fix: vendor Rancher chart for bootstrap
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
{{- $action := "installed" -}}
|
||||
{{ if .Release.IsUpgrade -}}
|
||||
{{ $action = "upgraded" -}}
|
||||
{{ end -}}
|
||||
{{- include "tpl.chart.deprecated" (list .Values.busyboxImage ".Values.busyboxImage" "Use `.Values.auditLog.image.repository` & `.Values.auditLog.image.tag` instead.") -}}
|
||||
{{- include "tpl.chart.replace" (list .Values.busyboxImagePullPolicy ".Values.busyboxImagePullPolicy" ".Values.auditLog.image.pullPolicy") -}}
|
||||
{{- include "tpl.chart.deprecated" (list .Values.rancherImage ".Values.rancherImage" "Use `.Values.image.repository` & `.Values.image.registry` instead; if you used image name with Registry included you must split them up.") -}}
|
||||
{{- include "tpl.chart.replace" (list .Values.rancherImageTag ".Values.rancherImageTag" ".Values.image.tag") -}}
|
||||
{{- include "tpl.chart.replace" (list .Values.rancherImagePullPolicy ".Values.rancherImagePullPolicy" ".Values.image.pullPolicy") -}}
|
||||
|
||||
|
||||
Rancher Server has been {{ $action }}. Rancher may take several minutes to fully initialize.
|
||||
|
||||
Please standby while Certificates are being issued, Containers are started and the Ingress rule comes up.
|
||||
|
||||
Check out our docs at https://rancher.com/docs/
|
||||
|
||||
## First Time Login
|
||||
|
||||
If you provided your own bootstrap password during installation, browse to https://{{ .Values.hostname }} to get started.
|
||||
If this is the first time you installed Rancher, get started by running this command and clicking the URL it generates:
|
||||
|
||||
```
|
||||
echo https://{{ .Values.hostname }}/dashboard/?setup=$(kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ "{{" }}.data.bootstrapPassword|base64decode{{ "}}" }}')
|
||||
```
|
||||
|
||||
To get just the bootstrap password on its own, run:
|
||||
|
||||
```
|
||||
kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{ "{{" }}.data.bootstrapPassword|base64decode{{ "}}" }}{{ "{{" }} "\n" {{ "}}" }}'
|
||||
```
|
||||
|
||||
|
||||
Happy Containering!
|
||||
@@ -0,0 +1,191 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{ define "tpl.url.ensureTrailingSlash" -}}
|
||||
{{ $url := . | trimSuffix "/" -}}
|
||||
{{ printf "%s/" $url }}
|
||||
{{- end -}}
|
||||
|
||||
{{ define "tpl.chart.deprecated" -}}
|
||||
{{ $val := index . 0 -}}
|
||||
{{ $name := index . 1 -}}
|
||||
{{ $msg := "" -}}
|
||||
{{ if ge (len .) 3 -}}
|
||||
{{ $msg = index . 2 -}}
|
||||
{{ end -}}
|
||||
{{ if $val -}}
|
||||
{{ printf "[WARNING] Deprecated: %s is deprecated and will be removed in a future release.%s\n" $name $msg | indent 0 }}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{ define "tpl.chart.replace" -}}
|
||||
{{ $val := index . 0 -}}
|
||||
{{ $old := index . 1 -}}
|
||||
{{ $new := index . 2 -}}
|
||||
{{ if $val -}}
|
||||
{{ printf "[WARNING] Deprecated: %s is deprecated. Please use %s instead.\n" $old $new | indent 0 }}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "rancher.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "rancher.fullname" -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified chart name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "rancher.chartname" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Prepare the Rancher Image value w/ new fields as opt-in for now.
|
||||
*/}}
|
||||
{{ define "rancher.image" -}}
|
||||
{{ if .Values.rancherImage -}}
|
||||
{{ .Values.rancherImage -}}
|
||||
{{ else -}}
|
||||
{{ printf "%s%s" (include "defaultOrOverrideRegistry" (list . (default "" .Values.image.registry))) (include "rancher.imageRepo" .) -}}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{/*
|
||||
Prepare the Rancher Image repo value w/ new fields as opt-in for now.
|
||||
*/}}
|
||||
{{ define "rancher.imageRepo" -}}
|
||||
{{ default "rancher/rancher" .Values.image.repository -}}
|
||||
{{ end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Prepare the Rancher Image Tag value w/ new fields as opt-in for now.
|
||||
*/}}
|
||||
{{ define "rancher.imageTag" -}}
|
||||
{{ default .Chart.AppVersion (default .Values.image.tag (default "" .Values.rancherImageTag)) -}}
|
||||
{{ end -}}
|
||||
|
||||
{{/*
|
||||
Prepare the Rancher Image Pull Policy value w/ new fields as opt-in for now.
|
||||
*/}}
|
||||
{{ define "rancher.imagePullPolicy" -}}
|
||||
{{ default "IfNotPresent" (default .Values.image.pullPolicy (default "" .Values.rancherImagePullPolicy)) -}}
|
||||
{{ end -}}
|
||||
|
||||
{{/*
|
||||
Render Values in configurationSnippet
|
||||
*/}}
|
||||
{{- define "configurationSnippet" -}}
|
||||
{{- tpl (.Values.ingress.configurationSnippet) . | nindent 6 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate the labels.
|
||||
*/}}
|
||||
{{- define "rancher.labels" -}}
|
||||
app: {{ template "rancher.fullname" . }}
|
||||
chart: {{ template "rancher.chartname" . }}
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate the labels for pre-upgrade-hook.
|
||||
*/}}
|
||||
{{- define "rancher.preupgradelabels" -}}
|
||||
app: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
chart: {{ template "rancher.chartname" . }}
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate the Kubernetes recommended common labels.
|
||||
|
||||
Usage:
|
||||
include "rancher.commonLabels" (dict "context" . "component" "xyz" "partOf" "abc")
|
||||
*/}}
|
||||
{{- define "rancher.commonLabels" -}}
|
||||
{{- $ctx := .context }}
|
||||
app.kubernetes.io/name: {{ $ctx.Chart.Name | quote }}
|
||||
app.kubernetes.io/instance: {{ $ctx.Release.Name | quote }}
|
||||
app.kubernetes.io/version: {{ $ctx.Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ $ctx.Release.Service | quote }}
|
||||
{{- with .component }}
|
||||
app.kubernetes.io/component: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .partOf }}
|
||||
app.kubernetes.io/part-of: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
# Windows Support
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector-terms" -}}
|
||||
{{- $key := "kubernetes.io/os" -}}
|
||||
- key: {{ $key }}
|
||||
operator: NotIn
|
||||
values:
|
||||
- windows
|
||||
{{- end -}}
|
||||
|
||||
{{ define "system_default_registry" -}}
|
||||
{{ if .Values.systemDefaultRegistry -}}
|
||||
{{ include "tpl.url.ensureTrailingSlash" .Values.systemDefaultRegistry }}
|
||||
{{- end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{ define "defaultOrOverrideRegistry" -}}
|
||||
{{ $rootContext := index . 0 -}}
|
||||
{{ $inputRegistry := index . 1 | default "" -}}
|
||||
{{ if ne $inputRegistry "" -}}
|
||||
{{ $inputRegistry = (include "tpl.url.ensureTrailingSlash" $inputRegistry) -}}
|
||||
{{ end -}}
|
||||
{{ $systemDefault := include "system_default_registry" $rootContext | default "" -}}
|
||||
{{ coalesce $inputRegistry $systemDefault "" }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Select correct auditLog image
|
||||
*/}}
|
||||
{{ define "auditLog.image" -}}
|
||||
{{ if .Values.busyboxImage -}}
|
||||
{{ .Values.busyboxImage -}}
|
||||
{{ else -}}
|
||||
{{- .Values.auditLog.image.repository -}}:{{- .Values.auditLog.image.tag -}}
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
{{/*
|
||||
Determine the registration mode, defaulting to online if not specified
|
||||
*/}}
|
||||
{{ define "registration.mode" -}}
|
||||
{{ default "online" .Values.registration.mode | quote }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,14 @@
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: rancher-config
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/part-of: "rancher"
|
||||
data:
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
{{- if and .Values.webhook (kindIs "string" .Values.webhook) }}
|
||||
rancher-webhook: {{ .Values.webhook | quote }}
|
||||
{{- else if .Values.webhook }}
|
||||
rancher-webhook: {{ toYaml .Values.webhook | quote }}
|
||||
{{- end }}
|
||||
{{- if and .Values.fleet (kindIs "string" .Values.fleet) }}
|
||||
fleet: {{ .Values.fleet | quote }}
|
||||
{{- else if .Values.fleet }}
|
||||
fleet: {{ toYaml .Values.fleet | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,283 @@
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
annotations:
|
||||
{{- if (lt (int .Values.replicas) 0) }}
|
||||
management.cattle.io/scale-available: "{{ sub 0 (int .Values.replicas)}}"
|
||||
{{- end }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if (gt (int .Values.replicas) 0) }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "rancher.fullname" . }}
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
{{- if (eq (int .Values.replicas) 1) }}
|
||||
maxUnavailable: 0
|
||||
{{- else }}
|
||||
maxUnavailable: 1
|
||||
{{- end }}
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "rancher.fullname" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
priorityClassName: {{ .Values.priorityClassName }}
|
||||
serviceAccountName: {{ template "rancher.fullname" . }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 6 }}
|
||||
{{- end }}
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
{{- if eq .Values.antiAffinity "required" }}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- {{ template "rancher.fullname" . }}
|
||||
topologyKey: {{ .Values.topologyKey | default "kubernetes.io/hostname" }}
|
||||
{{- else }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- {{ template "rancher.fullname" . }}
|
||||
topologyKey: {{ .Values.topologyKey | default "kubernetes.io/hostname" }}
|
||||
{{- end }}
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions: {{ include "linux-node-selector-terms" . | nindent 16 }}
|
||||
{{- if .Values.extraNodeSelectorTerms }}
|
||||
{{- toYaml .Values.extraNodeSelectorTerms | nindent 16 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.extraTolerations }}
|
||||
{{- toYaml .Values.extraTolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
containers:
|
||||
- image: "{{ template "rancher.image" . }}:{{ template "rancher.imageTag" . }}"
|
||||
imagePullPolicy: {{ include "rancher.imagePullPolicy" . }}
|
||||
name: {{ template "rancher.name" . }}
|
||||
ports:
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
{{- if (and .Values.hostPort (gt (int .Values.hostPort) 0)) }}
|
||||
- containerPort: 444
|
||||
hostPort: {{ int .Values.hostPort }}
|
||||
protocol: TCP
|
||||
{{- end}}
|
||||
- containerPort: 6666
|
||||
protocol: TCP
|
||||
args:
|
||||
{{- if .Values.debug }}
|
||||
- "--debug"
|
||||
{{- end }}
|
||||
{{- if .Values.privateCA }}
|
||||
# Private CA - don't clear ca certs
|
||||
{{- else if and (eq .Values.tls "ingress") (eq .Values.ingress.tls.source "rancher") }}
|
||||
# Rancher self-signed - don't clear ca certs
|
||||
{{- else }}
|
||||
# Public trusted CA - clear ca certs
|
||||
- "--no-cacerts"
|
||||
{{- end }}
|
||||
- "--http-listen-port=80"
|
||||
- "--https-listen-port=443"
|
||||
- "--add-local={{ .Values.addLocal }}"
|
||||
env:
|
||||
- name: CATTLE_NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: CATTLE_PEER_SERVICE
|
||||
value: {{ template "rancher.fullname" . }}
|
||||
{{- if .Values.features }}
|
||||
- name: CATTLE_FEATURES
|
||||
value: "{{ .Values.features }}"
|
||||
{{- end}}
|
||||
{{- if .Values.noDefaultAdmin }}
|
||||
- name: CATTLE_NO_DEFAULT_ADMIN
|
||||
value: "{{ .Values.noDefaultAdmin }}"
|
||||
{{- end}}
|
||||
{{- if .Values.auditLog.enabled }}
|
||||
- name: AUDIT_LOG_ENABLED
|
||||
value: "true"
|
||||
- name: AUDIT_LEVEL
|
||||
value: {{ .Values.auditLog.level | quote }}
|
||||
- name: AUDIT_LOG_MAXAGE
|
||||
value: {{ .Values.auditLog.maxAge | quote }}
|
||||
- name: AUDIT_LOG_MAXBACKUP
|
||||
value: {{ .Values.auditLog.maxBackup | quote }}
|
||||
- name: AUDIT_LOG_MAXSIZE
|
||||
value: {{ .Values.auditLog.maxSize | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxy }}
|
||||
- name: HTTP_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: HTTPS_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: NO_PROXY
|
||||
value: {{ .Values.noProxy }}
|
||||
{{- end }}
|
||||
{{- if .Values.systemDefaultRegistry }}
|
||||
- name: CATTLE_SYSTEM_DEFAULT_REGISTRY
|
||||
value: {{ .Values.systemDefaultRegistry }}
|
||||
{{- end }}
|
||||
{{- if .Values.useBundledSystemChart }}
|
||||
- name: CATTLE_SYSTEM_CATALOG
|
||||
value: bundled
|
||||
{{- end }}
|
||||
{{- if .Values.bootstrapPassword }}
|
||||
- name: CATTLE_BOOTSTRAP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "bootstrap-secret"
|
||||
key: "bootstrapPassword"
|
||||
{{- end }}
|
||||
{{- if .Values.agentTLSMode }}
|
||||
- name: CATTLE_AGENT_TLS_MODE
|
||||
value: "{{ .Values.agentTLSMode }}"
|
||||
{{- end }}
|
||||
- name: IMPERATIVE_API_DIRECT
|
||||
value: "true"
|
||||
- name: IMPERATIVE_API_APP_SELECTOR
|
||||
value: {{ template "rancher.fullname" . }}
|
||||
{{- if .Values.aggregationRegistrationTimeout }}
|
||||
- name: AGGREGATION_REGISTRATION_TIMEOUT
|
||||
value: {{ .Values.aggregationRegistrationTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.cacheSyncTimeout }}
|
||||
- name: CACHE_SYNC_TIMEOUT
|
||||
value: {{ .Values.cacheSyncTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnv }}
|
||||
{{ toYaml .Values.extraEnv | indent 8}}
|
||||
{{- end }}
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 80
|
||||
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
|
||||
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 80
|
||||
{{- with .Values.livenessProbe.initialDelaySeconds}}
|
||||
initialDelaySeconds: {{ . }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{.Values.livenessProbe.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
||||
failureThreshold: {{.Values.livenessProbe.failureThreshold }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 80
|
||||
{{- with .Values.readinessProbe.initialDelaySeconds}}
|
||||
initialDelaySeconds: {{ . }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{.Values.readinessProbe.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||
failureThreshold: {{.Values.readinessProbe.failureThreshold }}
|
||||
{{- if .Values.resources }}
|
||||
resources: {{- toYaml .Values.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.additionalTrustedCAs }}
|
||||
- mountPath: /etc/pki/trust/anchors/ca-additional.pem
|
||||
name: tls-ca-additional-volume
|
||||
subPath: ca-additional.pem
|
||||
readOnly: true
|
||||
- mountPath: /etc/rancher/ssl/ca-additional.pem
|
||||
name: tls-ca-additional-volume
|
||||
subPath: ca-additional.pem
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.privateCA }}
|
||||
# Pass CA cert into rancher for private CA
|
||||
- mountPath: /etc/rancher/ssl/cacerts.pem
|
||||
name: tls-ca-volume
|
||||
subPath: cacerts.pem
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if and .Values.customLogos.enabled (or (eq .Values.customLogos.volumeKind "persistentVolumeClaim") (and (eq .Values.customLogos.volumeKind "configMap") (.Values.customLogos.volumeName))) }}
|
||||
# Mount rancher custom-logos volume
|
||||
- mountPath: /usr/share/rancher/ui/assets/images/logos
|
||||
name: custom-logos
|
||||
subPath: {{ .Values.customLogos.volumeSubpaths.emberUi | default "ember" | quote }}
|
||||
- mountPath: /usr/share/rancher/ui-dashboard/dashboard/_nuxt/assets/images/pl
|
||||
name: custom-logos
|
||||
subPath: {{ .Values.customLogos.volumeSubpaths.vueUi | default "vue" | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.auditLog.enabled }}
|
||||
- mountPath: /var/log/auditlog
|
||||
name: audit-log
|
||||
{{- end }}
|
||||
{{- if eq .Values.auditLog.destination "sidecar" }}
|
||||
{{- if .Values.auditLog.enabled }}
|
||||
# Make audit logs available for Rancher log collector tools.
|
||||
- image: "{{ printf "%s%s" (include "defaultOrOverrideRegistry" (list . (default "" .Values.auditLog.image.registry))) (include "auditLog.image" .) }}"
|
||||
imagePullPolicy: {{ default .Values.auditLog.image.pullPolicy .Values.busyboxImagePullPolicy }}
|
||||
name: {{ template "rancher.name" . }}-audit-log
|
||||
command: ["tail"]
|
||||
args: ["-F", "/var/log/auditlog/rancher-api-audit.log"]
|
||||
volumeMounts:
|
||||
- mountPath: /var/log/auditlog
|
||||
name: audit-log
|
||||
{{- if .Values.auditLog.resources }}
|
||||
resources: {{- toYaml .Values.auditLog.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.additionalTrustedCAs }}
|
||||
- name: tls-ca-additional-volume
|
||||
secret:
|
||||
defaultMode: 0400
|
||||
secretName: tls-ca-additional
|
||||
{{- end }}
|
||||
{{- if .Values.privateCA }}
|
||||
- name: tls-ca-volume
|
||||
secret:
|
||||
defaultMode: 0400
|
||||
secretName: tls-ca
|
||||
{{- end }}
|
||||
{{- if .Values.auditLog.enabled }}
|
||||
{{- if eq .Values.auditLog.destination "hostPath" }}
|
||||
- name: audit-log
|
||||
hostPath:
|
||||
path: {{ .Values.auditLog.hostPath }}
|
||||
type: DirectoryOrCreate
|
||||
{{- else }}
|
||||
- name: audit-log
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.customLogos.enabled (or (eq .Values.customLogos.volumeKind "persistentVolumeClaim") (and (eq .Values.customLogos.volumeKind "configMap") (.Values.customLogos.volumeName))) }}
|
||||
- name: custom-logos
|
||||
{{- if (eq .Values.customLogos.volumeKind "persistentVolumeClaim") }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.customLogos.volumeName | default (printf "%s-custom-logos" (include "rancher.fullname" .)) }}
|
||||
{{- else if (eq .Values.customLogos.volumeKind "configMap") }}
|
||||
configMap:
|
||||
name: {{ .Values.customLogos.volumeName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,4 @@
|
||||
{{ range .Values.extraObjects }}
|
||||
---
|
||||
{{ tpl (toYaml .) $ }}
|
||||
{{ end }}
|
||||
@@ -0,0 +1,69 @@
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
annotations:
|
||||
{{- if .Values.ingress.configurationSnippet }}
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
{{- template "configurationSnippet" . }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.tls "external" }}
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false" # turn off ssl redirect for external.
|
||||
{{- else }}
|
||||
{{- if ne .Values.ingress.tls.source "secret" }}
|
||||
{{- $certmanagerVer := split "." .Values.certmanager.version -}}
|
||||
{{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
|
||||
certmanager.k8s.io/issuer: {{ template "rancher.fullname" . }}
|
||||
{{- else }}
|
||||
cert-manager.io/issuer: {{ template "rancher.fullname" . }}
|
||||
cert-manager.io/issuer-kind: Issuer
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.includeDefaultExtraAnnotations }}
|
||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
|
||||
{{- end }}
|
||||
{{- if eq (int .Values.ingress.servicePort) 443 }}
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.extraAnnotations }}
|
||||
{{ toYaml .Values.ingress.extraAnnotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.hostname }} # hostname to access rancher server
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
service:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
port:
|
||||
number: {{ .Values.ingress.servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ template "rancher.fullname" . }}
|
||||
servicePort: {{ .Values.ingress.servicePort }}
|
||||
{{- end }}
|
||||
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
|
||||
pathType: {{ .Values.ingress.pathType }}
|
||||
path: {{ .Values.ingress.path }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.tls "ingress" }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.hostname }}
|
||||
secretName: {{ .Values.ingress.tls.secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,37 @@
|
||||
{{- if eq .Values.tls "ingress" -}}
|
||||
{{- if eq .Values.ingress.tls.source "letsEncrypt" -}}
|
||||
{{- $certmanagerVer := split "." .Values.certmanager.version -}}
|
||||
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
|
||||
apiVersion: cert-manager.io/v1beta1
|
||||
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
{{- else }}
|
||||
apiVersion: cert-manager.io/v1
|
||||
{{- end }}
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
spec:
|
||||
acme:
|
||||
{{- if eq .Values.letsEncrypt.environment "production" }}
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
{{- else }}
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
{{- end }}
|
||||
email: {{ .Values.letsEncrypt.email }}
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-{{ .Values.letsEncrypt.environment }}
|
||||
{{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
|
||||
http01: {}
|
||||
{{- else }}
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: {{ .Values.letsEncrypt.ingress.class }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,22 @@
|
||||
{{- if eq .Values.tls "ingress" -}}
|
||||
{{- if eq .Values.ingress.tls.source "rancher" -}}
|
||||
{{- $certmanagerVer := split "." .Values.certmanager.version -}}
|
||||
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
|
||||
apiVersion: cert-manager.io/v1beta1
|
||||
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
|
||||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
{{- else }}
|
||||
apiVersion: cert-manager.io/v1
|
||||
{{- end }}
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: tls-rancher
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- if .Values.postDelete.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-delete
|
||||
"helm.sh/hook-weight": "2"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,42 @@
|
||||
{{- if .Values.postDelete.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-delete
|
||||
"helm.sh/hook-weight": "1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
rules:
|
||||
- apiGroups: [ "extensions","apps" ]
|
||||
resources: [ "deployments" ]
|
||||
verbs: [ "get", "list", "delete" ]
|
||||
- apiGroups: [ "batch" ]
|
||||
resources: [ "jobs", "cronjobs" ]
|
||||
verbs: [ "get", "list", "watch", "delete", "create" ]
|
||||
- apiGroups: [ "rbac.authorization.k8s.io" ]
|
||||
resources: [ "clusterroles", "clusterrolebindings", "roles", "rolebindings" ]
|
||||
verbs: [ "get", "list", "delete", "create" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods", "secrets", "services", "configmaps" ]
|
||||
verbs: [ "get", "list", "delete" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "serviceaccounts" ]
|
||||
verbs: [ "get", "list", "delete", "create" ]
|
||||
- apiGroups: [ "networking.k8s.io" ]
|
||||
resources: [ "networkpolicies" ]
|
||||
verbs: [ "get", "list", "delete" ]
|
||||
- apiGroups: [ "admissionregistration.k8s.io" ]
|
||||
resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
|
||||
verbs: [ "get", "list", "delete" ]
|
||||
- apiGroups: [ "networking.k8s.io" ]
|
||||
resources: [ "ingresses" ]
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "cert-manager.io" ]
|
||||
resources: [ "issuers" ]
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "apiregistration.k8s.io" ]
|
||||
resources: [ "apiservices" ]
|
||||
verbs: [ "delete" ]
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- if .Values.postDelete.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-delete
|
||||
"helm.sh/hook-weight": "1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
data:
|
||||
post-delete-hook.sh: |-
|
||||
{{ $.Files.Get "scripts/post-delete-hook.sh" | indent 4 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,46 @@
|
||||
{{- if .Values.postDelete.enabled }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-delete
|
||||
"helm.sh/hook-weight": "3"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
spec:
|
||||
backoffLimit: 3
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
labels: {{ include "rancher.labels" . | nindent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "rancher.fullname" . }}-post-delete
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: {{ template "rancher.name" . }}-post-delete
|
||||
image: "{{ printf "%s%s" (include "defaultOrOverrideRegistry" (list . .Values.postDelete.image.registry)) .Values.postDelete.image.repository }}:{{ .Values.postDelete.image.tag }}"
|
||||
imagePullPolicy: {{ default "IfNotPresent" .Values.postDelete.pullPolicy }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
command:
|
||||
- /scripts/post-delete-hook.sh
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: config-volume
|
||||
env:
|
||||
- name: NAMESPACES
|
||||
value: {{ .Values.postDelete.namespaceList | join " " | quote }}
|
||||
- name: RANCHER_NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: TIMEOUT
|
||||
value: {{ .Values.postDelete.timeout | quote }}
|
||||
- name: IGNORETIMEOUTERROR
|
||||
value: {{ .Values.postDelete.ignoreTimeoutError | quote }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
defaultMode: 0777
|
||||
{{- end }}
|
||||
@@ -0,0 +1,12 @@
|
||||
{{- if .Values.postDelete.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-post-delete
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-delete
|
||||
"helm.sh/hook-weight": "1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -0,0 +1,16 @@
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
rules:
|
||||
- apiGroups: ["management.cattle.io"]
|
||||
resources:
|
||||
- "clusters"
|
||||
- "nodetemplates"
|
||||
- "clustertemplates"
|
||||
verbs: ["get", "list"]
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
data:
|
||||
pre-upgrade-hook.sh: |-
|
||||
{{ $.Files.Get "scripts/pre-upgrade-hook.sh" | indent 4 }}
|
||||
@@ -0,0 +1,35 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.preupgradelabels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
spec:
|
||||
backoffLimit: 3
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
labels: {{ include "rancher.preupgradelabels" . | nindent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: {{ template "rancher.name" . }}-pre-upgrade
|
||||
image: "{{ printf "%s%s" (include "defaultOrOverrideRegistry" (list . .Values.preUpgrade.image.registry)) .Values.preUpgrade.image.repository }}:{{ .Values.preUpgrade.image.tag }}"
|
||||
imagePullPolicy: {{ default "IfNotPresent" .Values.preUpgrade.pullPolicy }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
command:
|
||||
- /scripts/pre-upgrade-hook.sh
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: config-volume
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
defaultMode: 0777
|
||||
@@ -0,0 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-pre-upgrade
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
@@ -0,0 +1,8 @@
|
||||
apiVersion: scheduling.k8s.io/v1
|
||||
kind: PriorityClass
|
||||
metadata:
|
||||
name: rancher-critical
|
||||
labels: {{ include "rancher.labels" . | nindent 4 }}
|
||||
value: 1000000000
|
||||
globalDefault: false
|
||||
description: "Priority class used by pods critical to rancher's functionality."
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- if and (.Values.customLogos.enabled) (eq .Values.customLogos.volumeKind "persistentVolumeClaim") (not .Values.customLogos.volumeName) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}-custom-logos
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.customLogos.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.customLogos.size | quote }}
|
||||
storageClassName: {{ if .Values.customLogos.storageClass }}
|
||||
{{- if (eq "-" .Values.customLogos.storageClass) -}}
|
||||
""
|
||||
{{- else }}
|
||||
{{- .Values.customLogos.storageClass }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,25 @@
|
||||
{{/* Use the bootstrap password from values.yaml if an existing secret is not found */}}
|
||||
{{- $bootstrapPassword := .Values.bootstrapPassword -}}
|
||||
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace "bootstrap-secret" -}}
|
||||
{{- if $existingSecret -}}
|
||||
{{- if $existingSecret.data -}}
|
||||
{{- if $existingSecret.data.bootstrapPassword -}}
|
||||
{{- $bootstrapPassword = $existingSecret.data.bootstrapPassword | b64dec -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{/* If a bootstrap password was found in the values or an existing password was found create the secret */}}
|
||||
{{- if $bootstrapPassword }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "bootstrap-secret"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
"helm.sh/resource-policy": keep
|
||||
type: Opaque
|
||||
data:
|
||||
bootstrapPassword: {{ $bootstrapPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- /*
|
||||
If service.type is not provided this attribute is ommitted and k8s default of ClusterIP is used.
|
||||
*/}}
|
||||
{{- if .Values.service.type }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if not (default .Values.service.disableHTTP false) }}
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- end }}
|
||||
- port: 443
|
||||
targetPort: 444
|
||||
protocol: TCP
|
||||
name: https-internal
|
||||
selector:
|
||||
app: {{ template "rancher.fullname" . }}
|
||||
@@ -0,0 +1,6 @@
|
||||
kind: ServiceAccount
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "rancher.fullname" . }}
|
||||
labels:
|
||||
{{ include "rancher.labels" . | indent 4 }}
|
||||
Reference in New Issue
Block a user