diff --git a/Makefile b/Makefile
index 9f5ace317..364bc6ebb 100644
--- a/Makefile
+++ b/Makefile
@@ -1,16 +1,3 @@
-# Copyright AppsCode Inc. and Contributors
-#
-# Licensed under the AppsCode Community License 1.0.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
SHELL=/bin/bash -o pipefail
diff --git a/apis/installer/v1alpha1/ace_catalog_manager_types.go b/apis/installer/v1alpha1/ace_catalog_manager_types.go
new file mode 100644
index 000000000..2e89c9da8
--- /dev/null
+++ b/apis/installer/v1alpha1/ace_catalog_manager_types.go
@@ -0,0 +1,88 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindCatalogManager = "CatalogManager"
+ ResourceCatalogManager = "catalogmanager"
+ ResourceCatalogManagers = "catalogmanagers"
+)
+
+// CatalogManager defines the schama for CatalogManager operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=catalogmanagers,singular=catalogmanager,categories={kubeops,appscode}
+type CatalogManager struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec CatalogManagerSpec `json:"spec,omitempty"`
+}
+
+// CatalogManagerSpec is the schema for Identity Server values file
+type CatalogManagerSpec struct {
+ //+optional
+ NameOverride string `json:"nameOverride"`
+ //+optional
+ FullnameOverride string `json:"fullnameOverride"`
+ ReplicaCount int `json:"replicaCount"`
+ RegistryFQDN string `json:"registryFQDN"`
+ Image Container `json:"image"`
+ //+optional
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ ImagePullPolicy string `json:"imagePullPolicy"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ //+optional
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ // PodSecurityContext holds pod-level security attributes and common container settings.
+ // Optional: Defaults to empty. See type description for default values of each field.
+ // +optional
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ //+optional
+ NodeSelector map[string]string `json:"nodeSelector"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []core.Toleration `json:"tolerations"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *core.Affinity `json:"affinity"`
+ Monitoring Monitoring `json:"monitoring"`
+
+ // +optional
+ VaultServer ObjectReference `json:"vaultServer"`
+ // +optional
+ SecretReaderServiceAccount ObjectReference `json:"secretReaderServiceAccount"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// CatalogManagerList is a list of CatalogManagers
+type CatalogManagerList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of CatalogManager CRD objects
+ Items []CatalogManager `json:"items,omitempty"`
+}
diff --git a/apis/installer/v1alpha1/ace_service_backend_types.go b/apis/installer/v1alpha1/ace_service_backend_types.go
new file mode 100644
index 000000000..ed80972e6
--- /dev/null
+++ b/apis/installer/v1alpha1/ace_service_backend_types.go
@@ -0,0 +1,105 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindServiceBackend = "ServiceBackend"
+ ResourceServiceBackend = "servicebackend"
+ ResourceServiceBackends = "servicebackends"
+)
+
+// ServiceBackend defines the schama for ServiceBackend operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=servicebackends,singular=servicebackend,categories={kubeops,appscode}
+type ServiceBackend struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec ServiceBackendSpec `json:"spec,omitempty"`
+}
+
+// ServiceBackendSpec is the schema for Identity Server values file
+type ServiceBackendSpec struct {
+ //+optional
+ NameOverride string `json:"nameOverride"`
+ //+optional
+ FullnameOverride string `json:"fullnameOverride"`
+ ReplicaCount int `json:"replicaCount"`
+ RegistryFQDN string `json:"registryFQDN"`
+ Image Container `json:"image"`
+ //+optional
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ ImagePullPolicy string `json:"imagePullPolicy"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ //+optional
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ // PodSecurityContext holds pod-level security attributes and common container settings.
+ // Optional: Defaults to empty. See type description for default values of each field.
+ // +optional
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ //+optional
+ NodeSelector map[string]string `json:"nodeSelector"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []core.Toleration `json:"tolerations"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *core.Affinity `json:"affinity"`
+ Monitoring Monitoring `json:"monitoring"`
+ Server ServerConfig `json:"server"`
+}
+
+type ServerConfig struct {
+ OIDC OIDC `json:"oidc"`
+ NamespacePrefix string `json:"namespacePrefix"`
+ ProviderPrettyName string `json:"providerPrettyName"`
+ ConsumerScope string `json:"consumerScope"`
+ // External External `json:"external"`
+ Cookie Cookie `json:"cookie"`
+}
+
+type OIDC struct {
+ ClientID string `json:"clientID"`
+ ClientSecret string `json:"clientSecret"`
+ IssuerURL string `json:"issuerURL"`
+ CallbackURL string `json:"callbackURL"`
+}
+
+type Cookie struct {
+ SigningKey string `json:"signingKey"`
+ EncryptionKey string `json:"encryptionKey"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ServiceBackendList is a list of ServiceBackends
+type ServiceBackendList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of ServiceBackend CRD objects
+ Items []ServiceBackend `json:"items,omitempty"`
+}
diff --git a/apis/installer/v1alpha1/ace_service_provider_types.go b/apis/installer/v1alpha1/ace_service_provider_types.go
new file mode 100644
index 000000000..3784d0ee9
--- /dev/null
+++ b/apis/installer/v1alpha1/ace_service_provider_types.go
@@ -0,0 +1,119 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the AppsCode Community License 1.0.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ core "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ ResourceKindServiceProvider = "ServiceProvider"
+ ResourceServiceProvider = "serviceprovider"
+ ResourceServiceProviders = "serviceproviders"
+)
+
+// ServiceProvider defines the schama for ServiceProvider operator installer.
+
+// +genclient
+// +genclient:skipVerbs=updateStatus
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// +kubebuilder:object:root=true
+type ServiceProvider struct {
+ metav1.TypeMeta `json:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+ Spec ServiceProviderSpec `json:"spec,omitempty"`
+}
+
+// ServiceProviderSpec is the schema for Operator Operator values file
+type ServiceProviderSpec struct {
+ //+optional
+ NameOverride string `json:"nameOverride"`
+ //+optional
+ FullnameOverride string `json:"fullnameOverride"`
+ RegistryFQDN string `json:"registryFQDN"`
+ ReplicaCount int32 `json:"replicaCount"`
+ Operator Container `json:"operator"`
+ RbacProxy Container `json:"rbacproxy"`
+ ImagePullPolicy string `json:"imagePullPolicy"`
+ //+optional
+ ImagePullSecrets []string `json:"imagePullSecrets"`
+ //+optional
+ CriticalAddon bool `json:"criticalAddon"`
+ //+optional
+ LogLevel int32 `json:"logLevel"`
+ //+optional
+ Annotations map[string]string `json:"annotations"`
+ //+optional
+ PodAnnotations map[string]string `json:"podAnnotations"`
+ //+optional
+ PodLabels map[string]string `json:"podLabels"`
+ //+optional
+ NodeSelector map[string]string `json:"nodeSelector"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []core.Toleration `json:"tolerations"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *core.Affinity `json:"affinity"`
+ // PodSecurityContext holds pod-level security attributes and common container settings.
+ // Optional: Defaults to empty. See type description for default values of each field.
+ // +optional
+ PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
+ ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
+ // +optional
+ Apiserver ServiceProviderApiserver `json:"apiserver"`
+ Monitoring Monitoring `json:"monitoring"`
+ Provider ProviderConfig `json:"provider"`
+}
+
+type ProviderConfig struct {
+ NamespacePrefix string `json:"namespacePrefix"`
+ ProviderPrettyName string `json:"providerPrettyName"`
+ ConsumerScope string `json:"consumerScope"`
+ External External `json:"external"`
+}
+
+type External struct {
+ Address string `json:"address"`
+ ServerName string `json:"serverName"`
+ CAFile string `json:"CAFile"`
+}
+
+type ServiceProviderApiserver struct {
+ GroupPriorityMinimum int `json:"groupPriorityMinimum"`
+ VersionPriority int `json:"versionPriority"`
+ EnableMutatingWebhook bool `json:"enableMutatingWebhook"`
+ EnableValidatingWebhook bool `json:"enableValidatingWebhook"`
+ Ca string `json:"ca"`
+ BypassValidatingWebhookXray bool `json:"bypassValidatingWebhookXray"`
+ UseKubeapiserverFqdnForAks bool `json:"useKubeapiserverFqdnForAks"`
+ Healthcheck HealthcheckSpec `json:"healthcheck"`
+ ServingCerts ServingCerts `json:"servingCerts"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ServiceProviderList is a list of ServiceProviders
+type ServiceProviderList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ // Items is a list of ServiceProvider CRD objects
+ Items []ServiceProvider `json:"items,omitempty"`
+}
diff --git a/apis/installer/v1alpha1/register.go b/apis/installer/v1alpha1/register.go
index ba5602cf4..86bbc74f0 100644
--- a/apis/installer/v1alpha1/register.go
+++ b/apis/installer/v1alpha1/register.go
@@ -68,6 +68,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&BillingUiList{},
&CapiClusterPresets{},
&CapiClusterPresetsList{},
+ &CatalogManager{},
+ &CatalogManagerList{},
&CertManagerWebhookAce{},
&CertManagerWebhookAceList{},
&ClusterImporter{},
@@ -108,6 +110,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&NatsList{},
&Reloader{},
&ReloaderList{},
+ &ServiceProvider{},
+ &ServiceProviderList{},
+ &ServiceBackend{},
+ &ServiceBackendList{},
)
scheme.AddKnownTypes(SchemeGroupVersion,
diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
index bb8a20d79..8e17b6d67 100644
--- a/apis/installer/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go
@@ -1901,6 +1901,120 @@ func (in *CapiPresetsSpec) DeepCopy() *CapiPresetsSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CatalogManager) DeepCopyInto(out *CatalogManager) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CatalogManager.
+func (in *CatalogManager) DeepCopy() *CatalogManager {
+ if in == nil {
+ return nil
+ }
+ out := new(CatalogManager)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CatalogManager) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CatalogManagerList) DeepCopyInto(out *CatalogManagerList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]CatalogManager, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CatalogManagerList.
+func (in *CatalogManagerList) DeepCopy() *CatalogManagerList {
+ if in == nil {
+ return nil
+ }
+ out := new(CatalogManagerList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CatalogManagerList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CatalogManagerSpec) DeepCopyInto(out *CatalogManagerSpec) {
+ *out = *in
+ in.Image.DeepCopyInto(&out.Image)
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ in.Monitoring.DeepCopyInto(&out.Monitoring)
+ out.VaultServer = in.VaultServer
+ out.SecretReaderServiceAccount = in.SecretReaderServiceAccount
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CatalogManagerSpec.
+func (in *CatalogManagerSpec) DeepCopy() *CatalogManagerSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(CatalogManagerSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CertManager) DeepCopyInto(out *CertManager) {
*out = *in
@@ -2390,6 +2504,21 @@ func (in *ContractStorage) DeepCopy() *ContractStorage {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Cookie) DeepCopyInto(out *Cookie) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cookie.
+func (in *Cookie) DeepCopy() *Cookie {
+ if in == nil {
+ return nil
+ }
+ out := new(Cookie)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CustomMonitoring) DeepCopyInto(out *CustomMonitoring) {
*out = *in
@@ -2746,6 +2875,21 @@ func (in *EnvVar) DeepCopy() *EnvVar {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *External) DeepCopyInto(out *External) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new External.
+func (in *External) DeepCopy() *External {
+ if in == nil {
+ return nil
+ }
+ out := new(External)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FirebaseSettings) DeepCopyInto(out *FirebaseSettings) {
*out = *in
@@ -5503,6 +5647,21 @@ func (in *NatsboxSpec) DeepCopy() *NatsboxSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDC) DeepCopyInto(out *OIDC) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDC.
+func (in *OIDC) DeepCopy() *OIDC {
+ if in == nil {
+ return nil
+ }
+ out := new(OIDC)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ObjectReference) DeepCopyInto(out *ObjectReference) {
*out = *in
@@ -6175,6 +6334,22 @@ func (in *PromotionValues) DeepCopy() *PromotionValues {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProviderConfig) DeepCopyInto(out *ProviderConfig) {
+ *out = *in
+ out.External = in.External
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfig.
+func (in *ProviderConfig) DeepCopy() *ProviderConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ProviderConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProviderMount) DeepCopyInto(out *ProviderMount) {
*out = *in
@@ -6916,6 +7091,23 @@ func (in *SecuritySettings) DeepCopy() *SecuritySettings {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServerConfig) DeepCopyInto(out *ServerConfig) {
+ *out = *in
+ out.OIDC = in.OIDC
+ out.Cookie = in.Cookie
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerConfig.
+func (in *ServerConfig) DeepCopy() *ServerConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ServerConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceAccountSpec) DeepCopyInto(out *ServiceAccountSpec) {
*out = *in
@@ -6943,6 +7135,119 @@ func (in *ServiceAccountSpec) DeepCopy() *ServiceAccountSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceBackend) DeepCopyInto(out *ServiceBackend) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceBackend.
+func (in *ServiceBackend) DeepCopy() *ServiceBackend {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceBackend)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceBackend) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceBackendList) DeepCopyInto(out *ServiceBackendList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ServiceBackend, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceBackendList.
+func (in *ServiceBackendList) DeepCopy() *ServiceBackendList {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceBackendList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceBackendList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceBackendSpec) DeepCopyInto(out *ServiceBackendSpec) {
+ *out = *in
+ in.Image.DeepCopyInto(&out.Image)
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ in.Monitoring.DeepCopyInto(&out.Monitoring)
+ out.Server = in.Server
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceBackendSpec.
+func (in *ServiceBackendSpec) DeepCopy() *ServiceBackendSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceBackendSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceMonitorLabels) DeepCopyInto(out *ServiceMonitorLabels) {
*out = *in
@@ -6965,6 +7270,152 @@ func (in *ServiceMonitorLabels) DeepCopy() *ServiceMonitorLabels {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceProvider) DeepCopyInto(out *ServiceProvider) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceProvider.
+func (in *ServiceProvider) DeepCopy() *ServiceProvider {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceProvider)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceProvider) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceProviderApiserver) DeepCopyInto(out *ServiceProviderApiserver) {
+ *out = *in
+ out.Healthcheck = in.Healthcheck
+ out.ServingCerts = in.ServingCerts
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceProviderApiserver.
+func (in *ServiceProviderApiserver) DeepCopy() *ServiceProviderApiserver {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceProviderApiserver)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceProviderList) DeepCopyInto(out *ServiceProviderList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ServiceProvider, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceProviderList.
+func (in *ServiceProviderList) DeepCopy() *ServiceProviderList {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceProviderList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceProviderList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceProviderSpec) DeepCopyInto(out *ServiceProviderSpec) {
+ *out = *in
+ in.Operator.DeepCopyInto(&out.Operator)
+ in.RbacProxy.DeepCopyInto(&out.RbacProxy)
+ if in.ImagePullSecrets != nil {
+ in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Annotations != nil {
+ in, out := &in.Annotations, &out.Annotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodAnnotations != nil {
+ in, out := &in.PodAnnotations, &out.PodAnnotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.PodLabels != nil {
+ in, out := &in.PodLabels, &out.PodLabels
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.NodeSelector != nil {
+ in, out := &in.NodeSelector, &out.NodeSelector
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Tolerations != nil {
+ in, out := &in.Tolerations, &out.Tolerations
+ *out = make([]v1.Toleration, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Affinity != nil {
+ in, out := &in.Affinity, &out.Affinity
+ *out = new(v1.Affinity)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.PodSecurityContext != nil {
+ in, out := &in.PodSecurityContext, &out.PodSecurityContext
+ *out = new(v1.PodSecurityContext)
+ (*in).DeepCopyInto(*out)
+ }
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ out.Apiserver = in.Apiserver
+ in.Monitoring.DeepCopyInto(&out.Monitoring)
+ out.Provider = in.Provider
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceProviderSpec.
+func (in *ServiceProviderSpec) DeepCopy() *ServiceProviderSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceProviderSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServingCerts) DeepCopyInto(out *ServingCerts) {
*out = *in
diff --git a/charts/catalog-manager/.helmignore b/charts/catalog-manager/.helmignore
new file mode 100644
index 000000000..e03134ce3
--- /dev/null
+++ b/charts/catalog-manager/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.terraform
+*.tfstate*
diff --git a/charts/catalog-manager/Chart.yaml b/charts/catalog-manager/Chart.yaml
new file mode 100644
index 000000000..9b72a6c8f
--- /dev/null
+++ b/charts/catalog-manager/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: catalog-manager
+description: A Helm chart for Appcatalog Operator by AppsCode
+type: application
+version: v2024.2.11
+appVersion: v0.0.1
+home: https://github.com/kubeware/catalog-manager
+icon: https://cdn.appscode.com/images/products/searchlight/icons/android-icon-192x192.png
+sources:
+- https://github.com/kubeware/catalog-manager
+maintainers:
+- name: appscode
+ email: support@appscode.com
diff --git a/charts/catalog-manager/README.md b/charts/catalog-manager/README.md
new file mode 100644
index 000000000..47f982945
--- /dev/null
+++ b/charts/catalog-manager/README.md
@@ -0,0 +1,88 @@
+# Appcatalog
+
+[Appcatalog by AppsCode](https://github.com/kubeware/catalog-manager) - Appcatalog for Kubernetes
+
+## TL;DR;
+
+```bash
+$ helm repo add appscode https://charts.appscode.com/stable/
+$ helm repo update
+$ helm search repo appscode/catalog-manager --version=v2024.2.11
+$ helm upgrade -i catalog-manager appscode/catalog-manager -n kubeops --create-namespace --version=v2024.2.11
+```
+
+## Introduction
+
+This chart deploys an Appcatalog on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.21+
+
+## Installing the Chart
+
+To install/upgrade the chart with the release name `catalog-manager`:
+
+```bash
+$ helm upgrade -i catalog-manager appscode/catalog-manager -n kubeops --create-namespace --version=v2024.2.11
+```
+
+The command deploys an Appcatalog on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall the `catalog-manager`:
+
+```bash
+$ helm uninstall catalog-manager -n kubeops
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the `catalog-manager` chart and their default values.
+
+| Parameter | Description | Default |
+|--------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| nameOverride | Overrides name template | "" |
+| fullnameOverride | Overrides fullname template | "" |
+| replicaCount | | 1 |
+| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io |
+| image.registry | Docker registry used to pull operator image | appscode |
+| image.repository | Name of operator container image | catalog-manager |
+| image.tag | Overrides the image tag whose default is the chart appVersion. | "" |
+| image.resources | Compute Resources required by the operator container | {} |
+| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
+| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] |
+| imagePullPolicy | Container image pull policy | Always |
+| serviceAccount.create | Specifies whether a service account should be created | true |
+| serviceAccount.annotations | Annotations to add to the service account | {} |
+| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
+| podAnnotations | | {} |
+| podSecurityContext | | {} |
+| nodeSelector | | {} |
+| tolerations | | [] |
+| affinity | | {} |
+| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" |
+| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} |
+| vaultServer.name | | "" |
+| vaultServer.namespace | | "" |
+| secretReaderServiceAccount.name | | "" |
+| secretReaderServiceAccount.namespace | | "" |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
+
+```bash
+$ helm upgrade -i catalog-manager appscode/catalog-manager -n kubeops --create-namespace --version=v2024.2.11 --set replicaCount=1
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```bash
+$ helm upgrade -i catalog-manager appscode/catalog-manager -n kubeops --create-namespace --version=v2024.2.11 --values values.yaml
+```
diff --git a/charts/catalog-manager/doc.yaml b/charts/catalog-manager/doc.yaml
new file mode 100644
index 000000000..5f5112d97
--- /dev/null
+++ b/charts/catalog-manager/doc.yaml
@@ -0,0 +1,18 @@
+project:
+ name: Appcatalog by AppsCode
+ shortName: Appcatalog
+ url: https://github.com/kubeware/catalog-manager
+ description: Appcatalog for Kubernetes
+ app: an Appcatalog
+repository:
+ url: https://charts.appscode.com/stable/
+ name: appscode
+chart:
+ name: catalog-manager
+ values: -- generate from values file --
+ valuesExample: -- generate from values file --
+prerequisites:
+- Kubernetes 1.21+
+release:
+ name: catalog-manager
+ namespace: kubeops
diff --git a/charts/catalog-manager/templates/NOTES.txt b/charts/catalog-manager/templates/NOTES.txt
new file mode 100644
index 000000000..4c1cf76d7
--- /dev/null
+++ b/charts/catalog-manager/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that Supervisor has started, run:
+
+ kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "catalog-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/charts/catalog-manager/templates/_helpers.tpl b/charts/catalog-manager/templates/_helpers.tpl
new file mode 100644
index 000000000..f07ac4fb4
--- /dev/null
+++ b/charts/catalog-manager/templates/_helpers.tpl
@@ -0,0 +1,107 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "catalog-manager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "catalog-manager.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "catalog-manager.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "catalog-manager.labels" -}}
+helm.sh/chart: {{ include "catalog-manager.chart" . }}
+{{ include "catalog-manager.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "catalog-manager.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "catalog-manager.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "catalog-manager.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "catalog-manager.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns the appscode license
+*/}}
+{{- define "appscode.license" -}}
+{{- .Values.license }}
+{{- end }}
+
+{{/*
+Returns the registry used for operator docker image
+*/}}
+{{- define "image.registry" -}}
+{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }}
+{{- end }}
+
+{{- define "appscode.imagePullSecrets" -}}
+{{- with .Values.imagePullSecrets -}}
+imagePullSecrets:
+{{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns the enabled monitoring agent name
+*/}}
+{{- define "monitoring.agent" -}}
+{{- .Values.monitoring.agent }}
+{{- end }}
+
+{{/*
+Returns whether the ServiceMonitor will be labeled with custom label
+*/}}
+{{- define "monitoring.apply-servicemonitor-label" -}}
+{{- ternary "false" "true" ( empty .Values.monitoring.serviceMonitor.labels ) -}}
+{{- end }}
+
+{{/*
+Returns the ServiceMonitor labels
+*/}}
+{{- define "monitoring.servicemonitor-label" -}}
+{{- range $key, $val := .Values.monitoring.serviceMonitor.labels }}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end }}
diff --git a/charts/catalog-manager/templates/cluster-role-binding.yaml b/charts/catalog-manager/templates/cluster-role-binding.yaml
new file mode 100644
index 000000000..ba467be66
--- /dev/null
+++ b/charts/catalog-manager/templates/cluster-role-binding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "catalog-manager.fullname" . }}
+ labels:
+ {{- include "catalog-manager.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "catalog-manager.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "catalog-manager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/catalog-manager/templates/cluster-role.yaml b/charts/catalog-manager/templates/cluster-role.yaml
new file mode 100644
index 000000000..e5b68a368
--- /dev/null
+++ b/charts/catalog-manager/templates/cluster-role.yaml
@@ -0,0 +1,69 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "catalog-manager.fullname" . }}
+ labels:
+ {{- include "catalog-manager.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - catalog.kubeware.dev
+ resources: ["*"]
+ verbs: ["get", "list", "watch", "patch"]
+- apiGroups:
+ - kubedb.com
+ resources:
+ - elasticsearches
+ - kafkas
+ - mariadbs
+ - memcacheds
+ - mongodbs
+ - mysqls
+ - perconaxtradbs
+ - pgbouncers
+ - postgreses
+ - proxysqls
+ - redises
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - kubevault.com
+ resources:
+ - vaultservers
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - engine.kubevault.com
+ resources:
+ - elasticsearchroles
+ - mariadbroles
+ - mongodbroles
+ - mysqlroles
+ - postgresroles
+ - redisroles
+ - secretaccessrequests
+ - secretengines
+ verbs: ["get", "list", "watch", "create", "patch", "delete"]
+- apiGroups:
+ - engine.kubevault.com
+ resources:
+ - secretaccessrequests/status
+ verbs: ["get", "list", "patch"]
+- apiGroups: [""]
+ resources: ["serviceaccounts", "secrets"]
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - catalog.kubedb.com
+ resources:
+ - elasticsearchversions
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["gateway.networking.k8s.io"]
+ resources:
+ - gateways
+ - httproutes
+ - referencegrants
+ - tcproutes
+ verbs: ["get","list","watch","create","patch","delete"]
+- apiGroups: ["gateway.voyagermesh.com"]
+ resources:
+ - mysqlroutes
+ - mongodbroutes
+ - redisroutes
+ verbs: ["get","list","watch","create","patch","delete"]
diff --git a/charts/catalog-manager/templates/deployment.yaml b/charts/catalog-manager/templates/deployment.yaml
new file mode 100644
index 000000000..ef1609318
--- /dev/null
+++ b/charts/catalog-manager/templates/deployment.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "catalog-manager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "catalog-manager.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "catalog-manager.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "catalog-manager.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "catalog-manager.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.image.securityContext | nindent 12 }}
+ image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ args:
+ - run
+ - --vault-server-name={{ .Values.vaultServer.name }}
+ - --vault-server-namespace={{ .Values.vaultServer.namespace }}
+ - --secret-reader-service-account-name={{ .Values.secretReaderServiceAccount.name }}
+ - --secret-reader-service-account-namespace={{ .Values.secretReaderServiceAccount.namespace }}
+ ports:
+ - name: metrics
+ containerPort: 8080
+ protocol: TCP
+ - name: http
+ containerPort: 8081
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: http
+ resources:
+ {{- toYaml .Values.image.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/catalog-manager/templates/service.yaml b/charts/catalog-manager/templates/service.yaml
new file mode 100644
index 000000000..3bc0d3814
--- /dev/null
+++ b/charts/catalog-manager/templates/service.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "catalog-manager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "catalog-manager.labels" . | nindent 4 }}
+{{- if eq "prometheus.io/builtin" ( include "monitoring.agent" . ) }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: "/metrics"
+ prometheus.io/port: "8443"
+ prometheus.io/scheme: "https"
+{{- end }}
+spec:
+ ports:
+ # Port used to expose admission webhook apiserver
+ - name: api
+ port: 443
+ targetPort: 8443
+ selector:
+ {{- include "catalog-manager.selectorLabels" . | nindent 4 }}
diff --git a/charts/catalog-manager/templates/serviceaccount.yaml b/charts/catalog-manager/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bf3cd5314
--- /dev/null
+++ b/charts/catalog-manager/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "catalog-manager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "catalog-manager.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/catalog-manager/templates/servicemonitor.yaml b/charts/catalog-manager/templates/servicemonitor.yaml
new file mode 100644
index 000000000..b319e3ff7
--- /dev/null
+++ b/charts/catalog-manager/templates/servicemonitor.yaml
@@ -0,0 +1,30 @@
+{{- if eq "prometheus.io/operator" ( include "monitoring.agent" . ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "catalog-manager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- if eq "true" ( include "monitoring.apply-servicemonitor-label" . ) }}
+ {{- include "monitoring.servicemonitor-label" . | nindent 4 }}
+ {{- else }}
+ {{- include "catalog-manager.selectorLabels" . | nindent 4 }}
+ {{- end }}
+spec:
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ {{- include "catalog-manager.selectorLabels" . | nindent 6 }}
+ endpoints:
+ - port: api
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ scheme: https
+ tlsConfig:
+ ca:
+ secret:
+ name: {{ include "catalog-manager.fullname" . }}-apiserver-cert
+ key: tls.crt
+ serverName: "{{ include "catalog-manager.fullname" . }}.{{ .Release.Namespace }}.svc"
+{{- end }}
diff --git a/charts/catalog-manager/values.openapiv3_schema.yaml b/charts/catalog-manager/values.openapiv3_schema.yaml
new file mode 100644
index 000000000..9a10ad03a
--- /dev/null
+++ b/charts/catalog-manager/values.openapiv3_schema.yaml
@@ -0,0 +1,673 @@
+properties:
+ affinity:
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ fullnameOverride:
+ type: string
+ image:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ resources:
+ properties:
+ claims:
+ items:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
+ imagePullPolicy:
+ type: string
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ monitoring:
+ properties:
+ agent:
+ enum:
+ - prometheus.io
+ - prometheus.io/operator
+ - prometheus.io/builtin
+ type: string
+ serviceMonitor:
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ required:
+ - agent
+ - serviceMonitor
+ type: object
+ nameOverride:
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ registryFQDN:
+ type: string
+ replicaCount:
+ type: integer
+ secretReaderServiceAccount:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ tolerations:
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
+ vaultServer:
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+required:
+- image
+- imagePullPolicy
+- monitoring
+- registryFQDN
+- replicaCount
+- serviceAccount
+type: object
diff --git a/charts/catalog-manager/values.yaml b/charts/catalog-manager/values.yaml
new file mode 100644
index 000000000..441f4b43e
--- /dev/null
+++ b/charts/catalog-manager/values.yaml
@@ -0,0 +1,81 @@
+# Default values for catalog-manager.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Overrides name template
+nameOverride: ""
+# Overrides fullname template
+fullnameOverride: ""
+
+replicaCount: 1
+
+# Docker registry fqdn used to pull docker images
+# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
+registryFQDN: ghcr.io
+image:
+ # Docker registry used to pull operator image
+ registry: appscode
+ # Name of operator container image
+ repository: catalog-manager
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ # Compute Resources required by the operator container
+ resources: {}
+ # Security options this container should run with
+ securityContext: # +doc-gen:break
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+
+# Specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+#
+# Example:
+# helm template charts/stash \
+# --set imagePullSecrets[0].name=sec0 \
+# --set imagePullSecrets[1].name=sec1
+imagePullSecrets: []
+# Container image pull policy
+imagePullPolicy: Always
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+monitoring:
+ # Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")
+ agent: ""
+ serviceMonitor:
+ # Specify the labels for ServiceMonitor.
+ # Prometheus crd will select ServiceMonitor using these labels.
+ # Only usable when monitoring agent is `prometheus.io/operator`.
+ labels: {}
+
+vaultServer:
+ name: ""
+ namespace: ""
+
+secretReaderServiceAccount:
+ name: ""
+ namespace: ""
diff --git a/charts/service-backend/.helmignore b/charts/service-backend/.helmignore
new file mode 100644
index 000000000..e03134ce3
--- /dev/null
+++ b/charts/service-backend/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.terraform
+*.tfstate*
diff --git a/charts/service-backend/Chart.yaml b/charts/service-backend/Chart.yaml
new file mode 100644
index 000000000..c6932307b
--- /dev/null
+++ b/charts/service-backend/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: service-backend
+description: A Helm chart for Kubeware Backend Server by AppsCode
+type: application
+version: v2024.2.11
+appVersion: v0.0.1
+home: https://github.com/kubeware
+icon: https://cdn.appscode.com/images/products/searchlight/icons/android-icon-192x192.png
+sources:
+- https://github.com/kubeware
+maintainers:
+- name: appscode
+ email: support@appscode.com
diff --git a/charts/service-backend/README.md b/charts/service-backend/README.md
new file mode 100644
index 000000000..cbeab3547
--- /dev/null
+++ b/charts/service-backend/README.md
@@ -0,0 +1,93 @@
+# Kubeware Backend Server
+
+[Kubeware Backend Server by AppsCode](https://github.com/kubeware/service-backend) - Kubeware Backend Server for Kubernetes
+
+## TL;DR;
+
+```bash
+$ helm repo add appscode https://charts.appscode.com/stable/
+$ helm repo update
+$ helm search repo appscode/service-backend --version=v2024.2.11
+$ helm upgrade -i service-backend appscode/service-backend -n kubeops --create-namespace --version=v2024.2.11
+```
+
+## Introduction
+
+This chart deploys a Kubeware Backend Server on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.21+
+
+## Installing the Chart
+
+To install/upgrade the chart with the release name `service-backend`:
+
+```bash
+$ helm upgrade -i service-backend appscode/service-backend -n kubeops --create-namespace --version=v2024.2.11
+```
+
+The command deploys a Kubeware Backend Server on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall the `service-backend`:
+
+```bash
+$ helm uninstall service-backend -n kubeops
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the `service-backend` chart and their default values.
+
+| Parameter | Description | Default |
+|----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| nameOverride | Overrides name template | "" |
+| fullnameOverride | Overrides fullname template | "" |
+| replicaCount | | 1 |
+| registryFQDN | Docker registry fqdn used to pull docker images Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io |
+| image.registry | Docker registry used to pull operator image | appscode |
+| image.repository | Name of operator container image | service-provider |
+| image.tag | Overrides the image tag whose default is the chart appVersion. | "" |
+| image.resources | Compute Resources required by the operator container | {} |
+| image.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} |
+| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] |
+| imagePullPolicy | Container image pull policy | Always |
+| serviceAccount.create | Specifies whether a service account should be created | true |
+| serviceAccount.annotations | Annotations to add to the service account | {} |
+| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
+| podAnnotations | | {} |
+| podSecurityContext | | {} |
+| nodeSelector | | {} |
+| tolerations | | [] |
+| affinity | | {} |
+| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | "" |
+| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} |
+| server.oidc.clientID | issuer client ID | "" |
+| server.oidc.clientSecret | issuer client Secret | "" |
+| server.oidc.issuerURL | | "https://accounts.appscode.com/" |
+| server.oidc.callbackURL | | "https://bind.appscode.com/callback" |
+| server.providerPrettyName | | "" |
+| server.namespacePrefix | the sync namespace created in the provider side will be named like bb- | "kubeware-" |
+| server.consumerScope | How consumers access the service provider cluster. In Kubernetes, "namespaced" allows namespace isolation. In kcp, "cluster" allows workspace isolation, and with that allows cluster-scoped resources to bind, and it is generally more performant. | "Namespaced" |
+| server.cookie.signingKey | The key which is used to sign cookies, base64 encoded. Valid lengths are 32 or 64 bytes. | "" |
+| server.cookie.encryptionKey | The key which is used to encrypt cookies, base64 encoded, optional. Valid lengths are 16, 24, or 32 bytes selecting AES-128, AES-192, or AES-256. | "" |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
+
+```bash
+$ helm upgrade -i service-backend appscode/service-backend -n kubeops --create-namespace --version=v2024.2.11 --set replicaCount=1
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```bash
+$ helm upgrade -i service-backend appscode/service-backend -n kubeops --create-namespace --version=v2024.2.11 --values values.yaml
+```
diff --git a/charts/service-backend/doc.yaml b/charts/service-backend/doc.yaml
new file mode 100644
index 000000000..c8af4f9f6
--- /dev/null
+++ b/charts/service-backend/doc.yaml
@@ -0,0 +1,18 @@
+project:
+ name: Kubeware Backend Server by AppsCode
+ shortName: Kubeware Backend Server
+ url: https://github.com/kubeware/service-backend
+ description: Kubeware Backend Server for Kubernetes
+ app: a Kubeware Backend Server
+repository:
+ url: https://charts.appscode.com/stable/
+ name: appscode
+chart:
+ name: service-backend
+ values: -- generate from values file --
+ valuesExample: -- generate from values file --
+prerequisites:
+- Kubernetes 1.21+
+release:
+ name: service-backend
+ namespace: kubeops
diff --git a/charts/service-backend/templates/NOTES.txt b/charts/service-backend/templates/NOTES.txt
new file mode 100644
index 000000000..d249f3f48
--- /dev/null
+++ b/charts/service-backend/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that Supervisor has started, run:
+
+ kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "service-backend.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/charts/service-backend/templates/_helpers.tpl b/charts/service-backend/templates/_helpers.tpl
new file mode 100644
index 000000000..8f177b13c
--- /dev/null
+++ b/charts/service-backend/templates/_helpers.tpl
@@ -0,0 +1,107 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "service-backend.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "service-backend.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "service-backend.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "service-backend.labels" -}}
+helm.sh/chart: {{ include "service-backend.chart" . }}
+{{ include "service-backend.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "service-backend.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "service-backend.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "service-backend.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "service-backend.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns the appscode license
+*/}}
+{{- define "appscode.license" -}}
+{{- .Values.license }}
+{{- end }}
+
+{{/*
+Returns the registry used for operator docker image
+*/}}
+{{- define "image.registry" -}}
+{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }}
+{{- end }}
+
+{{- define "appscode.imagePullSecrets" -}}
+{{- with .Values.imagePullSecrets -}}
+imagePullSecrets:
+{{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns the enabled monitoring agent name
+*/}}
+{{- define "monitoring.agent" -}}
+{{- .Values.monitoring.agent }}
+{{- end }}
+
+{{/*
+Returns whether the ServiceMonitor will be labeled with custom label
+*/}}
+{{- define "monitoring.apply-servicemonitor-label" -}}
+{{- ternary "false" "true" ( empty .Values.monitoring.serviceMonitor.labels ) -}}
+{{- end }}
+
+{{/*
+Returns the ServiceMonitor labels
+*/}}
+{{- define "monitoring.servicemonitor-label" -}}
+{{- range $key, $val := .Values.monitoring.serviceMonitor.labels }}
+{{ $key }}: {{ $val }}
+{{- end }}
+{{- end }}
diff --git a/charts/service-backend/templates/cluster-role-binding.yaml b/charts/service-backend/templates/cluster-role-binding.yaml
new file mode 100644
index 000000000..9c8e33ef5
--- /dev/null
+++ b/charts/service-backend/templates/cluster-role-binding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "service-backend.fullname" . }}
+ labels:
+ {{- include "service-backend.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "service-backend.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "service-backend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/service-backend/templates/cluster-role.yaml b/charts/service-backend/templates/cluster-role.yaml
new file mode 100644
index 000000000..e144a8ed4
--- /dev/null
+++ b/charts/service-backend/templates/cluster-role.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "service-backend.fullname" . }}
+ labels:
+ {{- include "service-backend.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - service-backend.appscode.com
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups:
+ - kubedb.com
+ resources: ["*"]
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - kubevault.com
+ resources: ["*"]
+ verbs: ["get", "list", "watch"]
diff --git a/charts/service-backend/templates/deployment.yaml b/charts/service-backend/templates/deployment.yaml
new file mode 100644
index 000000000..b84786166
--- /dev/null
+++ b/charts/service-backend/templates/deployment.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "service-backend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-backend.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "service-backend.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "service-backend.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "service-backend.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.image.securityContext | nindent 12 }}
+{{/* image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}*/}}
+ image: superm4n/service-backend:config_linux_amd64
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ args:
+ - server
+ - --oidc-issuer-url={{ .Values.server.oidc.issuerURL }}
+ - --oidc-callback-url={{ .Values.server.oidc.callbackURL }}
+ - --namespace-prefix={{ .Values.server.namespacePrefix }}
+ - --oidc-issuer-client-id={{ .Values.server.oidc.clientID }}
+ - --oidc-issuer-client-secret={{ .Values.server.oidc.clientSecret }}
+ - --cookie-signing-key={{ .Values.server.cookie.signingKey }}
+ - --cookie-encryption-key={{ .Values.server.cookie.encryptionKey }}
+ - --consumer-scope={{ .Values.server.consumerScope }}
+ env:
+ - name: BIND_BACKEND_IMAGE
+ value: arnobkumarsaha/service-backend:config_linux_amd64
+{{/* value: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}*/}}
+ ports:
+ - containerPort: 3003
+ name: http
+ protocol: TCP
+ resources:
+ {{- toYaml .Values.image.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/service-backend/templates/service.yaml b/charts/service-backend/templates/service.yaml
new file mode 100644
index 000000000..26deaad60
--- /dev/null
+++ b/charts/service-backend/templates/service.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "service-backend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-backend.labels" . | nindent 4 }}
+{{- if eq "prometheus.io/builtin" ( include "monitoring.agent" . ) }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: "/metrics"
+ prometheus.io/port: "8443"
+ prometheus.io/scheme: "https"
+{{- end }}
+spec:
+ ports:
+ # Port used to expose admission webhook apiserver
+ - name: http
+ nodePort: 32375
+ port: 80
+ protocol: TCP
+ targetPort: 3003
+ selector:
+ {{- include "service-backend.selectorLabels" . | nindent 4 }}
+ type: NodePort
diff --git a/charts/service-backend/templates/serviceaccount.yaml b/charts/service-backend/templates/serviceaccount.yaml
new file mode 100644
index 000000000..af5c0700b
--- /dev/null
+++ b/charts/service-backend/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "service-backend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-backend.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/service-backend/templates/servicemonitor.yaml b/charts/service-backend/templates/servicemonitor.yaml
new file mode 100644
index 000000000..d2617c6b9
--- /dev/null
+++ b/charts/service-backend/templates/servicemonitor.yaml
@@ -0,0 +1,30 @@
+{{- if eq "prometheus.io/operator" ( include "monitoring.agent" . ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "service-backend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- if eq "true" ( include "monitoring.apply-servicemonitor-label" . ) }}
+ {{- include "monitoring.servicemonitor-label" . | nindent 4 }}
+ {{- else }}
+ {{- include "service-backend.selectorLabels" . | nindent 4 }}
+ {{- end }}
+spec:
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ {{- include "service-backend.selectorLabels" . | nindent 6 }}
+ endpoints:
+ - port: api
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ scheme: https
+ tlsConfig:
+ ca:
+ secret:
+ name: {{ include "service-backend.fullname" . }}-apiserver-cert
+ key: tls.crt
+ serverName: "{{ include "service-backend.fullname" . }}.{{ .Release.Namespace }}.svc"
+{{- end }}
diff --git a/charts/service-backend/values.openapiv3_schema.yaml b/charts/service-backend/values.openapiv3_schema.yaml
new file mode 100644
index 000000000..c08facb74
--- /dev/null
+++ b/charts/service-backend/values.openapiv3_schema.yaml
@@ -0,0 +1,695 @@
+properties:
+ affinity:
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ fullnameOverride:
+ type: string
+ image:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ resources:
+ properties:
+ claims:
+ items:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
+ imagePullPolicy:
+ type: string
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ monitoring:
+ properties:
+ agent:
+ enum:
+ - prometheus.io
+ - prometheus.io/operator
+ - prometheus.io/builtin
+ type: string
+ serviceMonitor:
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ required:
+ - agent
+ - serviceMonitor
+ type: object
+ nameOverride:
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ registryFQDN:
+ type: string
+ replicaCount:
+ type: integer
+ server:
+ properties:
+ consumerScope:
+ type: string
+ cookie:
+ properties:
+ encryptionKey:
+ type: string
+ signingKey:
+ type: string
+ required:
+ - encryptionKey
+ - signingKey
+ type: object
+ namespacePrefix:
+ type: string
+ oidc:
+ properties:
+ callbackURL:
+ type: string
+ clientID:
+ type: string
+ clientSecret:
+ type: string
+ issuerURL:
+ type: string
+ required:
+ - callbackURL
+ - clientID
+ - clientSecret
+ - issuerURL
+ type: object
+ providerPrettyName:
+ type: string
+ required:
+ - consumerScope
+ - cookie
+ - namespacePrefix
+ - oidc
+ - providerPrettyName
+ type: object
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ tolerations:
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
+required:
+- image
+- imagePullPolicy
+- monitoring
+- registryFQDN
+- replicaCount
+- server
+- serviceAccount
+type: object
diff --git a/charts/service-backend/values.yaml b/charts/service-backend/values.yaml
new file mode 100644
index 000000000..2cdee2c81
--- /dev/null
+++ b/charts/service-backend/values.yaml
@@ -0,0 +1,95 @@
+# Default values for service-backend.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Overrides name template
+nameOverride: ""
+# Overrides fullname template
+fullnameOverride: ""
+
+replicaCount: 1
+
+# Docker registry fqdn used to pull docker images
+# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
+registryFQDN: ghcr.io
+image:
+ # Docker registry used to pull operator image
+ registry: appscode
+ # Name of operator container image
+ repository: service-provider
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ # Compute Resources required by the operator container
+ resources: {}
+ # Security options this container should run with
+ securityContext: # +doc-gen:break
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+
+# Specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+#
+# Example:
+# helm template charts/stash \
+# --set imagePullSecrets[0].name=sec0 \
+# --set imagePullSecrets[1].name=sec1
+imagePullSecrets: []
+# Container image pull policy
+imagePullPolicy: Always
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+monitoring:
+ # Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")
+ agent: ""
+ serviceMonitor:
+ # Specify the labels for ServiceMonitor.
+ # Prometheus crd will select ServiceMonitor using these labels.
+ # Only usable when monitoring agent is `prometheus.io/operator`.
+ labels: {}
+
+
+server:
+ oidc:
+ # issuer client ID
+ clientID: ""
+ # issuer client Secret
+ clientSecret: ""
+ issuerURL: "https://accounts.appscode.com/"
+ callbackURL: "https://bind.appscode.com/callback"
+ providerPrettyName: ""
+ # the sync namespace created in the provider side will be named like bb-
+ namespacePrefix: "kubeware-"
+ # How consumers access the service provider cluster. In Kubernetes, "namespaced" allows namespace isolation.
+ # In kcp, "cluster" allows workspace isolation, and with that allows cluster-scoped resources to bind, and it is generally more performant.
+ consumerScope: "Namespaced"
+
+ cookie:
+ # The key which is used to sign cookies, base64 encoded. Valid lengths are 32 or 64 bytes.
+ signingKey: ""
+ # The key which is used to encrypt cookies, base64 encoded, optional. Valid lengths are 16, 24, or 32 bytes selecting AES-128, AES-192, or AES-256.
+ encryptionKey: ""
diff --git a/charts/service-provider/.helmignore b/charts/service-provider/.helmignore
new file mode 100644
index 000000000..be86b789d
--- /dev/null
+++ b/charts/service-provider/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Helm files
+OWNERS
diff --git a/charts/service-provider/Chart.yaml b/charts/service-provider/Chart.yaml
new file mode 100755
index 000000000..ff86a8c16
--- /dev/null
+++ b/charts/service-provider/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+description: Kubeware Service Provider by AppsCode
+name: service-provider
+version: v2024.2.11
+appVersion: v0.0.1
+home: https://github.com/kubeware
+icon: https://cdn.appscode.com/images/products/stash/service-provider-icon.png
+sources:
+- https://github.com/kubeware
+maintainers:
+- name: appscode
+ email: support@appscode.com
diff --git a/charts/service-provider/OWNERS b/charts/service-provider/OWNERS
new file mode 100644
index 000000000..6731d355c
--- /dev/null
+++ b/charts/service-provider/OWNERS
@@ -0,0 +1,5 @@
+approvers:
+- tamalsaha
+reviewers:
+- tamalsaha
+
diff --git a/charts/service-provider/README.md b/charts/service-provider/README.md
new file mode 100644
index 000000000..06101cad0
--- /dev/null
+++ b/charts/service-provider/README.md
@@ -0,0 +1,111 @@
+# Kubeware Service Provider
+
+[Kubeware Service Provider by AppsCode](https://github.com/kubeware) - Kubeware Service Provider by AppsCode
+
+## TL;DR;
+
+```bash
+$ helm repo add appscode https://charts.appscode.com/stable/
+$ helm repo update
+$ helm search repo appscode/service-provider --version=v2024.2.11
+$ helm upgrade -i service-provider appscode/service-provider -n kubeops --create-namespace --version=v2024.2.11
+```
+
+## Introduction
+
+This chart deploys a Kubeware Service Provider on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.21+
+
+## Installing the Chart
+
+To install/upgrade the chart with the release name `service-provider`:
+
+```bash
+$ helm upgrade -i service-provider appscode/service-provider -n kubeops --create-namespace --version=v2024.2.11
+```
+
+The command deploys a Kubeware Service Provider on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall the `service-provider`:
+
+```bash
+$ helm uninstall service-provider -n kubeops
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the `service-provider` chart and their default values.
+
+| Parameter | Description | Default |
+|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| nameOverride | Overrides name template | "" |
+| fullnameOverride | Overrides fullname template | "" |
+| replicaCount | Number of stash operator replicas to create (only 1 is supported) | 1 |
+| registryFQDN | Docker registry fqdn used to pull Stash related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io |
+| operator.registry | Docker registry used to pull operator image | appscode |
+| operator.repository | Name of operator container image | service-provider |
+| operator.tag | Operator container image tag | "" |
+| operator.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} |
+| operator.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534} |
+| rbacproxy.registry | Docker registry used to pull operator image | appscode |
+| rbacproxy.repository | Name of operator container image | kube-rbac-proxy |
+| rbacproxy.tag | Operator container image tag | v0.11.0 |
+| rbacproxy.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} |
+| rbacproxy.securityContext | Security options this container should run with | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534} |
+| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/stash \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] |
+| imagePullPolicy | Container image pull policy | IfNotPresent |
+| criticalAddon | If true, installs Stash operator as critical addon | false |
+| logLevel | Log level for operator | 3 |
+| annotations | Annotations applied to operator deployment | {} |
+| podAnnotations | Annotations passed to operator pod(s). | {} |
+| podLabels | Labels passed to operator pod(s) | {} |
+| nodeSelector | Node labels for pod assignment | {"kubernetes.io/os":"linux"} |
+| tolerations | Tolerations for pod assignment | [] |
+| affinity | Affinity rules for pod assignment | {} |
+| podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} |
+| serviceAccount.create | Specifies whether a service account should be created | true |
+| serviceAccount.annotations | Annotations to add to the service account | {} |
+| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | 10000 |
+| apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 |
+| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true |
+| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | false |
+| apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. | not-ca-cert |
+| apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | false |
+| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true |
+| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false |
+| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true |
+| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" |
+| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" |
+| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" |
+| monitoring.agent | Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") | "none" |
+| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | {} |
+| provider.namespacePrefix | the sync namespace created in the provider side will be named like bb- | "kubeware-" |
+| provider.providerPrettyName | the name of the provider | "Appscode" |
+| provider.consumerScope | How consumers access the service provider cluster. In Kubernetes, "namespaced" allows namespace isolation. In kcp, "cluster" allows workspace isolation, and with that allows cluster-scoped resources to bind, and it is generally more performant. | "Namespaced" |
+| provider.external.address | The external address for the service provider cluster, including https:// and port. If not specified, service account's hosts are used. | "" |
+| provider.external.serverName | The external (TLS) server name used by consumers to talk to the service provider cluster. This can be useful to select the right certificate via SNI. | "" |
+| provider.external.CAFile | The external CA file for the service provider cluster. If not specified, service account's CA is used. | "" |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
+
+```bash
+$ helm upgrade -i service-provider appscode/service-provider -n kubeops --create-namespace --version=v2024.2.11 --set replicaCount=1
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```bash
+$ helm upgrade -i service-provider appscode/service-provider -n kubeops --create-namespace --version=v2024.2.11 --values values.yaml
+```
diff --git a/charts/service-provider/ci/ci-values.yaml b/charts/service-provider/ci/ci-values.yaml
new file mode 100644
index 000000000..8a70e66a6
--- /dev/null
+++ b/charts/service-provider/ci/ci-values.yaml
@@ -0,0 +1,9 @@
+# https://github.com/helm/charts/blob/master/test/README.md#providing-custom-test-values
+operator:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+rbacproxy:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
diff --git a/charts/service-provider/crds/kubeware.dev_apiservicebindings.yaml b/charts/service-provider/crds/kubeware.dev_apiservicebindings.yaml
new file mode 100644
index 000000000..8d937be69
--- /dev/null
+++ b/charts/service-provider/crds/kubeware.dev_apiservicebindings.yaml
@@ -0,0 +1,172 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ name: apiservicebindings.kubeware.dev
+spec:
+ group: kubeware.dev
+ names:
+ categories:
+ - kubewares
+ kind: APIServiceBinding
+ listKind: APIServiceBindingList
+ plural: apiservicebindings
+ shortNames:
+ - sb
+ singular: apiservicebinding
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.providerPrettyName
+ name: Provider
+ type: string
+ - jsonPath: .metadata.annotations.kubeware\.dev/resources
+ name: Resources
+ priority: 1
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Message
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: APIServiceBinding binds an API service represented by a APIServiceExport
+ in a service provider cluster into a consumer cluster. This object lives
+ in the consumer cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec specifies how an API service from a service provider
+ should be bound in the local consumer cluster.
+ properties:
+ kubeconfigSecretRefs:
+ description: kubeconfigSecretName is the secret ref that contains
+ the kubeconfig of the service cluster.
+ items:
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ "kubeconfig".
+ enum:
+ - kubeconfig
+ type: string
+ name:
+ description: Name of the referent.
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ minLength: 1
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ type: array
+ required:
+ - kubeconfigSecretRefs
+ type: object
+ status:
+ description: status contains reconciliation information for a service
+ binding.
+ properties:
+ conditions:
+ description: conditions is a list of conditions that apply to the
+ APIServiceBinding.
+ items:
+ description: Condition defines an observation of a object operational
+ state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ kubeconfigs:
+ items:
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ "kubeconfig".
+ enum:
+ - kubeconfig
+ type: string
+ name:
+ description: Name of the referent.
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ minLength: 1
+ type: string
+ required:
+ - key
+ - name
+ - namespace
+ type: object
+ type: array
+ providerPrettyName:
+ description: providerPrettyName is the pretty name of the service
+ provider cluster. This can be shared among different APIServiceBindings.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/service-provider/crds/kubeware.dev_apiserviceexportrequests.yaml b/charts/service-provider/crds/kubeware.dev_apiserviceexportrequests.yaml
new file mode 100644
index 000000000..6f58f88f7
--- /dev/null
+++ b/charts/service-provider/crds/kubeware.dev_apiserviceexportrequests.yaml
@@ -0,0 +1,160 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ name: apiserviceexportrequests.kubeware.dev
+spec:
+ group: kubeware.dev
+ names:
+ categories:
+ - kubewares
+ kind: APIServiceExportRequest
+ listKind: APIServiceExportRequestList
+ plural: apiserviceexportrequests
+ singular: apiserviceexportrequest
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: "APIServiceExportRequest is represents a request session of kubectl-bind-apiservice.
+ \n The service provider can prune these objects after some time."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec specifies how an API service from a service provider
+ should be bound in the local consumer cluster.
+ properties:
+ parameters:
+ description: parameters holds service provider specific parameters
+ for this binding request.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ x-kubernetes-validations:
+ - message: parameters are immutable
+ rule: self == oldSelf
+ resources:
+ description: resources is a list of resources that should be exported.
+ items:
+ properties:
+ group:
+ default: ""
+ description: group is the name of an API group. For core groups
+ this is the empty string '""'.
+ pattern: ^(|[a-z0-9]([-a-z0-9]*[a-z0-9](\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)?)$
+ type: string
+ resource:
+ description: 'resource is the name of the resource. Note: it
+ is worth noting that you can not ask for permissions for resource
+ provided by a CRD not provided by an service binding export.'
+ pattern: ^[a-z][-a-z0-9]*[a-z0-9]$
+ type: string
+ versions:
+ description: versions is a list of versions that should be exported.
+ If this is empty a sensible default is chosen by the service
+ provider.
+ items:
+ type: string
+ type: array
+ required:
+ - resource
+ type: object
+ minItems: 1
+ type: array
+ x-kubernetes-validations:
+ - message: resources are immutable
+ rule: self == oldSelf
+ required:
+ - resources
+ type: object
+ status:
+ description: status contains reconciliation information for a service
+ binding.
+ properties:
+ conditions:
+ description: conditions is a list of conditions that apply to the
+ ClusterBinding. It is updated by the konnector and the service provider.
+ items:
+ description: Condition defines an observation of a object operational
+ state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ default: Pending
+ description: phase is the current phase of the binding request. It
+ starts in Pending and transitions to Succeeded or Failed. See the
+ condition for detailed information.
+ enum:
+ - Pending
+ - Failed
+ - Succeeded
+ type: string
+ terminalMessage:
+ description: terminalMessage is a human readable message that describes
+ the reason for the current phase.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/service-provider/crds/kubeware.dev_apiserviceexports.yaml b/charts/service-provider/crds/kubeware.dev_apiserviceexports.yaml
new file mode 100644
index 000000000..6598c4850
--- /dev/null
+++ b/charts/service-provider/crds/kubeware.dev_apiserviceexports.yaml
@@ -0,0 +1,416 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ name: apiserviceexports.kubeware.dev
+spec:
+ group: kubeware.dev
+ names:
+ categories:
+ - kubewares
+ kind: APIServiceExport
+ listKind: APIServiceExportList
+ plural: apiserviceexports
+ singular: apiserviceexport
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="Established")].status
+ name: Established
+ priority: 5
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'APIServiceExport specifies the resource to be exported. It is
+ mostly a CRD: - the spec is a CRD spec, but without webhooks - the status
+ reflects that on the consumer cluster'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec specifies the resource.
+ properties:
+ clusterScopedIsolation:
+ description: ClusterScopedIsolation specifies how cluster scoped service
+ objects are isolated between multiple consumers on the provider
+ side. It can be "Prefixed", "Namespaced", or "None".
+ enum:
+ - Prefixed
+ - Namespaced
+ - None
+ type: string
+ group:
+ description: "group is the API group of the defined custom resource.
+ Empty string means the core API group. \tThe resources are served
+ under `/apis//...` or `/api` for the core group."
+ type: string
+ informerScope:
+ description: "informerScope is the scope of the APIServiceExport.
+ It can be either Cluster or Namespace. \n Cluster: The konnector
+ has permission to watch all namespaces at once and cluster-scoped
+ resources. This is more efficient than watching each namespace individually.
+ Namespaced: The konnector has permission to watch only single namespaces.
+ This is more resource intensive. And it means cluster-scoped resources
+ cannot be exported."
+ enum:
+ - Cluster
+ - Namespaced
+ type: string
+ x-kubernetes-validations:
+ - message: informerScope is immutable
+ rule: self == oldSelf
+ names:
+ description: names specify the resource and kind names for the custom
+ resource.
+ properties:
+ categories:
+ description: categories is a list of grouped resources this custom
+ resource belongs to (e.g. 'all'). This is published in API discovery
+ documents, and used by clients to support invocations like `kubectl
+ get all`.
+ items:
+ type: string
+ type: array
+ kind:
+ description: kind is the serialized kind of the resource. It is
+ normally CamelCase and singular. Custom resource instances will
+ use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the
+ form `.`). Must be all lowercase.
+ type: string
+ shortNames:
+ description: shortNames are short names for the resource, exposed
+ in API discovery documents, and used by clients to support invocations
+ like `kubectl get `. It must be all lowercase.
+ items:
+ type: string
+ type: array
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ scope:
+ description: scope indicates whether the defined custom resource is
+ cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`.
+ enum:
+ - Cluster
+ - Namespaced
+ type: string
+ versions:
+ description: "versions is the API version of the defined custom resource.
+ \n Note: the OpenAPI v3 schemas must be equal for all versions until
+ CEL version migration is supported."
+ items:
+ description: APIServiceExportVersion describes one API version of
+ a resource.
+ properties:
+ additionalPrinterColumns:
+ description: additionalPrinterColumns specifies additional columns
+ returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
+ for details. If no columns are specified, a single column
+ displaying the age of the custom resource is used.
+ items:
+ description: CustomResourceColumnDefinition specifies a column
+ for server side printing.
+ properties:
+ description:
+ description: description is a human readable description
+ of this column.
+ type: string
+ format:
+ description: format is an optional OpenAPI type definition
+ for this column. The 'name' format is applied to the
+ primary identifier column to assist in clients identifying
+ column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
+ for details.
+ type: string
+ jsonPath:
+ description: jsonPath is a simple JSON path (i.e. with
+ array notation) which is evaluated against each custom
+ resource to produce the value for this column.
+ type: string
+ name:
+ description: name is a human readable name for the column.
+ type: string
+ priority:
+ description: priority is an integer defining the relative
+ importance of this column compared to others. Lower
+ numbers are considered higher priority. Columns that
+ may be omitted in limited space scenarios should be
+ given a priority greater than 0.
+ format: int32
+ type: integer
+ type:
+ description: type is an OpenAPI type definition for this
+ column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
+ for details.
+ type: string
+ required:
+ - jsonPath
+ - name
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ deprecated:
+ description: deprecated indicates this version of the custom
+ resource API is deprecated. When set to true, API requests
+ to this version receive a warning header in the server response.
+ Defaults to false.
+ type: boolean
+ deprecationWarning:
+ description: deprecationWarning overrides the default warning
+ returned to API clients. May only be set when `deprecated`
+ is true. The default warning indicates this version is deprecated
+ and recommends use of the newest served version of equal or
+ greater stability, if one exists.
+ type: string
+ name:
+ description: name is the version name, e.g. “v1”, “v2beta1”,
+ etc. The custom resources are served under this version at
+ `/apis///...` if `served` is true.
+ minLength: 1
+ pattern: ^v[1-9][0-9]*([a-z]+[1-9][0-9]*)?$
+ type: string
+ schema:
+ description: schema describes the structural schema used for
+ validation, pruning, and defaulting of this version of the
+ custom resource.
+ properties:
+ openAPIV3Schema:
+ description: openAPIV3Schema is the OpenAPI v3 schema to
+ use for validation and pruning.
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - openAPIV3Schema
+ type: object
+ served:
+ default: true
+ description: served is a flag enabling/disabling this version
+ from being served via REST APIs
+ type: boolean
+ storage:
+ description: storage indicates this version should be used when
+ persisting custom resources to storage. There must be exactly
+ one version with storage=true.
+ type: boolean
+ subresources:
+ description: subresources specify what subresources this version
+ of the defined custom resource have.
+ properties:
+ scale:
+ description: scale indicates the custom resource should
+ serve a `/scale` subresource that returns an `autoscaling/v1`
+ Scale object.
+ properties:
+ labelSelectorPath:
+ description: 'labelSelectorPath defines the JSON path
+ inside of a custom resource that corresponds to Scale
+ `status.selector`. Only JSON paths without the array
+ notation are allowed. Must be a JSON Path under `.status`
+ or `.spec`. Must be set to work with HorizontalPodAutoscaler.
+ The field pointed by this JSON path must be a string
+ field (not a complex selector struct) which contains
+ a serialized label selector in string form. More info:
+ https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
+ If there is no value under the given path in the custom
+ resource, the `status.selector` value in the `/scale`
+ subresource will default to the empty string.'
+ type: string
+ specReplicasPath:
+ description: specReplicasPath defines the JSON path
+ inside of a custom resource that corresponds to Scale
+ `spec.replicas`. Only JSON paths without the array
+ notation are allowed. Must be a JSON Path under `.spec`.
+ If there is no value under the given path in the custom
+ resource, the `/scale` subresource will return an
+ error on GET.
+ type: string
+ statusReplicasPath:
+ description: statusReplicasPath defines the JSON path
+ inside of a custom resource that corresponds to Scale
+ `status.replicas`. Only JSON paths without the array
+ notation are allowed. Must be a JSON Path under `.status`.
+ If there is no value under the given path in the custom
+ resource, the `status.replicas` value in the `/scale`
+ subresource will default to 0.
+ type: string
+ required:
+ - specReplicasPath
+ - statusReplicasPath
+ type: object
+ status:
+ description: 'status indicates the custom resource should
+ serve a `/status` subresource. When enabled: 1. requests
+ to the custom resource primary endpoint ignore changes
+ to the `status` stanza of the object. 2. requests to the
+ custom resource `/status` subresource ignore changes to
+ anything other than the `status` stanza of the object.'
+ type: object
+ type: object
+ required:
+ - name
+ - schema
+ - served
+ - storage
+ type: object
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - informerScope
+ type: object
+ x-kubernetes-validations:
+ - message: informerScope must be Cluster for cluster-scoped resources
+ rule: self.scope == "Namespaced" || self.informerScope == "Cluster"
+ - message: clusterScopedIsolation must be defined for cluster-scoped resources
+ rule: self.scope == "Namespaced" || has(self.clusterScopedIsolation)
+ - message: clusterScopedIsolation is not relevant for namespaced resources
+ rule: self.scope == "Cluster" || !has(self.clusterScopedIsolation)
+ status:
+ description: status contains reconciliation information for the resource.
+ properties:
+ acceptedNames:
+ description: acceptedNames are the names that are actually being used
+ to serve discovery. They may be different than the names in spec.
+ properties:
+ categories:
+ description: categories is a list of grouped resources this custom
+ resource belongs to (e.g. 'all'). This is published in API discovery
+ documents, and used by clients to support invocations like `kubectl
+ get all`.
+ items:
+ type: string
+ type: array
+ kind:
+ description: kind is the serialized kind of the resource. It is
+ normally CamelCase and singular. Custom resource instances will
+ use this value as the `kind` attribute in API calls.
+ type: string
+ listKind:
+ description: listKind is the serialized kind of the list for this
+ resource. Defaults to "`kind`List".
+ type: string
+ plural:
+ description: plural is the plural name of the resource to serve.
+ The custom resources are served under `/apis///.../`.
+ Must match the name of the CustomResourceDefinition (in the
+ form `.`). Must be all lowercase.
+ type: string
+ shortNames:
+ description: shortNames are short names for the resource, exposed
+ in API discovery documents, and used by clients to support invocations
+ like `kubectl get `. It must be all lowercase.
+ items:
+ type: string
+ type: array
+ singular:
+ description: singular is the singular name of the resource. It
+ must be all lowercase. Defaults to lowercased `kind`.
+ type: string
+ required:
+ - kind
+ - plural
+ type: object
+ conditions:
+ description: conditions is a list of conditions that apply to the
+ APIServiceExport. It is updated by the konnector on the consumer
+ cluster.
+ items:
+ description: Condition defines an observation of a object operational
+ state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ storedVersions:
+ description: storedVersions lists all versions of CustomResources
+ that were ever persisted. Tracking these versions allows a migration
+ path for stored versions in etcd. The field is mutable so a migration
+ controller can finish a migration to another version (ensuring no
+ old objects are left in storage), and then remove the rest of the
+ versions from this list. Versions may not be removed from `spec.versions`
+ while they exist in this list.
+ items:
+ type: string
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: informerScope is immutable
+ rule: self.metadata.name == self.spec.names.plural+"."+self.spec.group
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/service-provider/crds/kubeware.dev_apiservicenamespaces.yaml b/charts/service-provider/crds/kubeware.dev_apiservicenamespaces.yaml
new file mode 100644
index 000000000..0c00567b5
--- /dev/null
+++ b/charts/service-provider/crds/kubeware.dev_apiservicenamespaces.yaml
@@ -0,0 +1,61 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ name: apiservicenamespaces.kubeware.dev
+spec:
+ group: kubeware.dev
+ names:
+ categories:
+ - kubewares
+ kind: APIServiceNamespace
+ listKind: APIServiceNamespaceList
+ plural: apiservicenamespaces
+ singular: apiservicenamespace
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.namespace
+ name: Namespace
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: "APIServiceNamespace defines how consumer namespaces map to service
+ namespaces. These objects are created by the konnector, and a service namespace
+ is then created by the service provider. \n The name of the APIServiceNamespace
+ equals the namespace name in the consumer cluster."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec specifies a service namespace.
+ type: object
+ status:
+ description: status contains reconciliation information for a service
+ namespace
+ properties:
+ namespace:
+ description: namespace is the service provider namespace name that
+ will be bound to the consumer namespace named like this object.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/service-provider/crds/kubeware.dev_clusterbindings.yaml b/charts/service-provider/crds/kubeware.dev_clusterbindings.yaml
new file mode 100644
index 000000000..65da47103
--- /dev/null
+++ b/charts/service-provider/crds/kubeware.dev_clusterbindings.yaml
@@ -0,0 +1,164 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ name: clusterbindings.kubeware.dev
+spec:
+ group: kubeware.dev
+ names:
+ categories:
+ - kubewares
+ kind: ClusterBinding
+ listKind: ClusterBindingList
+ plural: clusterbindings
+ singular: clusterbinding
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.konnectorVersion
+ name: Konnector Version
+ type: string
+ - jsonPath: .status.lastHeartbeatTime
+ name: Last Heartbeat
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterBinding represents a bound consumer class. It lives in
+ a service provider cluster and is a singleton named "cluster".
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec represents the data in the newly created ClusterBinding.
+ properties:
+ kubeconfigSecretRef:
+ description: kubeconfigSecretName is the secret ref that contains
+ the kubeconfig of the service cluster.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be "kubeconfig".
+ enum:
+ - kubeconfig
+ type: string
+ name:
+ description: Name of the referent.
+ minLength: 1
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: kubeconfigSecretRef is immutable
+ rule: self == oldSelf
+ providerPrettyName:
+ description: providerPrettyName is the pretty name of the service
+ provider cluster. This can be shared among different ServiceBindings.
+ minLength: 1
+ type: string
+ serviceProviderSpec:
+ description: serviceProviderSpec contains all the data and information
+ about the service which has been bound to the service binding request.
+ The service providers decide what they need and what to configure
+ based on what then include in this field, such as service region,
+ type, tiers, etc...
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - kubeconfigSecretRef
+ - providerPrettyName
+ type: object
+ status:
+ description: status contains reconciliation information for the service
+ binding.
+ properties:
+ conditions:
+ description: conditions is a list of conditions that apply to the
+ ClusterBinding. It is updated by the konnector and the service provider.
+ items:
+ description: Condition defines an observation of a object operational
+ state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ heartbeatInterval:
+ description: heartbeatInterval is the maximal interval between heartbeats
+ that the konnector promises to send. The service provider can assume
+ that the konnector is not unhealthy if it does not receive a heartbeat
+ within this time.
+ type: string
+ konnectorVersion:
+ description: konnectorVersion is the version of the konnector that
+ is running on the consumer cluster.
+ type: string
+ lastHeartbeatTime:
+ description: lastHeartbeatTime is the last time the konnector updated
+ the status.
+ format: date-time
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ x-kubernetes-validations:
+ - message: cluster binding name should be cluster
+ rule: self.metadata.name == "cluster"
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/service-provider/doc.yaml b/charts/service-provider/doc.yaml
new file mode 100644
index 000000000..106e80dab
--- /dev/null
+++ b/charts/service-provider/doc.yaml
@@ -0,0 +1,18 @@
+project:
+ name: Kubeware Service Provider by AppsCode
+ shortName: Kubeware Service Provider
+ url: https://github.com/kubeware
+ description: Kubeware Service Provider by AppsCode
+ app: a Kubeware Service Provider
+repository:
+ url: https://charts.appscode.com/stable/
+ name: appscode
+chart:
+ name: service-provider
+ values: -- generate from values file --
+ valuesExample: -- generate from values file --
+prerequisites:
+- Kubernetes 1.21+
+release:
+ name: service-provider
+ namespace: kubeops
diff --git a/charts/service-provider/templates/NOTES.txt b/charts/service-provider/templates/NOTES.txt
new file mode 100644
index 000000000..12752db6c
--- /dev/null
+++ b/charts/service-provider/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that Stash has started, run:
+
+ kubectl get deployment --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "service-provider.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/charts/service-provider/templates/_helpers.tpl b/charts/service-provider/templates/_helpers.tpl
new file mode 100644
index 000000000..4a5d227e6
--- /dev/null
+++ b/charts/service-provider/templates/_helpers.tpl
@@ -0,0 +1,98 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "service-provider.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "service-provider.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "service-provider.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "service-provider.labels" -}}
+helm.sh/chart: {{ include "service-provider.chart" . }}
+{{ include "service-provider.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "service-provider.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "service-provider.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- with .Values.podLabels }}
+{{- toYaml . | nindent 0 }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "service-provider.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "service-provider.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{- define "service-provider.webhookServiceName" -}}
+{{- printf "%s-webhook-server" (include "service-provider.fullname" . ) | trunc 63 | trimPrefix "-" -}}
+{{- end -}}
+
+{{/*
+Returns the registry used for operator docker image
+*/}}
+{{- define "operator.registry" -}}
+{{- list .Values.registryFQDN .Values.operator.registry | compact | join "/" }}
+{{- end }}
+
+{{/*
+Returns the registry used for kube-rbac-proxy docker image
+*/}}
+{{- define "rbacproxy.registry" -}}
+{{- list .Values.registryFQDN .Values.rbacproxy.registry | compact | join "/" }}
+{{- end }}
+
+{{- define "appscode.imagePullSecrets" -}}
+{{- with .Values.imagePullSecrets -}}
+imagePullSecrets:
+{{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+
+{{- define "image-pull-secrets" -}}
+{{- with .Values.imagePullSecrets -}}
+imagePullSecrets:
+{{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/service-provider/templates/provider/deployment.yaml b/charts/service-provider/templates/provider/deployment.yaml
new file mode 100644
index 000000000..09dc34321
--- /dev/null
+++ b/charts/service-provider/templates/provider/deployment.yaml
@@ -0,0 +1,81 @@
+{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }}
+{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }}
+{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "service-provider.fullname" . }}-operator
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/component: operator
+ {{- include "service-provider.labels" . | nindent 4 }}
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: operator
+ {{- include "service-provider.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: operator
+ {{- include "service-provider.selectorLabels" . | nindent 8 }}
+ annotations:
+ {{- if $criticalAddon }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ {{- end }}
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "service-provider.serviceAccountName" . }}
+ containers:
+ - name: operator
+ image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ securityContext:
+ {{- toYaml .Values.operator.securityContext | nindent 10 }}
+ args:
+ - provider
+ - --namespace-prefix={{ .Values.provider.namespacePrefix }}
+ - --pretty-name={{ .Values.provider.providerPrettyName }}
+ - --consumer-scope={{ .Values.provider.consumerScope }}
+ - --external-address={{ .Values.provider.external.address }}
+ - --external-ca-file={{ .Values.provider.external.CAFile }}
+ - --external-server-name={{ .Values.provider.external.serverName }}
+{{/* - --subject=*/}}
+{{/* - --cluster-id=*/}}
+{{/* - --group=*/}}
+{{/* - --resource=*/}}
+{{/* - --kubeconfig="/.kube/config"*/}}
+{{/* - --namespace=*/}}
+ resources:
+ {{- toYaml .Values.operator.resources | nindent 10 }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- if or .Values.tolerations $criticalAddon }}
+ tolerations:
+ {{- with .Values.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if $criticalAddon }}
+ - key: CriticalAddonsOnly
+ operator: Exists
+ {{- end -}}
+ {{- end -}}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if $criticalAddon }}
+ priorityClassName: system-cluster-critical
+ {{- end -}}
diff --git a/charts/service-provider/templates/rbac/auth_proxy.yaml b/charts/service-provider/templates/rbac/auth_proxy.yaml
new file mode 100644
index 000000000..051e31457
--- /dev/null
+++ b/charts/service-provider/templates/rbac/auth_proxy.yaml
@@ -0,0 +1,35 @@
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "service-provider.fullname" . }}-auth-proxy
+rules:
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "service-provider.fullname" . }}-auth-proxy
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "service-provider.fullname" . }}-auth-proxy
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "service-provider.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+
+{{ end }}
diff --git a/charts/service-provider/templates/rbac/cluster_role.yaml b/charts/service-provider/templates/rbac/cluster_role.yaml
new file mode 100644
index 000000000..44b583d1f
--- /dev/null
+++ b/charts/service-provider/templates/rbac/cluster_role.yaml
@@ -0,0 +1,76 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - "clusterroles"
+ - "clusterrolebindings"
+ - "roles"
+ - "rolebindings"
+ verbs: ["*"]
+- apiGroups:
+ - ""
+ resources:
+ - "namespaces"
+ - "serviceaccounts"
+ verbs: ["get", "list", "watch", "create"]
+- apiGroups:
+ - "apiextensions.k8s.io"
+ resources:
+ - "customresourcedefinitions"
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiserviceexportrequests"
+ verbs: ["*"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiserviceexportrequests/status"
+ verbs: ["patch","update","get"]
+- apiGroups:
+ - ""
+ resources:
+ - "secrets"
+ verbs: ["*"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "clusterbindings"
+ verbs: ["get", "watch", "list", "create"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "clusterbindings/status"
+ verbs: ["get","patch","update"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiserviceexports"
+ verbs: ["get", "watch", "list", "create"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiserviceexports/status"
+ verbs: ["get","patch","update"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiservicenamespaces"
+ verbs: ["*"]
+- apiGroups:
+ - "kubeware.dev"
+ resources:
+ - "apiservicenamespaces/status"
+ verbs: ["patch", "update", "get"]
diff --git a/charts/service-provider/templates/rbac/cluster_role_binding.yaml b/charts/service-provider/templates/rbac/cluster_role_binding.yaml
new file mode 100644
index 000000000..262593955
--- /dev/null
+++ b/charts/service-provider/templates/rbac/cluster_role_binding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "service-provider.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "service-provider.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/service-provider/templates/rbac/serviceaccount.yaml b/charts/service-provider/templates/rbac/serviceaccount.yaml
new file mode 100644
index 000000000..e77831d9b
--- /dev/null
+++ b/charts/service-provider/templates/rbac/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "service-provider.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/charts/service-provider/templates/rbac/user_roles.yaml b/charts/service-provider/templates/rbac/user_roles.yaml
new file mode 100644
index 000000000..107229ae3
--- /dev/null
+++ b/charts/service-provider/templates/rbac/user_roles.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: appscode:kubeware:edit
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation
+rules:
+- apiGroups:
+ - kubeware.dev
+ resources:
+ - "*"
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: appscode:kubeware:view
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation
+rules:
+- apiGroups:
+ - kubeware.dev
+ resources:
+ - "*"
+ verbs: ["get", "list", "watch"]
diff --git a/charts/service-provider/templates/webhook-server/cert.yaml b/charts/service-provider/templates/webhook-server/cert.yaml
new file mode 100644
index 000000000..903f435e8
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/cert.yaml
@@ -0,0 +1,31 @@
+{{- $caCrt := "" }}
+{{- $serverCrt := "" }}
+{{- $serverKey := "" }}
+{{- if .Values.apiserver.servingCerts.generate }}
+{{- $ca := genCA "ca" 3650 }}
+{{- $cn := include "service-provider.webhookServiceName" . -}}
+{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }}
+{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }}
+{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
+{{- $caCrt = b64enc $ca.Cert }}
+{{- $serverCrt = b64enc $server.Cert }}
+{{- $serverKey = b64enc $server.Key }}
+{{- else }}
+{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }}
+{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }}
+{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }}
+{{- end }}
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "service-provider.fullname" . }}-webhook-cert
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+type: Opaque
+data:
+ ca.crt: {{ $caCrt }}
+ tls.crt: {{ $serverCrt }}
+ tls.key: {{ $serverKey }}
+{{- end }}
diff --git a/charts/service-provider/templates/webhook-server/deployment.yaml b/charts/service-provider/templates/webhook-server/deployment.yaml
new file mode 100644
index 000000000..cba8e5438
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/deployment.yaml
@@ -0,0 +1,124 @@
+{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }}
+{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }}
+{{- $criticalAddon := and .Values.criticalAddon (or (eq .Release.Namespace "kube-system") (and (ge $major 1) (ge $minor 17))) -}}
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "service-provider.fullname" . }}-webhook-server
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/component: webhook-server
+ {{- include "service-provider.labels" . | nindent 4 }}
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: webhook-server
+ {{- include "service-provider.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: webhook-server
+ {{- include "service-provider.selectorLabels" . | nindent 8 }}
+ annotations:
+ checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/webhook-server/cert.yaml") . | sha256sum }}
+ {{- if $criticalAddon }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ {{- end }}
+ {{- with .Values.podAnnotations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "appscode.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "service-provider.serviceAccountName" . }}
+ containers:
+ - name: webhook-server
+ image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ securityContext:
+ {{- toYaml .Values.operator.securityContext | nindent 10 }}
+ args:
+ - webhook
+ - --webhook-name={{ include "service-provider.fullname" . }}
+ ports:
+ - name: webhook-server
+ containerPort: 9443
+ protocol: TCP
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.apiserver.healthcheck.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ {{- end }}
+ resources:
+ {{- toYaml .Values.operator.resources | nindent 10 }}
+ volumeMounts:
+ - name: serving-cert
+ mountPath: /var/serving-cert
+ readOnly: true
+ - name: kube-rbac-proxy
+ image: "{{ include "rbacproxy.registry" . }}/{{ .Values.rbacproxy.repository }}:{{ .Values.rbacproxy.tag }}"
+ securityContext:
+ {{- toYaml .Values.rbacproxy.securityContext | nindent 10 }}
+ args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ {{- toYaml .Values.rbacproxy.resources | nindent 10 }}
+ volumes:
+ - name: serving-cert
+ secret:
+ defaultMode: 420
+ secretName: {{ include "service-provider.fullname" . }}-webhook-cert
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- if or .Values.tolerations $criticalAddon }}
+ tolerations:
+ {{- with .Values.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if $criticalAddon }}
+ - key: CriticalAddonsOnly
+ operator: Exists
+ {{- end -}}
+ {{- end -}}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if $criticalAddon }}
+ priorityClassName: system-cluster-critical
+ {{- end -}}
+{{ end }}
diff --git a/charts/service-provider/templates/webhook-server/monitoring/service.yaml b/charts/service-provider/templates/webhook-server/monitoring/service.yaml
new file mode 100644
index 000000000..52f390b35
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/monitoring/service.yaml
@@ -0,0 +1,27 @@
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+ {{- if eq .Values.monitoring.agent "prometheus.io/builtin" }}
+ annotations:
+ prometheus.io/scrape: "true"
+ {{- if .Values.monitoring.operator }}
+ prometheus.io/operator_path: "/metrics"
+ prometheus.io/operator_port: "8443"
+ prometheus.io/operator_scheme: "https"
+ {{- end }}
+ {{- end }}
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ app.kubernetes.io/component: webhook-server
+ {{- include "service-provider.selectorLabels" . | nindent 4 }}
+{{ end }}
diff --git a/charts/service-provider/templates/webhook-server/monitoring/servicemonitor.yaml b/charts/service-provider/templates/webhook-server/monitoring/servicemonitor.yaml
new file mode 100644
index 000000000..648d21c94
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/monitoring/servicemonitor.yaml
@@ -0,0 +1,37 @@
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+{{- if eq .Values.monitoring.agent "prometheus.io/operator" }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- if .Values.monitoring.serviceMonitor.labels }}
+ {{- range $key, $val := .Values.monitoring.serviceMonitor.labels }}
+ {{ $key }}: {{ $val }}
+ {{- end }}
+ {{- else }}
+ {{- include "service-provider.selectorLabels" . | nindent 4 }}
+ {{- end }}
+spec:
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ {{- include "service-provider.selectorLabels" . | nindent 6 }}
+ endpoints:
+ {{- if .Values.monitoring.operator }}
+ - port: https
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ path: /metrics
+ scheme: https
+ tlsConfig:
+ ca:
+ secret:
+ name: {{ include "service-provider.fullname" . }}-webhook-cert
+ key: tls.crt
+ serverName: "{{ include "service-provider.fullname" . }}.{{ .Release.Namespace }}.svc"
+ {{- end }}
+{{- end }}
+{{ end }}
diff --git a/charts/service-provider/templates/webhook-server/mutating_webhook.yaml b/charts/service-provider/templates/webhook-server/mutating_webhook.yaml
new file mode 100644
index 000000000..b17bae6ec
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/mutating_webhook.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.apiserver.enableMutatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: {{ include "service-provider.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /mutate-kubeware-dev-v1-clusterbinding
+ caBundle: {{ b64enc .Values.apiserver.ca }}
+ failurePolicy: Fail
+ name: clusterbindings.kubeware.dev
+ rules:
+ - apiGroups:
+ - kubeware.dev
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterbindings
+ sideEffects: None
+{{ end }}
diff --git a/charts/service-provider/templates/webhook-server/validating_webhook.yaml b/charts/service-provider/templates/webhook-server/validating_webhook.yaml
new file mode 100644
index 000000000..f5e9b4178
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/validating_webhook.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.apiserver.enableValidatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ include "service-provider.fullname" . }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: {{ include "service-provider.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-kubeware-dev-v1-clusterbinding
+ caBundle: {{ b64enc .Values.apiserver.ca }}
+ failurePolicy: Fail
+ name: clusterbindings.kubeware.dev
+ rules:
+ - apiGroups:
+ - kubeware.dev
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterbindings
+ sideEffects: None
+{{ end }}
diff --git a/charts/service-provider/templates/webhook-server/webhook_service.yaml b/charts/service-provider/templates/webhook-server/webhook_service.yaml
new file mode 100644
index 000000000..aaa398804
--- /dev/null
+++ b/charts/service-provider/templates/webhook-server/webhook_service.yaml
@@ -0,0 +1,17 @@
+{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "service-provider.webhookServiceName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "service-provider.labels" . | nindent 4 }}
+spec:
+ selector:
+ app.kubernetes.io/component: webhook-server
+ {{- include "service-provider.selectorLabels" . | nindent 4 }}
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+{{ end }}
diff --git a/charts/service-provider/values.openapiv3_schema.yaml b/charts/service-provider/values.openapiv3_schema.yaml
new file mode 100644
index 000000000..891e31f10
--- /dev/null
+++ b/charts/service-provider/values.openapiv3_schema.yaml
@@ -0,0 +1,846 @@
+properties:
+ affinity:
+ properties:
+ nodeAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ items:
+ type: string
+ type: array
+ topologyKey:
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ apiserver:
+ properties:
+ bypassValidatingWebhookXray:
+ type: boolean
+ ca:
+ type: string
+ enableMutatingWebhook:
+ type: boolean
+ enableValidatingWebhook:
+ type: boolean
+ groupPriorityMinimum:
+ type: integer
+ healthcheck:
+ properties:
+ enabled:
+ type: boolean
+ type: object
+ servingCerts:
+ properties:
+ caCrt:
+ type: string
+ generate:
+ type: boolean
+ serverCrt:
+ type: string
+ serverKey:
+ type: string
+ required:
+ - generate
+ type: object
+ useKubeapiserverFqdnForAks:
+ type: boolean
+ versionPriority:
+ type: integer
+ required:
+ - bypassValidatingWebhookXray
+ - ca
+ - enableMutatingWebhook
+ - enableValidatingWebhook
+ - groupPriorityMinimum
+ - healthcheck
+ - servingCerts
+ - useKubeapiserverFqdnForAks
+ - versionPriority
+ type: object
+ criticalAddon:
+ type: boolean
+ fullnameOverride:
+ type: string
+ imagePullPolicy:
+ type: string
+ imagePullSecrets:
+ items:
+ type: string
+ type: array
+ logLevel:
+ format: int32
+ type: integer
+ monitoring:
+ properties:
+ agent:
+ enum:
+ - prometheus.io
+ - prometheus.io/operator
+ - prometheus.io/builtin
+ type: string
+ serviceMonitor:
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ required:
+ - agent
+ - serviceMonitor
+ type: object
+ nameOverride:
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ operator:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ resources:
+ properties:
+ claims:
+ items:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
+ podAnnotations:
+ additionalProperties:
+ type: string
+ type: object
+ podLabels:
+ additionalProperties:
+ type: string
+ type: object
+ podSecurityContext:
+ properties:
+ fsGroup:
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ type: string
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ provider:
+ properties:
+ consumerScope:
+ type: string
+ external:
+ properties:
+ CAFile:
+ type: string
+ address:
+ type: string
+ serverName:
+ type: string
+ required:
+ - CAFile
+ - address
+ - serverName
+ type: object
+ namespacePrefix:
+ type: string
+ providerPrettyName:
+ type: string
+ required:
+ - consumerScope
+ - external
+ - namespacePrefix
+ - providerPrettyName
+ type: object
+ rbacproxy:
+ properties:
+ registry:
+ type: string
+ repository:
+ type: string
+ resources:
+ properties:
+ claims:
+ items:
+ properties:
+ name:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ type: object
+ securityContext:
+ properties:
+ allowPrivilegeEscalation:
+ type: boolean
+ capabilities:
+ properties:
+ add:
+ items:
+ type: string
+ type: array
+ drop:
+ items:
+ type: string
+ type: array
+ type: object
+ privileged:
+ type: boolean
+ procMount:
+ type: string
+ readOnlyRootFilesystem:
+ type: boolean
+ runAsGroup:
+ format: int64
+ type: integer
+ runAsNonRoot:
+ type: boolean
+ runAsUser:
+ format: int64
+ type: integer
+ seLinuxOptions:
+ properties:
+ level:
+ type: string
+ role:
+ type: string
+ type:
+ type: string
+ user:
+ type: string
+ type: object
+ seccompProfile:
+ properties:
+ localhostProfile:
+ type: string
+ type:
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ properties:
+ gmsaCredentialSpec:
+ type: string
+ gmsaCredentialSpecName:
+ type: string
+ hostProcess:
+ type: boolean
+ runAsUserName:
+ type: string
+ type: object
+ type: object
+ tag:
+ type: string
+ required:
+ - registry
+ - repository
+ - tag
+ type: object
+ registryFQDN:
+ type: string
+ replicaCount:
+ format: int32
+ type: integer
+ serviceAccount:
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ create:
+ type: boolean
+ name:
+ type: string
+ required:
+ - create
+ type: object
+ tolerations:
+ items:
+ properties:
+ effect:
+ type: string
+ key:
+ type: string
+ operator:
+ type: string
+ tolerationSeconds:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: array
+required:
+- imagePullPolicy
+- monitoring
+- operator
+- provider
+- rbacproxy
+- registryFQDN
+- replicaCount
+- serviceAccount
+type: object
diff --git a/charts/service-provider/values.yaml b/charts/service-provider/values.yaml
new file mode 100644
index 000000000..6814239ae
--- /dev/null
+++ b/charts/service-provider/values.yaml
@@ -0,0 +1,152 @@
+# Default values for service-provider.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Overrides name template
+nameOverride: ""
+# Overrides fullname template
+fullnameOverride: ""
+# Number of stash operator replicas to create (only 1 is supported)
+replicaCount: 1
+
+# Docker registry fqdn used to pull Stash related images.
+# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
+registryFQDN: ghcr.io
+operator:
+ # Docker registry used to pull operator image
+ registry: appscode
+ # Name of operator container image
+ repository: service-provider
+ # Operator container image tag
+ tag: ""
+ # Compute Resources required by the operator container
+ resources: # +doc-gen:break
+ requests:
+ cpu: "100m"
+ # Security options this container should run with
+ securityContext: # +doc-gen:break
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ # seccompProfile:
+ # type: RuntimeDefault
+
+rbacproxy:
+ # Docker registry used to pull operator image
+ registry: appscode
+ # Name of operator container image
+ repository: kube-rbac-proxy
+ # Operator container image tag
+ tag: v0.11.0
+ # Compute Resources required by the operator container
+ resources: # +doc-gen:break
+ requests:
+ cpu: "100m"
+ # Security options this container should run with
+ securityContext: # +doc-gen:break
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ # seccompProfile:
+ # type: RuntimeDefault
+
+# Specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+#
+# Example:
+# helm template charts/stash \
+# --set imagePullSecrets[0].name=sec0 \
+# --set imagePullSecrets[1].name=sec1
+imagePullSecrets: []
+# Container image pull policy
+imagePullPolicy: IfNotPresent
+# If true, installs Stash operator as critical addon
+criticalAddon: false
+# Log level for operator
+logLevel: 3
+# Annotations applied to operator deployment
+annotations: {}
+# Annotations passed to operator pod(s).
+podAnnotations: {}
+# Labels passed to operator pod(s)
+podLabels: {}
+# Node labels for pod assignment
+nodeSelector: # +doc-gen:break
+ kubernetes.io/os: linux
+# Tolerations for pod assignment
+tolerations: []
+# Affinity rules for pod assignment
+affinity: {}
+# Security options the operator pod should run with.
+podSecurityContext: # +doc-gen:break
+ fsGroup: 65535
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+apiserver:
+ # The minimum priority the webhook api group should have at least. Please see
+ # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64
+ # for more information on proper values of this field.
+ groupPriorityMinimum: 10000
+ # The ordering of the webhook api inside of the group. Please see
+ # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70
+ # for more information on proper values of this field
+ versionPriority: 15
+ # If true, mutating webhook is configured for Kubernetes workloads
+ enableMutatingWebhook: true
+ # If true, validating webhook is configured for Stash CRDss
+ enableValidatingWebhook: false
+ # CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator.
+ ca: not-ca-cert
+ # If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster.
+ bypassValidatingWebhookXray: false
+ # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true)
+ useKubeapiserverFqdnForAks: true
+ healthcheck:
+ # If true, enables the readiness and liveliness probes for the operator pod.
+ enabled: false
+ servingCerts:
+ # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor)
+ # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`.
+ generate: true
+ # CA certficate used by serving certificate of webhook server.
+ caCrt: ""
+ # Serving certficate used by webhook server.
+ serverCrt: ""
+ # Private key for the serving certificate used by webhook server.
+ serverKey: ""
+monitoring:
+ # Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin")
+ agent: "none"
+ serviceMonitor:
+ # Specify the labels for ServiceMonitor.
+ # Prometheus crd will select ServiceMonitor using these labels.
+ # Only usable when monitoring agent is `prometheus.io/operator`.
+ labels: {}
+
+provider:
+ # the sync namespace created in the provider side will be named like bb-
+ namespacePrefix: "kubeware-"
+ # the name of the provider
+ providerPrettyName: "Appscode"
+ # How consumers access the service provider cluster. In Kubernetes, "namespaced" allows namespace isolation.
+ # In kcp, "cluster" allows workspace isolation, and with that allows cluster-scoped resources to bind, and it is generally more performant.
+ consumerScope: "Namespaced"
+ external:
+ # The external address for the service provider cluster, including https:// and port. If not specified, service account's hosts are used.
+ address: ""
+ # The external (TLS) server name used by consumers to talk to the service provider cluster. This can be useful to select the right certificate via SNI.
+ serverName: ""
+ # The external CA file for the service provider cluster. If not specified, service account's CA is used.
+ CAFile: ""
diff --git a/hack/license/dockerfile.txt b/hack/license/dockerfile.txt
index 47377ceba..8b1378917 100644
--- a/hack/license/dockerfile.txt
+++ b/hack/license/dockerfile.txt
@@ -1,14 +1 @@
-# Copyright AppsCode Inc. and Contributors
-#
-# Licensed under the AppsCode Community License 1.0.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/hack/license/makefile.txt b/hack/license/makefile.txt
index 47377ceba..8b1378917 100644
--- a/hack/license/makefile.txt
+++ b/hack/license/makefile.txt
@@ -1,14 +1 @@
-# Copyright AppsCode Inc. and Contributors
-#
-# Licensed under the AppsCode Community License 1.0.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/hack/scripts/ct.sh b/hack/scripts/ct.sh
index 298c2a635..241e3f9fd 100755
--- a/hack/scripts/ct.sh
+++ b/hack/scripts/ct.sh
@@ -24,6 +24,9 @@ for dir in charts/*/; do
if [ $num_files -le 1 ] ||
[[ "$dir" = "accounts-ui" ]] ||
[[ "$dir" = "ace" ]] ||
+ [[ "$dir" = "catalog-manager" ]] ||
+ [[ "$dir" = "service-backend" ]] ||
+ [[ "$dir" = "service-provider" ]] ||
[[ "$dir" = "billing" ]] ||
[[ "$dir" = "dns-proxy" ]] ||
[[ "$dir" = "grafana" ]] ||