-
Notifications
You must be signed in to change notification settings - Fork 719
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'release-v2.10' into slsa-charts-bypass
- Loading branch information
Showing
245 changed files
with
42,897 additions
and
6 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file added
BIN
+4.42 KB
assets/harvester-cloud-provider/harvester-cloud-provider-105.0.0+up0.2.6.tgz
Binary file not shown.
Binary file added
BIN
+3.76 KB
assets/harvester-csi-driver/harvester-csi-driver-104.0.3+up0.1.21.tgz
Binary file not shown.
Binary file added
BIN
+3.76 KB
assets/harvester-csi-driver/harvester-csi-driver-105.0.0+up0.1.21.tgz
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
annotations: | ||
catalog.cattle.io/certified: rancher | ||
catalog.cattle.io/hidden: "true" | ||
catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.31.0-0' | ||
catalog.cattle.io/namespace: cattle-fleet-system | ||
catalog.cattle.io/os: linux | ||
catalog.cattle.io/permits-os: linux,windows | ||
catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0' | ||
catalog.cattle.io/release-name: fleet-agent | ||
apiVersion: v2 | ||
appVersion: 0.10.6 | ||
description: Fleet Manager Agent - GitOps at Scale | ||
icon: https://charts.rancher.io/assets/logos/fleet.svg | ||
name: fleet-agent | ||
version: 104.1.2+up0.10.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
## Fleet Agent Helm Chart | ||
|
||
Every Fleet-managed downstream cluster will run an agent that communicates back to the Fleet controller. This agent is just another set of Kubernetes controllers running in the downstream cluster. | ||
|
||
Standalone Fleet users use this chart for agent-initiated registration. For more details see [agent-initiated registration](https://fleet.rancher.io/cluster-registration#agent-initiated). | ||
Fleet in Rancher does not use this chart, but creates the agent deployments programmatically. | ||
|
||
The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/). |
22 changes: 22 additions & 0 deletions
22
charts/fleet-agent/104.1.2+up0.10.6/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{{- define "system_default_registry" -}} | ||
{{- if .Values.global.cattle.systemDefaultRegistry -}} | ||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} | ||
{{- else -}} | ||
{{- "" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Windows cluster will add default taint for linux nodes, | ||
add below linux tolerations to workloads could be scheduled to those linux nodes | ||
*/}} | ||
{{- define "linux-node-tolerations" -}} | ||
- key: "cattle.io/os" | ||
value: "linux" | ||
effect: "NoSchedule" | ||
operator: "Equal" | ||
{{- end -}} | ||
|
||
{{- define "linux-node-selector" -}} | ||
kubernetes.io/os: linux | ||
{{- end -}} |
16 changes: 16 additions & 0 deletions
16
charts/fleet-agent/104.1.2+up0.10.6/templates/configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
kind: ConfigMap | ||
apiVersion: v1 | ||
metadata: | ||
name: fleet-agent | ||
data: | ||
config: |- | ||
{ | ||
{{ if .Values.labels }} | ||
"labels":{{toJson .Values.labels}}, | ||
{{ end }} | ||
"clientID":"{{.Values.clientID}}", | ||
"agentTLSMode": "{{.Values.agentTLSMode}}" | ||
{{ if .Values.garbageCollectionInterval }} | ||
"garbageCollectionInterval": "{{.Values.garbageCollectionInterval}}" | ||
{{ end }} | ||
} |
108 changes: 108 additions & 0 deletions
108
charts/fleet-agent/104.1.2+up0.10.6/templates/deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
name: fleet-agent | ||
spec: | ||
serviceName: fleet-agent | ||
selector: | ||
matchLabels: | ||
app: fleet-agent | ||
template: | ||
metadata: | ||
labels: | ||
app: fleet-agent | ||
spec: | ||
initContainers: | ||
- env: | ||
- name: NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' | ||
name: fleet-agent-register | ||
command: | ||
- fleetagent | ||
- register | ||
{{- if .Values.debug }} | ||
- --debug | ||
- --debug-level | ||
- {{ quote .Values.debugLevel }} | ||
{{- else }} | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
readOnlyRootFilesystem: true | ||
privileged: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
{{- end }} | ||
containers: | ||
- env: | ||
- name: NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' | ||
name: fleet-agent | ||
command: | ||
- fleetagent | ||
{{- if .Values.debug }} | ||
- --debug | ||
- --debug-level | ||
- {{ quote .Values.debugLevel }} | ||
{{- else }} | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
readOnlyRootFilesystem: true | ||
privileged: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
{{- end }} | ||
volumeMounts: | ||
- mountPath: /.kube | ||
name: kube | ||
- env: | ||
- name: NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' | ||
name: fleet-agent-clusterstatus | ||
command: | ||
- fleetagent | ||
- clusterstatus | ||
{{- if .Values.debug }} | ||
- --debug | ||
- --debug-level | ||
- {{ quote .Values.debugLevel }} | ||
{{- else }} | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
readOnlyRootFilesystem: true | ||
privileged: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
{{- end }} | ||
volumes: | ||
- name: kube | ||
emptyDir: {} | ||
serviceAccountName: fleet-agent | ||
{{- if .Values.fleetAgent.hostNetwork }} | ||
hostNetwork: true | ||
{{- end }} | ||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} | ||
{{- if .Values.fleetAgent.nodeSelector }} | ||
{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }} | ||
{{- end }} | ||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} | ||
{{- if .Values.fleetAgent.tolerations }} | ||
{{ toYaml .Values.fleetAgent.tolerations | indent 8 }} | ||
{{- end }} | ||
{{- if not .Values.debug }} | ||
securityContext: | ||
runAsNonRoot: true | ||
runAsUser: 1000 | ||
runAsGroup: 1000 | ||
{{- end }} |
15 changes: 15 additions & 0 deletions
15
charts/fleet-agent/104.1.2+up0.10.6/templates/network_policy_allow_all.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
apiVersion: networking.k8s.io/v1 | ||
kind: NetworkPolicy | ||
metadata: | ||
name: default-allow-all | ||
namespace: {{ .Values.internal.systemNamespace }} | ||
spec: | ||
podSelector: {} | ||
ingress: | ||
- {} | ||
egress: | ||
- {} | ||
policyTypes: | ||
- Ingress | ||
- Egress |
28 changes: 28 additions & 0 deletions
28
charts/fleet-agent/104.1.2+up0.10.6/templates/patch_default_serviceaccount.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
--- | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: patch-fleet-sa | ||
annotations: | ||
"helm.sh/hook": post-install, post-upgrade | ||
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation | ||
spec: | ||
template: | ||
spec: | ||
serviceAccountName: fleet-agent | ||
restartPolicy: Never | ||
containers: | ||
- name: sa | ||
image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" | ||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} | ||
command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] | ||
args: ["-n", {{ .Values.internal.systemNamespace }}] | ||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} | ||
{{- if .Values.kubectl.nodeSelector }} | ||
{{ toYaml .Values.kubectl.nodeSelector | indent 8 }} | ||
{{- end }} | ||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} | ||
{{- if .Values.kubectl.tolerations }} | ||
{{ toYaml .Values.kubectl.tolerations | indent 8 }} | ||
{{- end }} | ||
backoffLimit: 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: fleet-agent-system-fleet-agent-role | ||
rules: | ||
- apiGroups: | ||
- '*' | ||
resources: | ||
- '*' | ||
verbs: | ||
- '*' | ||
- nonResourceURLs: | ||
- "*" | ||
verbs: | ||
- "*" | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: fleet-agent-system-fleet-agent-role-binding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: fleet-agent-system-fleet-agent-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: fleet-agent | ||
namespace: {{.Release.Namespace}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: v1 | ||
data: | ||
systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}" | ||
clusterNamespace: "{{b64enc .Values.clusterNamespace}}" | ||
token: "{{b64enc .Values.token}}" | ||
apiServerURL: "{{b64enc .Values.apiServerURL}}" | ||
apiServerCA: "{{b64enc .Values.apiServerCA}}" | ||
kind: Secret | ||
metadata: | ||
name: fleet-agent-bootstrap |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: fleet-agent | ||
spec: | ||
type: ClusterIP | ||
clusterIP: None | ||
selector: | ||
app: fleet-agent |
4 changes: 4 additions & 0 deletions
4
charts/fleet-agent/104.1.2+up0.10.6/templates/serviceaccount.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: fleet-agent |
11 changes: 11 additions & 0 deletions
11
charts/fleet-agent/104.1.2+up0.10.6/templates/validate.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{{if ne .Release.Namespace .Values.internal.systemNamespace }} | ||
{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }} | ||
{{end}} | ||
|
||
{{if ne .Release.Name .Values.internal.managedReleaseName }} | ||
{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }} | ||
{{end}} | ||
|
||
{{if not .Values.apiServerURL }} | ||
{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }} | ||
{{end}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
image: | ||
os: "windows,linux" | ||
repository: rancher/fleet-agent | ||
tag: v0.10.6 | ||
|
||
# The public URL of the Kubernetes API server running the Fleet Manager must be set here | ||
# Example: https://example.com:6443 | ||
apiServerURL: "" | ||
|
||
# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager. | ||
# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. | ||
apiServerCA: "" | ||
|
||
# Determines whether the agent should trust CA bundles from the operating system's trust store when connecting to a | ||
# management cluster. True in `system-store` mode, false in `strict` mode. | ||
agentTLSMode: "system-store" | ||
|
||
# The cluster registration value | ||
token: "" | ||
|
||
# Labels to add to the cluster upon registration only. They are not added after the fact. | ||
# labels: | ||
# foo: bar | ||
|
||
# The client ID of the cluster to associate with | ||
clientID: "" | ||
|
||
# The namespace of the cluster we are register with | ||
clusterNamespace: "" | ||
|
||
# The namespace containing the clusters registration secrets | ||
systemRegistrationNamespace: cattle-fleet-clusters-system | ||
|
||
# Please do not change the below setting unless you really know what you are doing | ||
internal: | ||
systemNamespace: cattle-fleet-system | ||
managedReleaseName: fleet-agent | ||
|
||
# The nodeSelector and tolerations for the agent deployment | ||
fleetAgent: | ||
## Node labels for pod assignment | ||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ | ||
## | ||
nodeSelector: {} | ||
## List of node taints to tolerate (requires Kubernetes >= 1.6) | ||
tolerations: [] | ||
## HostNetwork setting for the agent deployment. | ||
## When set allows for provisioning of network related bundles (CNI configuration) in a cluster without CNI. | ||
hostNetwork: false | ||
kubectl: | ||
## Node labels for pod assignment | ||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ | ||
## | ||
nodeSelector: {} | ||
## List of node taints to tolerate (requires Kubernetes >= 1.6) | ||
tolerations: | ||
- key: node.cloudprovider.kubernetes.io/uninitialized | ||
operator: "Equal" | ||
value: "true" | ||
effect: NoSchedule | ||
|
||
global: | ||
cattle: | ||
systemDefaultRegistry: "" | ||
kubectl: | ||
repository: rancher/kubectl | ||
tag: v1.29.0 | ||
|
||
debug: false | ||
debugLevel: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
annotations: | ||
catalog.cattle.io/certified: rancher | ||
catalog.cattle.io/hidden: "true" | ||
catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0' | ||
catalog.cattle.io/namespace: cattle-fleet-system | ||
catalog.cattle.io/os: linux | ||
catalog.cattle.io/permits-os: linux,windows | ||
catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0' | ||
catalog.cattle.io/release-name: fleet-agent | ||
apiVersion: v2 | ||
appVersion: 0.11.1 | ||
description: Fleet Agent - GitOps at Scale | ||
icon: https://charts.rancher.io/assets/logos/fleet.svg | ||
name: fleet-agent | ||
version: 105.0.1+up0.11.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
## Fleet Agent Helm Chart | ||
|
||
Every Fleet-managed downstream cluster will run an agent that communicates back to the Fleet controller. This agent is just another set of Kubernetes controllers running in the downstream cluster. | ||
|
||
Standalone Fleet users use this chart for agent-initiated registration. For more details see [agent-initiated registration](https://fleet.rancher.io/cluster-registration#agent-initiated). | ||
Fleet in Rancher does not use this chart, but creates the agent deployments programmatically. | ||
|
||
The Fleet documentation is centralized in the [doc website](https://fleet.rancher.io/). |
Oops, something went wrong.