dprodanov/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

rancher-turtles-chart: Update to 0.17.0

Browse Source 
Aligns with https://github.com/suse-edge/charts/pull/193
This commit is contained in:
Steven Hardy
2025-03-20 09:58:37 +00:00
committed by Steven Hardy
parent d57078f9d9
commit eacabe4d71
20 changed files with 3446 additions and 813 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.16.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2025-01-30T10:14:58.692942399Z"
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.16.0
appVersion: 0.17.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
repository: file://./charts/cluster-api-operator
version: 0.14.0
version: 0.17.0
description: Rancher Turtles is an extension to Rancher that brings full Cluster API
integration to Rancher.
home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

4
rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 0.14.0
appVersion: 0.17.0
description: Cluster API Operator
name: cluster-api-operator
type: application
version: 0.14.0
version: 0.17.0

15
rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
View File

@@ -38,12 +38,25 @@ metadata:
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
{{- if or $controlPlaneVersion $.Values.configSecret.name }}
{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
spec:
{{- end}}
{{- if $controlPlaneVersion }}
version: {{ $controlPlaneVersion }}
{{- end }}
{{- if $.Values.manager }}
{{- if hasKey $.Values.manager.featureGates $controlPlaneName }}
manager:
{{- range $key, $value := $.Values.manager.featureGates }}
{{- if eq $key $controlPlaneName }}
featureGates:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}

2
rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
View File

@@ -38,7 +38,7 @@ metadata:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2"
{{- if or $coreVersion $.Values.configSecret.name }}
{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
spec:
{{- end}}
{{- if $coreVersion }}

36
rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
View File

@@ -65,9 +65,6 @@ spec:
{{- if .Values.healthAddr }}
- --health-addr={{ .Values.healthAddr }}
{{- end }}
{{- if .Values.metricsBindAddr }}
- --metrics-bind-addr={{ .Values.metricsBindAddr }}
{{- end }}
{{- if .Values.diagnosticsAddress }}
- --diagnostics-address={{ .Values.diagnosticsAddress }}
{{- end }}
@@ -100,9 +97,15 @@ spec:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }}
{{- if $.Values.diagnosticsAddress }}
{{- $diagnosticsPort := $.Values.diagnosticsAddress }}
{{- if contains ":" $diagnosticsPort -}}
{{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }}
{{- end }}
- containerPort: {{ $diagnosticsPort | int }}
name: metrics
protocol: TCP
{{- end }}
{{- with .Values.resources.manager }}
resources:
{{- toYaml . | nindent 12 }}
@@ -119,6 +122,31 @@ spec:
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
terminationMessagePolicy: FallbackToLogsOnError
{{- $healthAddr := $.Values.healthAddr }}
{{- if contains ":" $healthAddr -}}
{{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }}
{{- end }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: {{ $healthAddr | default 9440 }}
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: {{ $healthAddr | default 9440 }}
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationGracePeriodSeconds: 10
{{- with .Values.volumes }}
volumes:

9
rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
View File

@@ -53,6 +53,15 @@ metadata:
"argocd.argoproj.io/sync-wave": "2"
{{- with .Values.configSecret }}
spec:
{{- if $.Values.manager }}
manager:
{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
featureGates:
{{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end }}
configSecret:
name: {{ .name }}
{{- if .namespace }}

10
rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
View File

@@ -59,6 +59,16 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }}
{{- range $key, $value := $.Values.fetchConfig }}
{{- if eq $key $infrastructureName }}
fetchConfig:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}

73
rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml Normal file
View File

@@ -0,0 +1,73 @@
# IPAM providers
{{- if .Values.ipam }}
{{- $ipams := split ";" .Values.ipam }}
{{- $ipamNamespace := "" }}
{{- $ipamName := "" }}
{{- $ipamVersion := "" }}
{{- range $ipam := $ipams }}
{{- $ipamArgs := split ":" $ipam }}
{{- $ipamArgsLen := len $ipamArgs }}
{{- if eq $ipamArgsLen 3 }}
{{- $ipamNamespace = $ipamArgs._0 }}
{{- $ipamName = $ipamArgs._1 }}
{{- $ipamVersion = $ipamArgs._2 }}
{{- else if eq $ipamArgsLen 2 }}
{{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
{{- $ipamName = $ipamArgs._0 }}
{{- $ipamVersion = $ipamArgs._1 }}
{{- else if eq $ipamArgsLen 1 }}
{{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
{{- $ipamName = $ipamArgs._0 }}
{{- else }}
{{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }}
{{- end }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1"
name: {{ $ipamNamespace }}
---
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: IPAMProvider
metadata:
name: {{ $ipamName }}
namespace: {{ $ipamNamespace }}
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2"
{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
spec:
{{- end }}
{{- if $ipamVersion }}
version: {{ $ipamVersion }}
{{- end }}
{{- if $.Values.manager }}
manager:
{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
{{- range $key, $value := $.Values.manager.featureGates }}
{{- if eq $key $ipamName }}
featureGates:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}
{{- if $.Values.configSecret.namespace }}
namespace: {{ $.Values.configSecret.namespace }}
{{- end }}
{{- end }}
{{- if $.Values.additionalDeployments }}
additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

2431
rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
View File

File diff suppressed because it is too large Load Diff

9
rancher-turtles-chart/charts/cluster-api-operator/values.yaml
View File

@@ -5,8 +5,10 @@ core: ""
bootstrap: ""
controlPlane: ""
infrastructure: ""
ipam: ""
addon: ""
manager.featureGates: {}
fetchConfig: {}
# ---
# Common configuration secret options
configSecret: {}
@@ -19,13 +21,12 @@ leaderElection:
image:
manager:
repository: registry.k8s.io/capi-operator/cluster-api-operator
tag: v0.14.0
tag: v0.17.0
pullPolicy: IfNotPresent
env:
manager: []
healthAddr: ":8081"
metricsBindAddr: "127.0.0.1:8080"
diagnosticsAddress: "8443"
diagnosticsAddress: ":8443"
healthAddr: ":9440"
insecureDiagnostics: false
watchConfigSecret: false
imagePullSecrets: {}

28
rancher-turtles-chart/questions.yml
View File

@@ -11,11 +11,16 @@ questions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually."
label: "Enable Cert Manager"
- variable: turtlesUI.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually."
label: "Install CAPI UI (Experimental)"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
description: "Specify that the CAPI Operator post-delete cleanup job will be performed."
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
@@ -25,20 +30,31 @@ questions:
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
default: true
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs"
description: "Specify the image to use when running kubectl in jobs."
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.enabled
label: "Enable Day 2 Operations functionality in Rancher Turtles"
description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore."
type: boolean
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled
label: "Enable ETCD Backup and Restore"
description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
type: boolean
group: "ETCD Backup and Restore Settings"
show_if: "rancherTurtles.features.day2operations.enabled"

6
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -10,6 +10,12 @@ metadata:
"helm.sh/hook-weight": "2"
spec:
type: addon
deployment:
containers:
- name: manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
- name: helm-manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'

2
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}

20
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

@@ -3385,6 +3385,17 @@ rules:
- patch
- update
- watch
- apiGroups:
- catalog.cattle.io
resources:
- uiplugins
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
@@ -3450,6 +3461,15 @@ rules:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- rancher-turtles-manager-role
resources:
- clusterroles
verbs:
- get
- list
- apiGroups:
- turtles-capi.cattle.io
resources:

793
rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml Normal file
View File

@@ -0,0 +1,793 @@
{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgradegroups.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgradeGroup
listKind: ClusterUpgradeGroupList
plural: clusterupgradegroups
singular: clusterupgradegroup
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgradeGroup is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
rollingUpdate:
description: |-
Rolling update config params. Present only if
RolloutStrategyType = RollingUpdate.
properties:
maxFailures:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of failed attempts before skipping the update for a given
cluster.
x-kubernetes-int-or-string: true
maxRollouts:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of clusters that can be in update state (non-active) during a
rolling update.
x-kubernetes-int-or-string: true
rolloutDelay:
anyOf:
- type: integer
- type: string
description: The delay between subsequent cluster rollouts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout.
Default is RollingUpdate.
type: string
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgrades.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgrade
listKind: ClusterUpgradeList
plural: clusterupgrades
singular: clusterupgrade
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgrade is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
autoPartitionSize:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of how to automatically partition clusters if no
specific partitioning strategy is configured.
default: 25%
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable during an update
of a bundle. This follows the same basic approach as a deployment rollout
strategy. Once the number of clusters meets unavailable state update will be
paused. Default value is 100% which doesn't take effect on update.
default: 100%
x-kubernetes-int-or-string: true
maxUnavailablePartitions:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of cluster partitions that can be unavailable during
an update of a bundle.
default: 0
x-kubernetes-int-or-string: true
partitions:
description: |-
A list of definitions of partitions. If any target clusters do not match
the configuration they are added to partitions at the end following the
autoPartitionSize.
items:
description: Partition defines a separate rollout strategy for
a set of clusters.
properties:
clusterGroup:
description: A cluster group name to include in this partition
type: string
clusterGroupSelector:
description: Selector matching cluster group labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: ClusterName is the name of a cluster to include
in this partition
type: string
clusterSelector:
description: Selector matching cluster labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable in this
partition before this partition is treated as done.
default: 10%
x-kubernetes-int-or-string: true
name:
description: A user-friendly name given to the partition
used for Display (optional).
type: string
type: object
type: array
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-role
rules:
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
- clusters
- clusters/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups/status
verbs:
- get
- patch
- update
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroupss/finalizers
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-clusterclass-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-clusterclass-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-controller-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
spec:
containers:
- args:
- --leader-elect
command:
- ./turtles-clusterclass-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}}
{{- if contains "sha256:" $imageVersion }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- else }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- end }}
imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: rancher-turtles-clusterclass-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
{{- end }}

659
rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml Normal file
View File

@@ -0,0 +1,659 @@
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: etcdmachinesnapshots.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: ETCDMachineSnapshot
listKind: ETCDMachineSnapshotList
plural: etcdmachinesnapshots
singular: etcdmachinesnapshot
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot
properties:
clusterName:
type: string
location:
type: string
machineName:
type: string
required:
- clusterName
type: object
x-kubernetes-validations:
- message: ETCD snapshot location can't be empty.
rule: size(self.clusterName)>0
status:
default: {}
description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
properties:
error:
type: string
phase:
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string
s3Snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
name:
type: string
required:
- location
- name
type: object
type: array
snapshotFileName:
type: string
snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
machineName:
type: string
name:
type: string
required:
- location
- machineName
- name
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: etcdsnapshotrestores.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: ETCDSnapshotRestore
listKind: ETCDSnapshotRestoreList
plural: etcdsnapshotrestores
singular: etcdsnapshotrestore
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
properties:
clusterName:
type: string
etcdMachineSnapshotName:
type: string
required:
- clusterName
- etcdMachineSnapshotName
type: object
x-kubernetes-validations:
- message: Cluster Name can't be empty.
rule: size(self.clusterName)>0
- message: ETCD machine snapshot name can't be empty.
rule: size(self.etcdMachineSnapshotName)>0
status:
default: {}
description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
properties:
conditions:
description: Conditions provide observations of the operational state
of a Cluster API resource.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
phase:
default: Pending
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: RKE2EtcdMachineSnapshotConfig
listKind: RKE2EtcdMachineSnapshotConfigList
plural: rke2etcdmachinesnapshotconfigs
singular: rke2etcdmachinesnapshotconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state
of RKE2EtcdMachineSnapshotConfig
properties:
local:
properties:
dataDir:
type: string
required:
- dataDir
type: object
s3:
properties:
bucket:
type: string
endpoint:
type: string
endpointCAsecret:
type: string
folder:
type: string
insecure:
type: boolean
region:
type: string
s3CredentialSecret:
type: string
skipSSLVerify:
type: boolean
type: object
required:
- local
- s3
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles-exp/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles-exp/aggregate-to-manager: "true"
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- get
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
- rke2configs/finalizers
- rke2configs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- management.cattle.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
- etcdsnapshotrestores
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
- etcdsnapshotrestores/status
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-day2-operations-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-day2-operations-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: v1
kind: Service
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
turtles-capi.cattle.io: day2-operations
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-serving-cert
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
dnsNames:
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
issuerRef:
kind: Issuer
name: rancher-turtles-day2-operations-selfsigned-issuer
secretName: rancher-turtles-day2-operations-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-selfsigned-issuer
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: systemagentrke2config.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configs
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdmachinesnapshot.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdmachinesnapshots
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdsnapshotrestore.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdsnapshotrestores
sideEffects: None
{{- end }}

106
rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml Normal file
View File

@@ -0,0 +1,106 @@
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-controller-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
spec:
containers:
- args:
- --leader-elect
- --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
command:
- ./turtles-day2-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- else }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- end }}
imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
{{- end }}
serviceAccountName: rancher-turtles-day2-operations-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- name: cert
secret:
secretName: rancher-turtles-day2-operations-webhook-service-cert
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
{{- end }}

16
rancher-turtles-chart/templates/ui-plugin.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }}
apiVersion: catalog.cattle.io/v1
kind: UIPlugin
metadata:
name: capi
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
plugin:
endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }}
name: capi
version: {{ index .Values "turtlesUI" "version" }}
metadata:
catalog.cattle.io/display-name: CAPI UI
catalog.cattle.io/experimental: "true"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
{{- end }}

24
rancher-turtles-chart/values.yaml
View File

@@ -1,6 +1,9 @@
turtlesUI:
enabled: false
version: v0.8.2
rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system
managerArguments: []
@@ -8,17 +11,24 @@ rancherTurtles:
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features:
etcd-snapshot-restore:
day2operations:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
etcdBackupRestore:
enabled: false
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: false
enabled: true
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
clusterclass-operations:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
cluster-api-operator:
enabled: true
cert-manager:
@@ -71,13 +81,13 @@ cluster-api-operator:
selector: ""
metal3:
enabled: true
version: "v1.9.2"
version: "v1.9.3"
infrastructure:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.4"