Skip to content

Commit

Permalink
Add cilium-network-policies
Browse files Browse the repository at this point in the history 
Signed-off-by: QuentinBisson <[email protected]>
  • Loading branch information
@QuentinBisson
QuentinBisson committed Nov 2, 2023
1 parent ee8664f commit 72add61
Show file tree
Hide file tree
Showing 45 changed files with 11,436 additions and 48 deletions.
22 changes: 22 additions & 0 deletions helm/keda/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
18 changes: 8 additions & 10 deletions helm/keda/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
annotations:
application.giantswarm.io/team: turtles
ui.giantswarm.io/logo: https://raw.githubusercontent.com/kedacore/keda/main/images/keda-logo-500x500-white.png
apiVersion: v2
appVersion: 0.0.1
name: keda
description: Event-based autoscaler for workloads on Kubernetes
kubeVersion: ">=v1.24.0-0"
version: 0.1.0
appVersion: 2.10.1
home: https://github.com/giantswarm/keda-app

# If you have an icon/logo, you should add it to https://github.com/giantswarm/web-assets
# and set the final URL as a value here and uncomment.
#icon: https://s.giantswarm.io/app-icons/example/1/light.svg

icon: https://raw.githubusercontent.com/kedacore/keda/main/images/keda-logo-500x500-white.png
sources:
- https://github.com/giantswarm/keda-upstream
version: 0.0.0-dev
annotations:
application.giantswarm.io/team: turtles
- https://github.com/kedacore/keda
21 changes: 21 additions & 0 deletions helm/keda/Notes.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Get started by deploying Scaled Objects to your cluster:
- Information about Scaled Objects : https://keda.sh/docs/latest/concepts/
- Samples: https://github.com/kedacore/samples

Get information about the deployed ScaledObjects:
kubectl get scaledobject [--namespace <namespace>]

Get details about a deployed ScaledObject:
kubectl describe scaledobject <scaled-object-name> [--namespace <namespace>]

Get information about the deployed ScaledObjects:
kubectl get triggerauthentication [--namespace <namespace>]

Get details about a deployed ScaledObject:
kubectl describe triggerauthentication <trigger-authentication-name> [--namespace <namespace>]

Get an overview of the Horizontal Pod Autoscalers (HPA) that KEDA is using behind the scenes:
kubectl get hpa [--all-namespaces] [--namespace <namespace>]

For more information on running KEDA, visit:
https://github.com/kedacore/keda/
276 changes: 276 additions & 0 deletions helm/keda/README.md
View file

Large diffs are not rendered by default.

44 changes: 44 additions & 0 deletions helm/keda/templates/01-serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: {{ .Values.serviceAccount.name }}
{{- if .Values.podIdentity.azureWorkload.enabled }}
azure.workload.identity/use: "true"
{{- end }}
{{- include "keda.labels" . | indent 4 }}
{{- if or .Values.podIdentity.azureWorkload.enabled .Values.podIdentity.aws.irsa.enabled .Values.serviceAccount.annotations }}
annotations:
{{- if .Values.additionalAnnotations }}
{{- toYaml .Values.additionalAnnotations | indent 4 }}
{{- end }}
{{- if .Values.podIdentity.azureWorkload.enabled }}
{{- if .Values.podIdentity.azureWorkload.clientId }}
azure.workload.identity/client-id: {{ .Values.podIdentity.azureWorkload.clientId | quote }}
{{- end }}
{{- if .Values.podIdentity.azureWorkload.tenantId }}
azure.workload.identity/tenant-id: {{ .Values.podIdentity.azureWorkload.tenantId | quote }}
{{- end }}
azure.workload.identity/service-account-token-expiration: {{ .Values.podIdentity.azureWorkload.tokenExpiration | quote }}
{{- end }}
{{- if .Values.podIdentity.aws.irsa.enabled }}
{{- if .Values.podIdentity.aws.irsa.audience }}
eks.amazonaws.com/audience: {{ .Values.podIdentity.aws.irsa.audience | quote }}
{{- end }}
{{- if .Values.podIdentity.aws.irsa.roleArn }}
eks.amazonaws.com/role-arn: {{ .Values.podIdentity.aws.irsa.roleArn | quote }}
{{- end }}
{{- if .Values.podIdentity.aws.irsa.stsRegionalEndpoints }}
eks.amazonaws.com/sts-regional-endpoints: {{ .Values.podIdentity.aws.irsa.stsRegionalEndpoints | quote }}
{{- end }}
eks.amazonaws.com/token-expiration: {{ .Values.podIdentity.aws.irsa.tokenExpiration | quote }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- toYaml .Values.serviceAccount.annotations | nindent 4}}
{{- end }}
{{- end }}
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end -}}
243 changes: 243 additions & 0 deletions helm/keda/templates/02-crd-clustertriggerauthentications.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,243 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
{{- if .Values.additionalAnnotations }}
{{- toYaml .Values.additionalAnnotations | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ .Values.operator.name }}
{{- include "keda.labels" . | indent 4 }}
name: clustertriggerauthentications.keda.sh
spec:
group: keda.sh
names:
kind: ClusterTriggerAuthentication
listKind: ClusterTriggerAuthenticationList
plural: clustertriggerauthentications
shortNames:
- cta
- clustertriggerauth
singular: clustertriggerauthentication
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.podIdentity.provider
name: PodIdentity
type: string
- jsonPath: .spec.secretTargetRef[*].name
name: Secret
type: string
- jsonPath: .spec.env[*].name
name: Env
type: string
- jsonPath: .spec.hashiCorpVault.address
name: VaultAddress
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterTriggerAuthentication defines how a trigger can authenticate
globally
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TriggerAuthenticationSpec defines the various ways to authenticate
properties:
azureKeyVault:
description: AzureKeyVault is used to authenticate using Azure Key
Vault
properties:
cloud:
properties:
activeDirectoryEndpoint:
type: string
keyVaultResourceURL:
type: string
type:
type: string
required:
- type
type: object
credentials:
properties:
clientId:
type: string
clientSecret:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
tenantId:
type: string
required:
- clientId
- clientSecret
- tenantId
type: object
podIdentity:
description: AuthPodIdentity allows users to select the platform
native identity mechanism
properties:
identityId:
type: string
provider:
description: PodIdentityProvider contains the list of providers
type: string
required:
- provider
type: object
secrets:
items:
properties:
name:
type: string
parameter:
type: string
version:
type: string
required:
- name
- parameter
type: object
type: array
vaultUri:
type: string
required:
- secrets
- vaultUri
type: object
env:
items:
description: AuthEnvironment is used to authenticate using environment
variables in the destination ScaleTarget spec
properties:
containerName:
type: string
name:
type: string
parameter:
type: string
required:
- name
- parameter
type: object
type: array
hashiCorpVault:
description: HashiCorpVault is used to authenticate using Hashicorp
Vault
properties:
address:
type: string
authentication:
description: VaultAuthentication contains the list of Hashicorp
Vault authentication methods
type: string
credential:
description: Credential defines the Hashicorp Vault credentials
depending on the authentication method
properties:
serviceAccount:
type: string
token:
type: string
type: object
mount:
type: string
namespace:
type: string
role:
type: string
secrets:
items:
description: VaultSecret defines the mapping between the path
of the secret in Vault to the parameter
properties:
key:
type: string
parameter:
type: string
path:
type: string
required:
- key
- parameter
- path
type: object
type: array
required:
- address
- authentication
- secrets
type: object
podIdentity:
description: AuthPodIdentity allows users to select the platform native
identity mechanism
properties:
identityId:
type: string
provider:
description: PodIdentityProvider contains the list of providers
type: string
required:
- provider
type: object
secretTargetRef:
items:
description: AuthSecretTargetRef is used to authenticate using a
reference to a secret
properties:
key:
type: string
name:
type: string
parameter:
type: string
required:
- key
- name
- parameter
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end -}}
Loading

0 comments on commit 72add61

Please sign in to comment.