolicy: - type: Local - - name: 3.0-ubi7 - annotations: - openshift.io/display-name: Ruby 3.0 (UBI 7) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 3.0 applications on UBI 7. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/3.0/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:3.0,ruby - version: '3.0' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi7/ruby-30:latest - referencePolicy: - type: Local - - name: 2.5-ubi8 - annotations: - openshift.io/display-name: Ruby 2.5 (UBI 8) - openshift.io/provider-display-name: Red Hat, Inc. - description: Build and run Ruby 2.5 applications on UBI 8. For more information - about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.5/README.md. - iconClass: icon-ruby - tags: builder,ruby - supports: ruby:2.5,ruby - version: '2.5' - sampleRepo: https://github.com/sclorg/ruby-ex.git - from: - kind: DockerImage - name: registry.redhat.io/ubi8/ruby-25:latest - referencePolicy: - type: Local diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml deleted file mode 100644 index 6a8e3a718c..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/templates/tests/test-import-imagestream.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "ruby-imagestream-test" - image: "registry.access.redhat.com/ubi9/ruby-31" - imagePullPolicy: IfNotPresent - command: - - '/bin/bash' - - '-ec' - - > - ruby -v - lookupPolicy: - local: true - restartPolicy: Never \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.schema.json b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.schema.json deleted file mode 100644 index 9515e92364..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.schema.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "namespace": { - "type": "string" - } - } -} \ No newline at end of file diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.yaml b/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.yaml deleted file mode 100644 index 3894ddbcae..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/0.0.2/src/values.yaml +++ /dev/null @@ -1 +0,0 @@ -namespace: openshift diff --git a/charts/redhat/redhat/redhat-ruby-imagestreams/OWNERS b/charts/redhat/redhat/redhat-ruby-imagestreams/OWNERS deleted file mode 100644 index ac9f258d01..0000000000 --- a/charts/redhat/redhat/redhat-ruby-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redhat-ruby-imagestreams - description: This is the Red Hat Ruby imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redis-imagestreams/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redis-imagestreams/0.0.1/src/Chart.yaml deleted file mode 100644 index ab39ace4b3..0000000000 --- a/charts/redhat/redhat/redis-imagestreams/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Provides a Redis database on RHEL imagestreams. - For more information about Redis container see https://github.com/sclorg/redis-container/. -annotations: - charts.openshift.io/name: Provides a Redis database on RHEL imagestreams (experimental). -apiVersion: v2 -appVersion: 0.0.1 -kubeVersion: '>=1.20.0' -name: redis-imagestreams -tags: builder,redis -sources: - - https://github.com/sclorg/helm-charts -version: 0.0.1 diff --git a/charts/redhat/redhat/redis-imagestreams/0.0.1/src/templates/imagestreams.yaml b/charts/redhat/redhat/redis-imagestreams/0.0.1/src/templates/imagestreams.yaml deleted file mode 100644 index 0b95f27934..0000000000 --- a/charts/redhat/redhat/redis-imagestreams/0.0.1/src/templates/imagestreams.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - annotations: - openshift.io/display-name: Redis - name: redis -spec: - tags: - - annotations: - description: >- - Provides a Redis database on RHEL. For more information about using - this database image, including OpenShift considerations, see - https://github.com/sclorg/redis-container/tree/master/6/README.md. - - - WARNING: By selecting this tag, your application will automatically - update to use the latest version of Redis available on OpenShift, - including major version updates. - iconClass: icon-redis - openshift.io/display-name: Redis (Latest) - openshift.io/provider-display-name: 'Red Hat, Inc.' - tags: redis - from: - kind: ImageStreamTag - name: 6-el8 - referencePolicy: - type: Local - name: latest - - annotations: - description: >- - Provides a Redis 6 database on RHEL 9. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/redis-container/tree/master/6/README.md. - iconClass: icon-redis - openshift.io/display-name: Redis 6 (RHEL 9) - openshift.io/provider-display-name: 'Red Hat, Inc.' - tags: redis - version: '6' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel9/redis-6:latest' - referencePolicy: - type: Local - name: 6-el9 - - annotations: - description: >- - Provides a Redis 6 database on RHEL 8. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/redis-container/tree/master/6/README.md. - iconClass: icon-redis - openshift.io/display-name: Redis 6 (RHEL 8) - openshift.io/provider-display-name: 'Red Hat, Inc.' - tags: redis - version: '6' - from: - kind: DockerImage - name: 'registry.redhat.io/rhel8/redis-6:latest' - referencePolicy: - type: Local - name: 6-el8 - - annotations: - description: >- - Provides a Redis 6 database on RHEL 7. For more information about - using this database image, including OpenShift considerations, see - https://github.com/sclorg/redis-container/tree/master/6/README.md. - iconClass: icon-redis - openshift.io/display-name: Redis 6 (RHEL 7) - openshift.io/provider-display-name: 'Red Hat, Inc.' - tags: redis - version: '6' - from: - kind: DockerImage - name: 'registry.redhat.io/rhscl/redis-6-rhel7:latest' - referencePolicy: - type: Local - name: 6-el7 diff --git a/charts/redhat/redhat/redis-imagestreams/OWNERS b/charts/redhat/redhat/redis-imagestreams/OWNERS deleted file mode 100644 index faaafdd420..0000000000 --- a/charts/redhat/redhat/redis-imagestreams/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redis-imagestreams - description: This is the Red Hat Redis imagestreams chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/Chart.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/Chart.yaml deleted file mode 100644 index e44c492e32..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -description: |- - This content is expermental, do not use it in production. Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/5. - - NOTE: You must have persistent volumes available in your cluster to use this template. -name: redis-persistent -tags: database,redis -version: 0.0.1 -annotations: - charts.openshift.io/name: Red Hat Redis in-memory data structure store, with persistent storage (experimental). -apiVersion: v2 -appVersion: 0.0.1 -sources: - - https://github.com/sclorg/helm-charts diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/README.md b/charts/redhat/redhat/redis-persistent/0.0.1/src/README.md deleted file mode 100644 index fb1d95c66d..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# Redis helm chart - -A Helm chart for building and deploying a [Redis](https://github/sclorg/redis-container) application on OpenShift. - -For more information about helm charts see the official [Helm Charts Documentation](https://helm.sh/). - -You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -|---------------------------------------------| ----------- | -- | ---------------------- | -| `database_service_name` | The name of the OpenShift Service exposed for the database. | `redis` | - | -| `redis_password` | Password for the Redis connection user. | | Expression like: `[a-zA-Z0-9]{16}` | -| `redis_version` | Version of Redis image to be used (6-el8, or latest). | `6-el8` | | -| `namespace` | The OpenShift Namespace where the ImageStream resides. | `redis-persistent-testing` | | -| `memory_limit` | Maximum amount of memory the container can use. | `521Mi` | | -| `volume_capacity` | Volume space available for data, e.g. 512Mi, 2Gi. | `1Gi` | | diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/deploymentconfig.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/deploymentconfig.yaml deleted file mode 100644 index 9de3c9a92d..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/deploymentconfig.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - annotations: - template.alpha.openshift.io/wait-for-ready: "true" - labels: - template: redis-persistent-template - name: {{ .Values.database_service_name }} -spec: - replicas: 1 - selector: - name: {{ .Values.database_service_name }} - strategy: - type: Recreate - template: - metadata: - labels: - name: {{ .Values.database_service_name }} - spec: - containers: - - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: database-password - name: {{ .Values.database_service_name }} - image: "redis:{{ .Values.redis_version }}" - imagePullPolicy: IfNotPresent - livenessProbe: - initialDelaySeconds: 30 - tcpSocket: - port: 6379 - timeoutSeconds: 1 - name: redis - ports: - - containerPort: 6379 - protocol: TCP - readinessProbe: - exec: - command: - - /bin/sh - - -i - - -c - - test "$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)" == "PONG" - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: - limits: - memory: {{ .Values.memory_limit }} - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - volumeMounts: - - mountPath: /var/lib/redis/data - name: {{ .Values.database_service_name }}-data - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - name: {{ .Values.database_service_name }}-data - persistentVolumeClaim: - claimName: {{ .Values.database_service_name }} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - redis - from: - kind: ImageStreamTag - name: redis:{{ .Values.redis_version }} - lastTriggeredImage: "" - type: ImageChange - - type: ConfigChange -status: {} diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml deleted file mode 100644 index 1d705b240e..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - template: redis-persistent-template - name: {{ .Values.database_service_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.volume_capacity }} diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/secret.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/secret.yaml deleted file mode 100644 index a205fcab61..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - template.openshift.io/expose-password: '{.data[''database-password'']}' - labels: - template: redis-persistent-template - name: {{ .Values.database_service_name }} -stringData: - database-password: {{ .Values.redis_password }} diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/service.yaml deleted file mode 100644 index edad216d1e..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - template.openshift.io/expose-uri: redis://{.spec.clusterIP}:{.spec.ports[?(.name=="redis")].port} - labels: - template: redis-persistent-template - name: {{ .Values.database_service_name }} -spec: - ports: - - name: redis - nodePort: 0 - port: 6379 - protocol: TCP - targetPort: 6379 - selector: - name: {{ .Values.database_service_name }} - sessionAffinity: None - type: ClusterIP -status: - loadBalancer: {} diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/tests/test-redis-connection.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/tests/test-redis-connection.yaml deleted file mode 100644 index e0a6525054..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/templates/tests/test-redis-connection.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-connection-test" - namespace: "{{ .Release.Namespace }}" - annotations: - "helm.sh/hook": test - labels: - name: {{ .Values.database_service_name }} -spec: - #serviceAccount: {{ .Values.serviceAccount }} - containers: - - name: "redis-connection-test" - image: "registry.redhat.io/rhel8/redis-6:latest" - imagePullPolicy: IfNotPresent - env: - - name: REDIS_PASSWORD - value: "{{ .Values.redis_password }}" - command: - - /bin/bash - - -ec - - "timeout 15 redis-cli -h {{ .Values.database_service_name }} -a $REDIS_PASSWORD ping" - restartPolicy: Never diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/values.schema.json b/charts/redhat/redhat/redis-persistent/0.0.1/src/values.schema.json deleted file mode 100644 index 8f54d85ade..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/values.schema.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "database_service_name": { - "type": "string", - "pattern": "^[a-z0-9-_]+$" - }, - "namespace": { - "type": "string" - }, - "redis_password": { - "type": "string" - }, - "volume_capacity": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - }, - "memory_limit": { - "type": "string", - "title": "Database memory limit", - "form": true, - "render": "slider", - "sliderMin": 512, - "sliderMax": 65536, - "sliderUnit": "Mi" - }, - "redis_version": { - "type": "string", - "description": "Specify redis imagestream tag", - "enum": [ "latest", "6-el9", "6-el8", "6-el7" ] - } - } -} - diff --git a/charts/redhat/redhat/redis-persistent/0.0.1/src/values.yaml b/charts/redhat/redhat/redis-persistent/0.0.1/src/values.yaml deleted file mode 100644 index 93e3be81f0..0000000000 --- a/charts/redhat/redhat/redis-persistent/0.0.1/src/values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -database_service_name: redis -memory_limit: 512Mi -namespace: redis-persistent-testing -redis_password: testp # TODO: must define a default value for .redis_password' -redis_version: 6-el8 -volume_capacity: 1Gi diff --git a/charts/redhat/redhat/redis-persistent/OWNERS b/charts/redhat/redhat/redis-persistent/OWNERS deleted file mode 100644 index dc2767728e..0000000000 --- a/charts/redhat/redhat/redis-persistent/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redis-persistent - description: This is the Red Hat Redis persistent storage chart -publicPgpKey: null -users: - - githubUsername: phracek -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/redis-sed/1.0.0/redis-sed-1.0.0.tgz b/charts/redhat/redhat/redis-sed/1.0.0/redis-sed-1.0.0.tgz deleted file mode 100644 index 3662bc0147..0000000000 Binary files a/charts/redhat/redhat/redis-sed/1.0.0/redis-sed-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/redis-sed/1.0.0/report.yaml b/charts/redhat/redhat/redis-sed/1.0.0/report.yaml deleted file mode 100644 index 9f42e2a6ab..0000000000 --- a/charts/redhat/redhat/redis-sed/1.0.0/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /.kube/redis-sed-1.0.0.tgz - digests: - chart: sha256:ad07f47aa7fc3b2f0917ae0ded7d97dfc4e2107837504b743c9e83ff41130055 - package: e9484e32e141a9051e21dd8bff46958cb44ef371d8af193305a141a979e2b308 - lastCertifiedTimestamp: "2022-04-05T11:05:21.005229+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.7' - chart: - name: redis-sed - home: "" - sources: [] - version: 1.0.0 - description: A Helm chart for Redis Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.0 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Redis Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/armory/redis:1.0.0-ubi' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist \ No newline at end of file diff --git a/charts/redhat/redhat/redis-sed/1.0.1/redis-sed-1.0.1.tgz b/charts/redhat/redhat/redis-sed/1.0.1/redis-sed-1.0.1.tgz deleted file mode 100644 index 0ac7ab77c2..0000000000 Binary files a/charts/redhat/redhat/redis-sed/1.0.1/redis-sed-1.0.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/redis-sed/1.0.1/report.yaml b/charts/redhat/redhat/redis-sed/1.0.1/report.yaml deleted file mode 100644 index 0130d1a4ea..0000000000 --- a/charts/redhat/redhat/redis-sed/1.0.1/report.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.5.0 - profile: - VendorType: partner - version: v1.1 - chart-uri: /.kube/redis-sed-1.0.1.tgz - digests: - chart: sha256:639de96ec12341cab72ca4aa1f539dcf475e3a5c82c0871e3798418004fd36c8 - package: 3115a6b272e34d7afe44bf2d25dc8eef34b10df9042fa858f597be3306ab1a25 - lastCertifiedTimestamp: "2022-05-05T07:17:43.075639+00:00" - testedOpenShiftVersion: "4.9" - supportedOpenShiftVersions: '>=4.7' - chart: - name: redis-sed - home: "" - sources: [] - version: 1.0.1 - description: A Helm chart for Redis Service Endpoint Definition (SED) - keywords: [] - maintainers: [] - icon: "" - apiversion: v2 - condition: "" - tags: "" - appversion: 1.0.1 - deprecated: false - annotations: - charts.openshift.io/archs: x86_64 - charts.openshift.io/name: Redis Service Endpoint Definition (SED) - charts.openshift.io/provider: RedHat - charts.openshift.io/supportURL: https://github.com/redhat-developer/service-endpoint-definition - kubeversion: '>=1.20.0' - dependencies: [] - type: application - chart-overrides: "" -results: - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.1/has-kubeversion - type: Mandatory - outcome: PASS - reason: Kubernetes version specified - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/images-are-certified - type: Mandatory - outcome: PASS - reason: 'Image is Red Hat certified : registry.connect.redhat.com/armory/redis:1.0.0-ubi' - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/required-annotations-present - type: Mandatory - outcome: PASS - reason: All required annotations present - - check: v1.0/has-readme - type: Mandatory - outcome: PASS - reason: Chart has a README - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-test - type: Mandatory - outcome: PASS - reason: Chart test files exist - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist diff --git a/charts/redhat/redhat/redis-sed/OWNERS b/charts/redhat/redhat/redis-sed/OWNERS deleted file mode 100644 index ff04c1bfa7..0000000000 --- a/charts/redhat/redhat/redis-sed/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: redis-sed - shortDescription: Redis Service Endpoint Definition -publicPgpKey: null -users: -- githubUsername: fbm3307 -vendor: - label: redhat - name: Red Hat \ No newline at end of file diff --git a/charts/redhat/redhat/semeru-transition/1.0.0/semeru-transition-1.0.0.tgz b/charts/redhat/redhat/semeru-transition/1.0.0/semeru-transition-1.0.0.tgz deleted file mode 100644 index 9ffd4d12e6..0000000000 Binary files a/charts/redhat/redhat/semeru-transition/1.0.0/semeru-transition-1.0.0.tgz and /dev/null differ diff --git a/charts/redhat/redhat/semeru-transition/OWNERS b/charts/redhat/redhat/semeru-transition/OWNERS deleted file mode 100644 index 6b68cb7694..0000000000 --- a/charts/redhat/redhat/semeru-transition/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: semeru-transition - shortDescription: This is the helm chart to replace the Java JDK, from OpenJdk 11 to IBM Semeru 11, that is used in a Red Hat product image, such as EAP, .etc. -users: -- githubUsername: levivic -- githubUsername: redmark-redhat -- githubUsername: dale-fu -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/spring-boot-rest-http/0.0.1/report.yaml b/charts/redhat/redhat/spring-boot-rest-http/0.0.1/report.yaml deleted file mode 100644 index fab54531cc..0000000000 --- a/charts/redhat/redhat/spring-boot-rest-http/0.0.1/report.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiversion: v1 -kind: verify-report -metadata: - tool: - verifier-version: 1.4.1 - profile: - VendorType: partner - version: v1.0 - chart-uri: https://redhat-developer.github.io/redhat-helm-charts/charts/spring-boot-rest-http-0.0.1.tgz - digest: sha256:60118356338a1d932de598436cf5b482bfe59fe3344fa90db55db359f9ec0a86 - digests: - chart: sha256:5d312abe9fb8e5a3255036e0b9f4f53f480fc2c12ed0c0f36f03c72ab9af9038 - package: 60118356338a1d932de598436cf5b482bfe59fe3344fa90db55db359f9ec0a86 - lastCertifiedTimestamp: "2021-07-09T21:36:27.096408+00:00" - certifiedOpenShiftVersions: 4.7.5 - chart: - name: spring-boot-rest-http - home: "" - sources: [] - version: 0.0.1 - description: A Helm chart to build and deploy Spring Boot application with REST endpoints - keywords: - - runtimes - - spring-boot - maintainers: [] - icon: "https://avatars.githubusercontent.com/u/558276?s=400&u=19efc68c74844b2e092698a8a7a752921edcdc19&v=4" - apiversion: v2 - condition: "" - tags: "" - appversion: "" - deprecated: false - annotations: {} - kubeversion: "" - dependencies: - - name: spring-boot-example-app - version: 0.0.3 - repository: http://snowdrop.github.io/helm - type: "" - chart-overrides: "" -results: - - check: v1.0/has-readme - type: Mandatory - outcome: FAIL - reason: Chart does not have a README - - check: v1.0/contains-test - type: Mandatory - outcome: FAIL - reason: Chart test files do not exist - - check: v1.0/contains-values - type: Mandatory - outcome: PASS - reason: Values file exist - - check: v1.0/has-kubeversion - type: Mandatory - outcome: FAIL - reason: Kubernetes version is not specified - - check: v1.0/not-contains-crds - type: Mandatory - outcome: PASS - reason: Chart does not contain CRDs - - check: v1.0/helm-lint - type: Mandatory - outcome: PASS - reason: Helm lint successful - - check: v1.0/not-contain-csi-objects - type: Mandatory - outcome: PASS - reason: CSI objects do not exist - - check: v1.0/chart-testing - type: Mandatory - outcome: PASS - reason: Chart tests have passed - - check: v1.0/is-helm-v3 - type: Mandatory - outcome: PASS - reason: API version is V2, used in Helm 3 - - check: v1.0/contains-values-schema - type: Mandatory - outcome: PASS - reason: Values schema file exist - - check: v1.0/images-are-certified - type: Mandatory - outcome: FAIL - reason: 'Image is not Red Hat certified : : Bad response code from Pyxis: 400 - : https://catalog.redhat.com/api/containers/v1/repositories?filter=repository%3D%3D+' diff --git a/charts/redhat/redhat/spring-boot-rest-http/0.0.1/spring-boot-rest-http-0.0.1.tgz b/charts/redhat/redhat/spring-boot-rest-http/0.0.1/spring-boot-rest-http-0.0.1.tgz deleted file mode 100644 index 8c67a0f823..0000000000 Binary files a/charts/redhat/redhat/spring-boot-rest-http/0.0.1/spring-boot-rest-http-0.0.1.tgz and /dev/null differ diff --git a/charts/redhat/redhat/spring-boot-rest-http/OWNERS b/charts/redhat/redhat/spring-boot-rest-http/OWNERS deleted file mode 100644 index 6bd75112c8..0000000000 --- a/charts/redhat/redhat/spring-boot-rest-http/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -chart: - name: spring-boot-rest-http - shortDescription: A Helm chart to build and deploy Spring Boot application with REST endpoints -publicPgpKey: null -users: -- githubUsername: Sgitario -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/trusted-artifact-signer/OWNERS b/charts/redhat/redhat/trusted-artifact-signer/OWNERS deleted file mode 100644 index 94ee68676e..0000000000 --- a/charts/redhat/redhat/trusted-artifact-signer/OWNERS +++ /dev/null @@ -1,13 +0,0 @@ -chart: - name: trusted-artifact-signer - shortDescription: A Helm chart for deploying Red Hat Trusted Artifact Signer -publicPgpKey: null -users: - - githubUsername: JasonPowr - - githubUsername: lance - - githubUsername: sabre1041 - - githubUsername: sallyom - - githubUsername: tommyd450 -vendor: - label: redhat - name: Red Hat diff --git a/charts/redhat/redhat/vertx/0.0.1/src/Chart.yaml b/charts/redhat/redhat/vertx/0.0.1/src/Chart.yaml deleted file mode 100644 index b46bdb8b00..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: vertx -version: 0.0.1 -description: A Helm chart to build and deploy Vert.x applications -keywords: - - runtimes - - vertx \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/README.md b/charts/redhat/redhat/vertx/0.0.1/src/README.md deleted file mode 100644 index 2716d836dc..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Vert.x Helm Chart -A Helm chart for building and deploying a [Vert.x](https://vertx.io/) application on OpenShift. - -## Prerequisites -Below are prerequisites that may apply to your use case. - -### Pull Secret -You will need to create a pull secret if you pull an S2I builder or Docker base image from an external registry. Use the following command as a reference to create your pull secret: -```bash -oc create secret docker-registry my-pull-secret --docker-server=$SERVER_URL --docker-username=$USERNAME --docker-password=$PASSWORD --docker-email=$EMAIL -``` - -You can use this secret by passing `--set build.pullSecret=my-pull-secret` to `helm install`, or you can configure this in a values file: -```yaml -build: - pullSecret: my-pull-secret -``` -and apply by passing `--values $VALUES_FILE`. - -### Push Secret -You will need to create a push secret if you want to push your image to an external registry. Use the following command as a reference to create your push secret: -```bash -oc create secret docker-registry my-push-secret --docker-server=$SERVER_URL --docker-username=$USERNAME --docker-password=$PASSWORD --docker-email=$EMAIL -``` - -You can use this secret by passing `--set build.output.pushSecret=my-push-secret` and `--set build.output.kind=DockerImage` to `helm install`, or you can configure these in a values file: -```yaml -build: - output: - kind: DockerImage - pushSecret: my-push-secret -``` - -## Values -Below is a table of each value used to configure this chart. - -| Value | Description | Default | Additional Information | -| ----- | ----------- | ------- | ---------------------- | -| `image.name` | Name of the image you want to build/deploy | Defaults to the Helm release name. | The chart will create/reference an [ImageStream](https://docs.openshift.com/container-platform/4.6/openshift_images/image-streams-manage.html) based on this value. | -| `image.tag` | Tag that you want to build/deploy | `latest` | The chart will create/reference an [ImageStreamTag](https://docs.openshift.com/container-platform/4.6/openshift_images/image-streams-manage.html#images-using-imagestream-tags_image-streams-managing) based on the name provided | -| `build.enabled` | Determines if build-related resources should be created. | `true` | Set this to `false` if you want to deploy a previously built image. Leave this set to `true` if you want to build and deploy a new image. | -| `build.uri` | Git URI that references your git repo | https://github.com/redhat-developer-helm-quickstarts/vertx-getting-started | This value defaults to a sample application. Be sure to override this if you want to build and deploy your own application. | -| `build.ref` | Git ref containing the application you want to build | main | - | -| `build.contextDir` | The sub-directory where the application source code exists | - | - | -| `build.jvm.imageStreamTag.name` | The ImageStreamTag name of the desired builder image | `java:11` | - | -| `build.jvm.imageStreamTag.useReleaseNamespace` | Determines if the builder ImageStreamTag referenced by `build.jvm.imageStreamTag.name` is in the same namespace you are installing this Helm chart to | `false` | - | -| `build.jvm.imageStreamTag.namespace` | The namespace containing the builder ImageStreamTag | `openshift` | Only has an effect if `build.jvm.imageStreamTag.useReleaseNamespace` is `false` | -| `build.output.kind` | Determines if the image will be pushed to an ImageStreamTag or a DockerImage (external registry) | ImageStreamTag | More information: More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html | -| `build.output.pushSecret` | Push secret name | - | Used only if build.output.kind == 'DockerImage' | -| `build.pullSecret` | Image pull secret | - | More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html | -| `build.env` | Freeform `env` stanza | - | More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | -| `build.resources` | Freeform `resources` stanza | - | More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| `deploy.replicas` | Number of pod replicas to deploy | `1` | - | -| `deploy.resources` | Freeform `resources` stanza | - | More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| `deploy.serviceType` | Type of service to create | `ClusterIP` | More information: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | -| `deploy.ports` | Freeform service `ports` stanza. | See [values.yaml](./values.yaml) | More information: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service | -| `deploy.route.enabled` | Determines if a Route should be created | `true` | Allows clients outside of OpenShift to access your application | -| `deploy.route.targetPort` | The port that the Route should target traffic to | `http` | - | -| `deploy.route.tls.enabled` | Determines if the Route should be TLS-encrypted | `true` | More information: https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html | -| `deploy.route.tls.termination` | Determines the type of TLS termination to use | `edge` | Options: `edge`, `reencrypt`, `passthrough` | -| `deploy.route.tls.insecureEdgeTerminationPolicy` | Determines if insecure traffic should be redirected | `Redirect` | Options: "Allow", "Disable", "Redirect" | -| `deploy.route.tls.key` | Provides key file contents | - | This is a secret. Do not check this value into git. | -| `deploy.route.tls.caCertificate` | Provides the cert authority certificate contents | - | - | -| `deploy.route.tls.certificate` | Provides certificate contents | - | - | -| `deploy.route.tls.destinationCACertificate` | Provides the destination CA Certificate for reencrypt routes | - | - | -| `deploy.livenessProbe` | Freeform `livenessProbe` stanza. | See [values.yaml](./values.yaml) | More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health | -| `deploy.readinessProbe` | Freeform `readinessProbe` stanza. | See [values.yaml](./values.yaml) | More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health | -| `deploy.env` | Freeform `env` stanza | - | More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | -| `deploy.envFrom` | Freeform `envFrom` stanza | - | More information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables | -| `deploy.applicationProperties.enabled` | Determines if application properties should be externalized in a ConfigMap | `false` | - | -| `deploy.applicationProperties.mountPath` | Location to mount the application.properties file | `/deployments/config/` | - | -| `deploy.applicationProperties.properties` | The application.properties file contents | - | - | -| `deploy.volumeMounts` | Freeform volume mounts | - | More information: https://kubernetes.io/docs/concepts/storage/volumes/ | -| `deploy.volumes` | Freeform volumes | - | More information: https://kubernetes.io/docs/concepts/storage/volumes/ | -| `deploy.initContainers` | Freeform init containers | - | More information: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | -| `deploy.extraContainers` | Freeform containers | - | More information: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates | -| `global.nameOverride` | Overrides the release name | - | Resources are named after the release name. Set this value if you want to override the release name. | diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/NOTES.txt b/charts/redhat/redhat/vertx/0.0.1/src/templates/NOTES.txt deleted file mode 100644 index 769843cea9..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Release.IsInstall }} -Your Vert.x app is building! To view the build logs, run: - -oc logs bc/{{ include "vertx.name" . }} --follow - -Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out. -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/_helpers.tpl b/charts/redhat/redhat/vertx/0.0.1/src/templates/_helpers.tpl deleted file mode 100644 index 62922b357a..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/_helpers.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{- define "vertx.name" -}} -{{ default .Release.Name .Values.global.nameOverride }} -{{- end -}} - -{{- define "vertx.labels" -}} -helm.sh/chart: {{ .Chart.Name }} -{{ include "vertx.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.openshift.io/runtime: vertx -{{- end }} - -{{- define "vertx.selectorLabels" -}} -app.kubernetes.io/name: {{ include "vertx.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{- define "vertx.imageName" -}} -{{ default (include "vertx.name" .) .Values.image.name }}:{{ .Values.image.tag }} -{{- end -}} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/buildconfig.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/buildconfig.yaml deleted file mode 100644 index 0a6671a8c2..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/buildconfig.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.build.enabled }} -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -spec: - output: - to: - kind: {{ .Values.build.output.kind }} - name: {{ include "vertx.imageName" . }} -{{- if and (eq .Values.build.output.kind "DockerImage") .Values.build.output.pushSecret }} - pushSecret: - name: {{ .Values.build.output.pushSecret }} -{{- end }} - source: - type: Git - git: - uri: {{ .Values.build.uri }} - ref: {{ .Values.build.ref }} -{{- if .Values.build.contextDir }} - contextDir: {{ .Values.build.contextDir }} -{{- end }} - strategy: - type: Source - sourceStrategy: - from: - kind: ImageStreamTag - name: {{ .Values.build.jvm.imageStreamTag.name }} - {{- if .Values.build.jvm.imageStreamTag.useReleaseNamespace }} - namespace: {{ .Release.Namespace }} - {{- else }} - namespace: {{ .Values.build.jvm.imageStreamTag.namespace }} - {{- end }} - {{- if .Values.build.pullSecret }} - pullSecret: - name: {{ .Values.build.pullSecret }} - {{- end }} - {{- if .Values.build.env }} - env: - {{- tpl (toYaml .Values.build.env) . | nindent 8 }} - {{- end }} -{{- if .Values.build.resources }} - resources: - {{- toYaml .Values.build.resources | nindent 4 }} -{{- end }} - triggers: - - type: ConfigChange -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/configmap.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/configmap.yaml deleted file mode 100644 index ec9b356248..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.deploy.applicationProperties.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -data: - application.properties: |- - {{- tpl .Values.deploy.applicationProperties.properties . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/deployment.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/deployment.yaml deleted file mode 100644 index 1a8d17168f..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/deployment.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -{{- if and .Values.build.enabled (eq .Values.build.output.kind "ImageStreamTag") }} - annotations: - image.openshift.io/triggers: |- - [ - { - "from":{ - "kind":"ImageStreamTag", - "name":"{{ include "vertx.imageName" . }}" - }, - "fieldPath":"spec.template.spec.containers[0].image" - } - ] -{{- end }} -spec: - replicas: {{ .Values.deploy.replicas }} - selector: - matchLabels: - {{- include "vertx.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "vertx.labels" . | nindent 8 }} - spec: -{{- if .Values.deploy.initContainers }} - initContainers: - {{- tpl (toYaml .Values.deploy.initContainers) . | nindent 8 }} -{{- end }} - containers: - - name: web - image: {{ include "vertx.imageName" . }} - ports: -{{- range .Values.deploy.ports }} - - name: {{ .name }} - containerPort: {{ .targetPort }} - protocol: {{ .protocol }} -{{- end }} -{{- if .Values.deploy.resources }} - resources: - {{- toYaml .Values.deploy.resources | nindent 12 }} -{{- end }} -{{- if .Values.deploy.livenessProbe }} - livenessProbe: - {{- tpl (toYaml .Values.deploy.livenessProbe) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.readinessProbe }} - readinessProbe: - {{- tpl (toYaml .Values.deploy.readinessProbe) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.env }} - env: - {{- tpl (toYaml .Values.deploy.env) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.envFrom }} - envFrom: - {{- tpl (toYaml .Values.deploy.envFrom) . | nindent 12 }} -{{- end }} - volumeMounts: -{{- if .Values.deploy.applicationProperties.enabled }} - - name: application-properties - mountPath: {{ .Values.deploy.applicationProperties.mountPath }} -{{- end }} -{{- if .Values.deploy.volumeMounts }} - {{- tpl (toYaml .Values.deploy.volumeMounts) . | nindent 12 }} -{{- end }} -{{- if .Values.deploy.extraContainers }} - {{- tpl (toYaml .Values.deploy.extraContainers) . | nindent 8 }} -{{- end }} - volumes: -{{- if .Values.deploy.applicationProperties.enabled }} - - name: application-properties - configMap: - name: {{ include "vertx.name" . }} -{{- end }} -{{- if .Values.deploy.volumes }} - {{- tpl (toYaml .Values.deploy.volumes) . | nindent 8 }} -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/imagestream.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/imagestream.yaml deleted file mode 100644 index d023719f7f..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/imagestream.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.build.enabled (eq .Values.build.output.kind "ImageStreamTag") }} -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -spec: - lookupPolicy: - local: true -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/route.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/route.yaml deleted file mode 100644 index 1c300ae939..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/route.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.deploy.route.enabled }} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -spec: - to: - kind: Service - name: {{ include "vertx.name" . }} - port: - targetPort: {{ tpl .Values.deploy.route.targetPort . }} -{{- if .Values.deploy.route.tls.enabled }} - tls: - termination: {{ .Values.deploy.route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .Values.deploy.route.tls.insecureEdgeTerminationPolicy }} - {{- if .Values.deploy.route.tls.key }} - key: |- - {{- .Values.deploy.route.tls.key | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .Values.deploy.route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.caCertificate }} - caCertificate: |- - {{- .Values.deploy.route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .Values.deploy.route.tls.certificate }} - certificate: |- - {{- .Values.deploy.route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/templates/service.yaml b/charts/redhat/redhat/vertx/0.0.1/src/templates/service.yaml deleted file mode 100644 index eb5d104702..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "vertx.name" . }} - labels: - {{- include "vertx.labels" . | nindent 4 }} -spec: - type: {{ .Values.deploy.serviceType }} - selector: - {{- include "vertx.selectorLabels" . | nindent 4 }} - ports: - {{- tpl (toYaml .Values.deploy.ports) . | nindent 4 }} \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/values.schema.json b/charts/redhat/redhat/vertx/0.0.1/src/values.schema.json deleted file mode 100644 index 027b222ad1..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/values.schema.json +++ /dev/null @@ -1,222 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "properties": { - "image": { - "type": "object", - "description": "Defines the image you want to build/deploy", - "properties": { - "name": { - "type": ["string", "null"], - "description": "Name of the image you want to build/deploy. Defaults to the release name." - }, - "tag": { - "type": "string", - "description": "Tag that you want to build/deploy" - } - } - }, - "build": { - "type": "object", - "description": "Values related to the build", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable/disable the OCP Build" - }, - "uri": { - "type": "string", - "description": "URI of GitHub repository" - }, - "ref": { - "type": "string", - "description": "Git ref" - }, - "contextDir": { - "type": ["string", "null"], - "description": "Context directory within your Git repo to use as the root for the build" - }, - "jvm": { - "type": "object", - "description": "Values related to a jvm mode build", - "properties": { - "imageStreamTag": { - "type": "object", - "description": "Values related to the s2i builder's ImageStreamTag", - "properties": { - "name": { - "type": "string", - "description": "Name of the ImageStreamTag" - }, - "useReleaseNamespace": { - "type": "boolean", - "description": "Determines if the ImageStreamTag is in the namespace you are releasing to" - }, - "namespace": { - "type": "string", - "description": "The namespace that contains the ImageStreamTag" - } - } - } - } - }, - "output": { - "type": "object", - "description": "Specifies where the image will be pushed to once built. More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html", - "properties": { - "kind": { - "type": "string", - "description": "Determines how the image will be pushed", - "enum": ["ImageStreamTag", "DockerImage"] - }, - "pushSecret": { - "type": ["string", "null"], - "description": "Push secret name, used only if kind == 'DockerImage'" - } - } - }, - "pullSecret": { - "type": ["string", "null"], - "description": "The image pull secret. More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html" - }, - "env": { - "type": ["array", "null"], - "description": "Freeform env field. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/" - }, - "resources": { - "type": ["object", "null"], - "description": "Freeform resources field. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - } - } - }, - "deploy": { - "type": "object", - "description": "Values related to the deployment of your application", - "properties": { - "replicas": { - "type": "integer", - "description": "Number of pod replicas to deploy" - }, - "resources": { - "type": ["object", "null"], - "description": "Freeform resources field. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - }, - "serviceType": { - "type": "string", - "description": "The type of service to create. More information: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" - }, - "ports": { - "type": "array", - "description": "Freeform service ports field. More information: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" - }, - "route": { - "type": "object", - "description": "Values for creating an OCP route", - "properties": { - "enabled": { - "type": "boolean", - "description": "Determines if the route should be created" - }, - "targetPort": { - "type": "string", - "description": "The port on pods this route points to" - }, - "tls": { - "type": "object", - "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html", - "properties": { - "enabled": { - "type": "boolean", - "description": "Determines if TLS should be enabled" - }, - "termination": { - "type": "string", - "description": "Indicates the termination type" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Indicates the desired behavior for insecure connections" - }, - "key": { - "type": ["string", "null"], - "description": "Key file contents" - }, - "caCertificate": { - "type": ["string", "null"], - "description": "Certificate authority certificate contents" - }, - "certificate": { - "type": ["string", "null"], - "description": "Certificate contents" - }, - "destinationCACertificate": { - "type": ["string", "null"], - "description": "Contents of the CA certificate of the final destination" - } - } - } - } - }, - "livenessProbe": { - "type": ["object", "null"], - "description": "Freeform livenessProbe field. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health" - }, - "readinessProbe": { - "type": ["object", "null"], - "description": "Freeform readinessProbe field. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health" - }, - "env": { - "type": ["array", "null"], - "description": "Freeform env field. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/" - }, - "envFrom": { - "type": ["array", "null"], - "description": "Freeform envFrom field. More information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables" - }, - "applicationProperties": { - "type": "object", - "description": "Values for externalizing an application.properties file", - "properties": { - "enabled": { - "type": "boolean", - "description": "Determines if the application.properties file should be externalized in a ConfigMap" - }, - "mountPath": { - "type": "string", - "description": "The location to mount the properties file to" - }, - "properties": { - "type": ["string", "null"], - "description": "application.properties file contents" - } - } - }, - "volumeMounts": { - "type": ["array", "null"], - "description": "Freeform volumeMounts field. More information: https://kubernetes.io/docs/concepts/storage/volumes/" - }, - "volumes": { - "type": ["array", "null"], - "description": "Freeform volumes field. More information: https://kubernetes.io/docs/concepts/storage/volumes/" - }, - "initContainers": { - "type": ["array", "null"], - "description": "Freeform initContainers field. More information: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" - }, - "extraContainers": { - "type": ["array", "null"], - "description": "Adds extra containers to your pod, provided as a list of pod templates. More information: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates" - } - } - }, - "global": { - "type": "object", - "description": "Values that should be global across parent and dependent Helm charts", - "properties": { - "nameOverride": { - "type": ["string", "null"], - "description": "Overrides the release name. Impacts the image name (if image.name is left blank) and impacts the name of created OCP resources" - } - } - } - } - } \ No newline at end of file diff --git a/charts/redhat/redhat/vertx/0.0.1/src/values.yaml b/charts/redhat/redhat/vertx/0.0.1/src/values.yaml deleted file mode 100644 index 158b8b3957..0000000000 --- a/charts/redhat/redhat/vertx/0.0.1/src/values.yaml +++ /dev/null @@ -1,157 +0,0 @@ -image: - ## Name of the image you want to build/deploy - ## Defaults to the release name - name: - ## Tag that you want to build/deploy - tag: latest - -## Build-specific values (for configuring BuildConfig and ImageStream) -build: - ## Should build-related resources such as BuildConfig and ImageStream be created? - ## Set this to false if you just want to deploy a previously built image. - enabled: true - - ## Git URI, Ref, and ContextDir - uri: https://github.com/openshift-vertx-examples/vertx-http-example-redhat - ref: main - contextDir: - - ## Used if mode == 'jvm' - ## Creates an S2I build to produce a Vert.x Jar that runs in the JVM - jvm: - ## The ImageStreamTag of the desired builder image - imageStreamTag: - ## Name of the ImageStreamTag - name: java:11 - ## Is this ImageStreamTag in the same namespace you are releasing to? - useReleaseNamespace: false - ## Namespace containing the ImageStreamTag, is useReleaseNamespace == false - namespace: openshift - - ## Specifies where the image will be pushed to once built - ## More information: https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html - output: - ## Choices: ImageStreamTag, DockerImage - ## ImageStreamTag publishes to the internal registry - ## DockerImage publishes to an external registry (referred to by image.name and image.tag) - kind: ImageStreamTag - ## Push secret name, used only if kind == "DockerImage" - pushSecret: - - ## Image pull secret. More information: https://docs.openshift.com/container-platform/4.6/openshift_images/managing_images/using-image-pull-secrets.html - pullSecret: - - ## Freeform env for the OCP build. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ - env: - # - name: VAR_NAME - # value: var-value - - ## Freeform resources for the OCP build. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - # limits: - # cpu: "4" - # memory: 6Gi - # requests: - # cpu: "2" - # memory: 4Gi - -## Application/Deployment-specific values (For configuring Deployment, Service, Route, ConfigMap, etc) -deploy: - ## Number of pod replicas to deploy - replicas: 1 - - ## Freeform resources for Vert.x. More information: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - # limits: - # cpu: 100m - # memory: 256Mi - # requests: - # cpu: 50m - # memory: 128Mi - - ## Type of service to create. More information: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - serviceType: ClusterIP - - ## Freeform service ports. More information: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - ports: - - name: http - port: 8080 - targetPort: 8080 - protocol: TCP - - ## For creating a Route, allowing your application to be accessed from outside the OCP cluster - route: - enabled: true - targetPort: http - ## More information: https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html - tls: - enabled: true - termination: edge - insecureEdgeTerminationPolicy: Redirect - ## IMPORTANT: Do not check 'key' into git! - key: - caCertificate: - certificate: - destinationCACertificate: - - ## Freeform Liveness Probe. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health - livenessProbe: - tcpSocket: - port: http - ## If you don't want a livenessProbe, override like this in your values file - # livenessProbe: '' - - ## Freeform Readiness Probe. More information: https://docs.openshift.com/container-platform/4.6/applications/application-health.html#application-health-about_application-health - readinessProbe: - httpGet: - path: / - port: http - ## If you don't want a readinessProbe, override like this in your values file - # readinessProve: '' - - ## Freeform env for the Vert.x app. More information: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ - env: - # - name: VAR_NAME - # value: var-value - - ## Freeform envFrom for the Vert.x app. More information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables - envFrom: - # - configMapRef: - # name: special-config - - ## Application properties file for configuring the Vert.x app - applicationProperties: - ## Determines if application properties should be created in a configmap and mounted to the Vert.x container - enabled: false - ## Location to mount the properties file - mountPath: /deployments/config/ - ## Application properties file contents - properties: |- - ## Properties go here - - ## Freeform volume mounts. More information: https://kubernetes.io/docs/concepts/storage/volumes/ - volumeMounts: - # - name: my-config - # mountPath: /etc/config - - ## Freeform volumes. More information: https://kubernetes.io/docs/concepts/storage/volumes/ - volumes: - # - name: my-config - # configMap: - # name: my-configmap - - ## Freeform init containers: More information: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - initContainers: - # - name: my-init-container - # command: ["echo", "hello"] - # image: registry.redhat.io/ubi8/ubi-minimal - - ## Freeform containers: More information: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates - extraContainers: - # - name: my-extra-container - # command: ["sleep", "infinity"] - # image: registry.redhat.io/ubi8/ubi-minimal - -global: - ## Override the release name - nameOverride: diff --git a/charts/redhat/redhat/vertx/OWNERS b/charts/redhat/redhat/vertx/OWNERS deleted file mode 100644 index d36609f22a..0000000000 --- a/charts/redhat/redhat/vertx/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -chart: - name: vertx - shortDescription: This is the Red Hat Vert.x chart -publicPgpKey: null -users: -- githubUsername: dperaza4dustbit -- githubUsername: jponge -vendor: - label: redhat - name: Red Hat diff --git a/installation/README.md b/installation/README.md new file mode 100644 index 0000000000..b9de41b8d1 --- /dev/null +++ b/installation/README.md @@ -0,0 +1,52 @@ + +## Scripted installation + +To [install](./install.sh) from a Helm Chart Repository, run the following commands: + +``` +cd /tmp +# Create or select a namespace +# Install the chart repo +# Install the chart, then update the clusterRouterBase +curl -sSLO https://raw.githubusercontent.com/rhdh-bot/openshift-helm-charts/redhat-developer-hub-1.4-69-CI/installation/install.sh && chmod +x install.sh +./install.sh 1.4-69-CI --namespace rhdh-1-4-69-ci --chartrepo +``` + +That's it! + + +## Manual installation + +The [install](./install.sh) script creates a chart repo, then follows the [standard installation guide](https://access.redhat.com/documentation/en-us/red_hat_developer_hub/1.1/html-single/administration_guide_for_red_hat_developer_hub/index#proc-install-rhdh-helm_admin-rhdh) and automates these steps: + +1. Create a chart repo, with .metadata.name = `rhdh-next-ci-repo` +``` +oc apply -f https://github.com/rhdh-bot/openshift-helm-charts/raw/redhat-developer-hub-1.4-69-CI/installation/rhdh-next-ci-repo.yaml +``` +2. Go to `Developer` perspective in your cluster +1. Select your namespace or project (eg., `rhdh-helm` or `rhdh-1-4-69-ci`) +1. Click `+Add`, scroll down and select `Helm Chart` +1. Filter out the default charts and just select the `Rhdh Next Ci Repo` +1. **IMPORTANT**: In the chart's YAML view, change the following line to the correct value for your cluster. For example, change +``` +clusterRouterBase: apps.example.com +``` +to +``` +clusterRouterBase: apps.ci-my-cluster-goes-here.com +``` +7. Click `Create` and watch the deployment happen from the `Topology` view. +1. Open the `Route` once it's available to see your deployed RHDH instance. + +## Optional Verification + +To verify a chart, use chart-verifier. This is only needed if you built your own chart and want to check it passes compliance checks. + +``` +cd /tmp && mkdir -p chartverifier; \\ +podman run --rm -i -e KUBECONFIG=/.kube/config \\ + -v /home/nboldt/.kube:/.kube:z -v /tmp/chartverifier:/app/chartverifier:z \\ + quay.io/redhat-certification/chart-verifier \\ + verify --write-to-file https://github.com/rhdh-bot/openshift-helm-charts/raw/redhat-developer-hub-1.4-69-CI/charts/redhat/redhat/redhat-developer-hub/1.4-69-CI/redhat-developer-hub-1.4-69-CI.tgz +echo 'Report in /tmp/chartverifier/report.yaml' +``` \ No newline at end of file diff --git a/installation/index.yaml b/installation/index.yaml new file mode 100644 index 0000000000..c01c895290 --- /dev/null +++ b/installation/index.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +entries: + redhat-developer-hub: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: support + url: https://github.com/redhat-developer/rhdh-chart/issues + - name: Chart Source + url: https://github.com/redhat-developer/rhdh-chart + - name: Default Image Source + url: https://github.com/janus-idp/backstage-showcase + charts.openshift.io/archs: x86_64 + charts.openshift.io/name: Red Hat Developer Hub (CI Build) + charts.openshift.io/provider: Red Hat + charts.openshift.io/supportURL: https://access.redhat.com/support + apiVersion: v2 + appVersion: 1.4-69 + created: "2024-11-14T19:39:30.8251581-04:00" + dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 2.14.1 + - alias: upstream + name: backstage + repository: https://backstage.github.io/charts + version: 2.1.0 + description: A Helm chart for deploying Red Hat Developer Hub (CI Build) + digest: c26e24fff395c5140fe02aa69969b0a495b1695c903d800646cf42968d233c54 + home: https://red.ht/rhdh + icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgd2lkdGg9IjE5MS44OCIKICAgaGVpZ2h0PSIxOTEuODgiCiAgIHZpZXdCb3g9IjAgMCAxOTEuODggMTkxLjg4IgogICB2ZXJzaW9uPSIxLjEiCiAgIGlkPSJzdmcyNCIKICAgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICA8ZGVmcwogICAgIGlkPSJkZWZzMjgiIC8+CiAgPGcKICAgICBpZD0idXVpZC03OTAxZjg3OC1jZTAwLTQ0MWYtYWMyNi1kZGQzNjU0ZDRmNzkiCiAgICAgdHJhbnNmb3JtPSJtYXRyaXgoNS4zMywwLDAsNS4zMywtNS4zMjk5OTc2LC01LjMyOTk5NzYpIj4KICAgIDxyZWN0CiAgICAgICB4PSIxIgogICAgICAgeT0iMSIKICAgICAgIHdpZHRoPSIzNiIKICAgICAgIGhlaWdodD0iMzYiCiAgICAgICByeD0iOSIKICAgICAgIHJ5PSI5IgogICAgICAgc3Ryb2tlLXdpZHRoPSIwIgogICAgICAgaWQ9InJlY3QyIiAvPgogICAgPHBhdGgKICAgICAgIGQ9Im0gMjgsMi4yNSBjIDQuMjczMzYsMCA3Ljc1LDMuNDc2NjQgNy43NSw3Ljc1IHYgMTggYyAwLDQuMjczMzYgLTMuNDc2NjQsNy43NSAtNy43NSw3Ljc1IEggMTAgQyA1LjcyNjY0LDM1Ljc1IDIuMjUsMzIuMjczMzYgMi4yNSwyOCBWIDEwIEMgMi4yNSw1LjcyNjY0IDUuNzI2NjQsMi4yNSAxMCwyLjI1IEggMjggTSAyOCwxIEggMTAgQyA1LjAyOTQ0LDEgMSw1LjAyOTQzIDEsMTAgdiAxOCBjIDAsNC45NzA1NyA0LjAyOTQ0LDkgOSw5IGggMTggYyA0Ljk3MDU2LDAgOSwtNC4wMjk0MyA5LC05IFYgMTAgQyAzNyw1LjAyOTQzIDMyLjk3MDU2LDEgMjgsMSBaIgogICAgICAgZmlsbD0iIzRkNGQ0ZCIKICAgICAgIHN0cm9rZS13aWR0aD0iMCIKICAgICAgIGlkPSJwYXRoNCIgLz4KICA8L2c+CiAgPGcKICAgICBpZD0idXVpZC1jM2NhNjg5MS02ZTE4LTQyY2ItODUyYi0zZGVkZDZjMzFlNjgiCiAgICAgdHJhbnNmb3JtPSJtYXRyaXgoNS4zMywwLDAsNS4zMywtNS4zMjk5OTc2LC01LjMyOTk5NzYpIj4KICAgIDxwYXRoCiAgICAgICBkPSJtIDI2LjQ0MjM4LDI1LjU1ODExIC0zLjc3Mzc0LC0zLjc3Mzc0IGMgMC41OTE0MywtMC43NzcwNCAwLjk1NjM2LC0xLjczNDggMC45NTYzNiwtMi43ODQzNiAwLC0yLjU1MDI5IC0yLjA3NTIsLTQuNjI1IC00LjYyNSwtNC42MjUgLTIuNTUwMjksMCAtNC42MjUsMi4wNzQ3MSAtNC42MjUsNC42MjUgMCwyLjU1MDI5IDIuMDc0NzEsNC42MjUgNC42MjUsNC42MjUgMS4wNDk0NCwwIDIuMDA3MjYsLTAuMzY0OTMgMi43ODQzNiwtMC45NTYzNiBsIDMuNzczMjUsMy43NzMyNSBjIDAuMTIyMDcsMC4xMjIwNyAwLjI4MjIzLDAuMTgzMTEgMC40NDIzOCwwLjE4MzExIDAuMTYwMTUsMCAwLjMyMDMxLC0wLjA2MTA0IDAuNDQyMzgsLTAuMTgzMTEgMC4yNDMxNiwtMC4yNDQxNCAwLjI0MzE2LC0wLjYzOTY1IDAsLTAuODgzNzkgeiBNIDE1LjYyNSwxOSBjIDAsLTEuODYwODQgMS41MTQxNiwtMy4zNzUgMy4zNzUsLTMuMzc1IDEuODYxMzMsMCAzLjM3NSwxLjUxNDE2IDMuMzc1LDMuMzc1IDAsMS44NjA4NCAtMS41MTM2NywzLjM3NSAtMy4zNzUsMy4zNzUgLTEuODYwODQsMCAtMy4zNzUsLTEuNTE0MTYgLTMuMzc1LC0zLjM3NSB6IgogICAgICAgZmlsbD0iI2VlMDAwMCIKICAgICAgIHN0cm9rZS13aWR0aD0iMCIKICAgICAgIGlkPSJwYXRoNyIgLz4KICAgIDxwYXRoCiAgICAgICBkPSJtIDI3LDEzLjYyNSBjIDEuNDQ3MjcsMCAyLjYyNSwtMS4xNzc3MyAyLjYyNSwtMi42MjUgMCwtMS40NDcyNyAtMS4xNzc3MywtMi42MjUgLTIuNjI1LC0yLjYyNSAtMS40NDcyNywwIC0yLjYyNSwxLjE3NzczIC0yLjYyNSwyLjYyNSAwLDAuNDk2NyAwLjE0NjYxLDAuOTU2NTQgMC4zODcyNywxLjM1MzAzIGwgLTEuMjA0NjUsMS4yMDUwOCBjIC0wLjI0NDE0LDAuMjQ0MTQgLTAuMjQzMTYsMC42Mzk2NSA5LjhlLTQsMC44ODM3OSAwLjEyMTA5LDAuMTIyMDcgMC4yODEyNSwwLjE4MzExIDAuNDQxNDEsMC4xODMxMSAwLjE2MDE2LDAgMC4zMjAzMSwtMC4wNjEwNCAwLjQ0MjM4LC0wLjE4MzExIGwgMS4yMDQxLC0xLjIwNDQ3IGMgMC4zOTY2MSwwLjI0MDkxIDAuODU2NjMsMC4zODc1NyAxLjM1MzUyLDAuMzg3NTcgeiBtIDAsLTQgYyAwLjc1NzgxLDAgMS4zNzUsMC42MTY3IDEuMzc1LDEuMzc1IDAsMC43NTgzIC0wLjYxNzE5LDEuMzc1IC0xLjM3NSwxLjM3NSAtMC4zNzgxMSwwIC0wLjcyMTA3LC0wLjE1MzY5IC0wLjk2OTk3LC0wLjQwMTczIC03LjNlLTQsLTcuM2UtNCAtOS44ZS00LC0wLjAwMTggLTAuMDAxNywtMC4wMDI2IC02LjFlLTQsLTYuMWUtNCAtMC4wMDE1LC03LjllLTQgLTAuMDAyMSwtMC4wMDE0IC0wLjI0NzYyLC0wLjI0ODc4IC0wLjQwMTE4LC0wLjU5MTM3IC0wLjQwMTE4LC0wLjk2OTMgMCwtMC43NTgzIDAuNjE3MTksLTEuMzc1IDEuMzc1LC0xLjM3NSB6IgogICAgICAgZmlsbD0iI2ZmZmZmZiIKICAgICAgIHN0cm9rZS13aWR0aD0iMCIKICAgICAgIGlkPSJwYXRoOSIgLz4KICAgIDxwYXRoCiAgICAgICBkPSJtIDE5LDguMzc1IGMgLTEuMTcxODgsMCAtMi4xMjUsMC45NTMxMiAtMi4xMjUsMi4xMjUgMCwxLjE3MTg4IDAuOTUzMTIsMi4xMjUgMi4xMjUsMi4xMjUgMS4xNzE4OCwwIDIuMTI1LC0wLjk1MzEyIDIuMTI1LC0yLjEyNSAwLC0xLjE3MTg4IC0wLjk1MzEyLC0yLjEyNSAtMi4xMjUsLTIuMTI1IHogbSAwLDMgYyAtMC40ODI0MiwwIC0wLjg3NSwtMC4zOTI1OCAtMC44NzUsLTAuODc1IDAsLTAuNDgyNDIgMC4zOTI1OCwtMC44NzUgMC44NzUsLTAuODc1IDAuNDgyNDIsMCAwLjg3NSwwLjM5MjU4IDAuODc1LDAuODc1IDAsMC40ODI0MiAtMC4zOTI1OCwwLjg3NSAtMC44NzUsMC44NzUgeiIKICAgICAgIGZpbGw9IiNmZmZmZmYiCiAgICAgICBzdHJva2Utd2lkdGg9IjAiCiAgICAgICBpZD0icGF0aDExIiAvPgogICAgPHBhdGgKICAgICAgIGQ9Im0gMTksMjUuMzc1IGMgLTEuMTcxODgsMCAtMi4xMjUsMC45NTMxMiAtMi4xMjUsMi4xMjUgMCwxLjE3MTg4IDAuOTUzMTIsMi4xMjUgMi4xMjUsMi4xMjUgMS4xNzE4OCwwIDIuMTI1LC0wLjk1MzEyIDIuMTI1LC0yLjEyNSAwLC0xLjE3MTg4IC0wLjk1MzEyLC0yLjEyNSAtMi4xMjUsLTIuMTI1IHogbSAwLDMgYyAtMC40ODI0MiwwIC0wLjg3NSwtMC4zOTI1OCAtMC44NzUsLTAuODc1IDAsLTAuNDgyNDIgMC4zOTI1OCwtMC44NzUgMC44NzUsLTAuODc1IDAuNDgyNDIsMCAwLjg3NSwwLjM5MjU4IDAuODc1LDAuODc1IDAsMC40ODI0MiAtMC4zOTI1OCwwLjg3NSAtMC44NzUsMC44NzUgeiIKICAgICAgIGZpbGw9IiNmZmZmZmYiCiAgICAgICBzdHJva2Utd2lkdGg9IjAiCiAgICAgICBpZD0icGF0aDEzIiAvPgogICAgPHBhdGgKICAgICAgIGQ9Im0gMjcuNSwxNi44NzUgYyAtMS4xNzE4OCwwIC0yLjEyNSwwLjk1MzEyIC0yLjEyNSwyLjEyNSAwLDEuMTcxODggMC45NTMxMiwyLjEyNSAyLjEyNSwyLjEyNSAxLjE3MTg4LDAgMi4xMjUsLTAuOTUzMTIgMi4xMjUsLTIuMTI1IDAsLTEuMTcxODggLTAuOTUzMTIsLTIuMTI1IC0yLjEyNSwtMi4xMjUgeiBtIDAsMyBjIC0wLjQ4MjQyLDAgLTAuODc1LC0wLjM5MjU4IC0wLjg3NSwtMC44NzUgMCwtMC40ODI0MiAwLjM5MjU4LC0wLjg3NSAwLjg3NSwtMC44NzUgMC40ODI0MiwwIDAuODc1LDAuMzkyNTggMC44NzUsMC44NzUgMCwwLjQ4MjQyIC0wLjM5MjU4LDAuODc1IC0wLjg3NSwwLjg3NSB6IgogICAgICAgZmlsbD0iI2ZmZmZmZiIKICAgICAgIHN0cm9rZS13aWR0aD0iMCIKICAgICAgIGlkPSJwYXRoMTUiIC8+CiAgICA8cGF0aAogICAgICAgZD0ibSAxMi42MjUsMTkgYyAwLC0xLjE3MTg4IC0wLjk1MzEyLC0yLjEyNSAtMi4xMjUsLTIuMTI1IC0xLjE3MTg4LDAgLTIuMTI1LDAuOTUzMTIgLTIuMTI1LDIuMTI1IDAsMS4xNzE4OCAwLjk1MzEyLDIuMTI1IDIuMTI1LDIuMTI1IDEuMTcxODgsMCAyLjEyNSwtMC45NTMxMiAyLjEyNSwtMi4xMjUgeiBtIC0zLDAgYyAwLC0wLjQ4MjQyIDAuMzkyNTgsLTAuODc1IDAuODc1LC0wLjg3NSAwLjQ4MjQyLDAgMC44NzUsMC4zOTI1OCAwLjg3NSwwLjg3NSAwLDAuNDgyNDIgLTAuMzkyNTgsMC44NzUgLTAuODc1LDAuODc1IC0wLjQ4MjQyLDAgLTAuODc1LC0wLjM5MjU4IC0wLjg3NSwtMC44NzUgeiIKICAgICAgIGZpbGw9IiNmZmZmZmYiCiAgICAgICBzdHJva2Utd2lkdGg9IjAiCiAgICAgICBpZD0icGF0aDE3IiAvPgogICAgPHBhdGgKICAgICAgIGQ9Ik0gMTMuMjM3NDMsMTIuMzUzNjQgQyAxMy40NzgzNCwxMS45NTcwMyAxMy42MjUsMTEuNDk2ODkgMTMuNjI1LDExIDEzLjYyNSw5LjU1MjczIDEyLjQ0NzI3LDguMzc1IDExLDguMzc1IDkuNTUyNzMsOC4zNzUgOC4zNzUsOS41NTI3MyA4LjM3NSwxMSBjIDAsMS40NDcyNyAxLjE3NzczLDIuNjI1IDIuNjI1LDIuNjI1IDAuNDk2ODksMCAwLjk1NzAzLC0wLjE0NjY3IDEuMzUzNjQsLTAuMzg3NTcgbCAxLjIwNDQ3LDEuMjA0NDcgYyAwLjEyMjA3LDAuMTIyMDcgMC4yODE3NCwwLjE4MzExIDAuNDQxODksMC4xODMxMSAwLjE2MDE1LDAgMC4zMTk4MiwtMC4wNjEwNCAwLjQ0MTg5LC0wLjE4MzExIDAuMjQ0MTQsLTAuMjQ0MTQgMC4yNDQxNCwtMC42Mzk2NSAwLC0wLjg4Mzc5IEwgMTMuMjM3NDIsMTIuMzUzNjQgWiBNIDkuNjI1LDExIGMgMCwtMC43NTgzIDAuNjE2NywtMS4zNzUgMS4zNzUsLTEuMzc1IDAuNzU4MywwIDEuMzc1LDAuNjE2NyAxLjM3NSwxLjM3NSAwLDAuMzc3OTkgLTAuMTUzNSwwLjcyMDU4IC0wLjQwMTEyLDAuOTY5MzYgLTcuOWUtNCw3LjllLTQgLTAuMDAxOSwxMGUtNCAtMC4wMDI3LDAuMDAxOCAtOGUtNCw3LjllLTQgLTAuMDAxLDAuMDAxOSAtMC4wMDE4LDAuMDAyNyBDIDExLjcyMDU4LDEyLjIyMTUgMTEuMzc3OTksMTIuMzc1IDExLDEyLjM3NSAxMC4yNDE3LDEyLjM3NSA5LjYyNSwxMS43NTgzIDkuNjI1LDExIFoiCiAgICAgICBmaWxsPSIjZmZmZmZmIgogICAgICAgc3Ryb2tlLXdpZHRoPSIwIgogICAgICAgaWQ9InBhdGgxOSIgLz4KICAgIDxwYXRoCiAgICAgICBkPSJtIDEzLjU1ODExLDIzLjU1ODExIC0xLjIwNDQ3LDEuMjA0NDcgQyAxMS45NTcwMywyNC41MjE2NyAxMS40OTY4OSwyNC4zNzUwMSAxMSwyNC4zNzUwMSBjIC0xLjQ0NzI3LDAgLTIuNjI1LDEuMTc3NzMgLTIuNjI1LDIuNjI1IDAsMS40NDcyNyAxLjE3NzczLDIuNjI1IDIuNjI1LDIuNjI1IDEuNDQ3MjcsMCAyLjYyNSwtMS4xNzc3MyAyLjYyNSwtMi42MjUgMCwtMC40OTY4OSAtMC4xNDY2NywtMC45NTcwMyAtMC4zODc1NywtMS4zNTM2NCBMIDE0LjQ0MTksMjQuNDQxOSBjIDAuMjQ0MTQsLTAuMjQ0MTQgMC4yNDQxNCwtMC42Mzk2NSAwLC0wLjg4Mzc5IC0wLjI0NDE0LC0wLjI0NDE0IC0wLjYzOTY1LC0wLjI0NDE0IC0wLjg4Mzc5LDAgeiBNIDExLDI4LjM3NSBjIC0wLjc1ODMsMCAtMS4zNzUsLTAuNjE2NyAtMS4zNzUsLTEuMzc1IDAsLTAuNzU4MyAwLjYxNjcsLTEuMzc1IDEuMzc1LC0xLjM3NSAwLjM3ODg1LDAgMC43MjIyOSwwLjE1Mzk5IDAuOTcxMTksMC40MDI1OSAyLjRlLTQsMi40ZS00IDIuNGUtNCw0LjllLTQgNC45ZS00LDcuM2UtNCAyLjVlLTQsMi40ZS00IDQuOWUtNCwyLjRlLTQgNy4zZS00LDQuOWUtNCAwLjI0ODYsMC4yNDg5IDAuNDAyNTksMC41OTIzNSAwLjQwMjU5LDAuOTcxMTkgMCwwLjc1ODMgLTAuNjE2NywxLjM3NSAtMS4zNzUsMS4zNzUgeiIKICAgICAgIGZpbGw9IiNmZmZmZmYiCiAgICAgICBzdHJva2Utd2lkdGg9IjAiCiAgICAgICBpZD0icGF0aDIxIiAvPgogIDwvZz4KPC9zdmc+Cg== + keywords: + - backstage + - idp + - janus-idp + - developer-hub + - redhat-developer-hub + - redhat + kubeVersion: '>= 1.19.0-0' + maintainers: + - name: Red Hat + url: https://redhat.com + name: redhat-developer-hub + type: application + urls: + - https://raw.githubusercontent.com/rhdh-bot/openshift-helm-charts/redhat-developer-hub-1.4-69-CI/charts/redhat/redhat/redhat-developer-hub/1.4-69-CI/redhat-developer-hub-1.4-69-CI.tgz + version: 1.4-69-CI +generated: "2024-11-14T19:39:30.785932332-04:00" diff --git a/installation/install.sh b/installation/install.sh new file mode 100644 index 0000000000..a64f045c67 --- /dev/null +++ b/installation/install.sh @@ -0,0 +1,77 @@ +#!/bin/bash -e +# +# Copyright (c) 2024 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# install a helm chart with the correct global.clusterRouterBase + +# default namespace if none set +namespace="rhdh-helm" +chartrepo=0 # by default don't create a new chart repo unless the version chart version includes "CI" suffix + +usage () +{ + echo "Usage: $0 CHART_VERSION [-n namespace] + +Examples: + $0 1.1.1 + $0 1.4-69-CI -n rhdh-ci + +Options: + -n, --namespace Project or namespace into which to install specified chart; default: $namespace + -r, --chartrepo If set, a Helm Chart Repo will be applied to the cluster, based on the chart version. + If CHART_VERSION ends in CI, this is done by default. +" + exit +} + +if [[ $# -lt 1 ]]; then usage; fi + +while [[ "$#" -gt 0 ]]; do + case $1 in + '-r'|'--chartrepo') chartrepo=1;; + '-n'|'--namespace') namespace="$2"; shift 1;; + '-h') usage;; + *) CV="$1";; + esac + shift 1 +done + +if [[ ! $CV ]]; then usage; fi + + +tmpfile=/tmp/redhat-developer-hub.chart.values.yml +CHART_URL="https://github.com/rhdh-bot/openshift-helm-charts/raw/redhat-developer-hub-${CV}/charts/redhat/redhat/redhat-developer-hub/${CV}/redhat-developer-hub-${CV}.tgz" + +# choose namespace for the install (or create if non-existant) +oc new-project "$namespace" || oc project "$namespace" + +# if a CI chart, create a chart repo +if [[ $CV == *"-CI" ]]; then chartrepo=1; fi +if [[ $chartrepo -eq 1 ]]; then + oc apply -f https://github.com/rhdh-bot/openshift-helm-charts/raw/redhat-developer-hub-${CV}/installation/rhdh-next-ci-repo.yaml +fi + +# 1. install (or upgrade) +helm upgrade redhat-developer-hub -i "${CHART_URL}" + +# 2. collect values +PASSWORD=$(kubectl get secret redhat-developer-hub-postgresql -o jsonpath="{.data.password}" | base64 -d) +CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//') + +# 3. change values +helm upgrade redhat-developer-hub -i "${CHART_URL}" \ + --set global.clusterRouterBase="${CLUSTER_ROUTER_BASE}" \ + --set global.postgresql.auth.password="$PASSWORD" + +# 4. cleanup +rm -f "$tmpfile" + +echo " +Once deployed, Developer Hub $CV will be available at +https://redhat-developer-hub-${namespace}.${CLUSTER_ROUTER_BASE} +" diff --git a/installation/rhdh-next-ci-repo.yaml b/installation/rhdh-next-ci-repo.yaml new file mode 100644 index 0000000000..4dcae8f813 --- /dev/null +++ b/installation/rhdh-next-ci-repo.yaml @@ -0,0 +1,8 @@ +apiVersion: helm.openshift.io/v1beta1 +kind: HelmChartRepository +metadata: + name: rhdh-next-ci-repo +spec: + connectionConfig: + url: >- + https://github.com/rhdh-bot/openshift-helm-charts/raw/redhat-developer-hub-1.4-69-CI/installation/index.yaml