File templates.obscpio of Package upgrade-controller-chart
07070100000000000081a400000000000000000000000168e8e38000000000000000000000000000000000000000000000001400000000templates/NOTES.txt07070100000001000081a400000000000000000000000168e8e380000008e5000000000000000000000000000000000000001700000000templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "upgrade-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "upgrade-controller.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "upgrade-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "upgrade-controller.labels" -}}
helm.sh/chart: {{ include "upgrade-controller.chart" . }}
{{ include "upgrade-controller.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "upgrade-controller.selectorLabels" -}}
app.kubernetes.io/name: {{ include "upgrade-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "upgrade-controller.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "upgrade-controller.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Webhook service name
*/}}
{{- define "upgrade-controller.webhookServiceName" -}}
{{ .Release.Name }}-webhook
{{- end }}
{{/*
Certificate issuer name
*/}}
{{- define "upgrade-controller.certificateIssuer" -}}
{{ .Release.Name }}-self-signed-issuer
{{- end }}
{{/*
Certificate name
*/}}
{{- define "upgrade-controller.certificate" -}}
{{ .Release.Name }}-serving-cert
{{- end }}
07070100000002000081a400000000000000000000000168e8e38000000394000000000000000000000000000000000000001b00000000templates/certificate.yamlapiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
name: {{ include "upgrade-controller.certificateIssuer" . }}
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: certificate
name: {{ include "upgrade-controller.certificate" . }}
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- {{ include "upgrade-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc
- {{ include "upgrade-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: {{ include "upgrade-controller.certificateIssuer" . }}
{{- with first .Values.volumes }}
secretName: {{ .secret.secretName }}
{{- end }}
07070100000003000081a400000000000000000000000168e8e38000000633000000000000000000000000000000000000001b00000000templates/clusterrole.yaml---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "upgrade-controller.fullname" . }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs/status
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- helm.cattle.io
resources:
- helmcharts
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- helm.cattle.io
resources:
- helmcharts/status
verbs:
- get
- apiGroups:
- lifecycle.suse.com
resources:
- releasemanifests
verbs:
- create
- get
- list
- watch
- apiGroups:
- lifecycle.suse.com
resources:
- upgradeplans
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- lifecycle.suse.com
resources:
- upgradeplans/finalizers
verbs:
- update
- apiGroups:
- lifecycle.suse.com
resources:
- upgradeplans/status
verbs:
- get
- patch
- update
- apiGroups:
- upgrade.cattle.io
resources:
- plans
verbs:
- create
- delete
- get
- list
- watch
07070100000004000081a400000000000000000000000168e8e380000001c9000000000000000000000000000000000000002300000000templates/clusterrole_binding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "upgrade-controller.fullname" . }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "upgrade-controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "upgrade-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
07070100000005000081a400000000000000000000000168e8e38000000b5f000000000000000000000000000000000000001a00000000templates/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "upgrade-controller.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "upgrade-controller.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "upgrade-controller.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "upgrade-controller.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- --leader-elect
- --health-probe-bind-address=:8081
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RELEASE_MANIFEST_IMAGE
value: {{ .Values.env.releaseManifest.image }}
- name: KUBECTL_IMAGE
value: {{ .Values.env.kubectl.image }}
- name: KUBECTL_VERSION
value: {{ .Values.env.kubectl.version }}
- name: SERVICE_ACCOUNT_NAME
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
ports:
- name: {{ .Values.webhookService.name }}
containerPort: {{ .Values.webhookService.targetPort }}
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
07070100000006000081a400000000000000000000000168e8e38000000272000000000000000000000000000000000000002400000000templates/leader_election_role.yaml# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "upgrade-controller.fullname" . }}-leader-election
namespace: {{ .Release.Namespace }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
07070100000007000081a400000000000000000000000168e8e38000000201000000000000000000000000000000000000002c00000000templates/leader_election_role_binding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "upgrade-controller.fullname" . }}-leader-election
namespace: {{ .Release.Namespace }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "upgrade-controller.fullname" . }}-leader-election
subjects:
- kind: ServiceAccount
name: {{ include "upgrade-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
07070100000008000081a400000000000000000000000168e8e380000001c1000000000000000000000000000000000000001e00000000templates/serviceaccount.yaml{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "upgrade-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}
07070100000009000081a400000000000000000000000168e8e3800000039d000000000000000000000000000000000000003000000000templates/validating_webhook_configuration.yamlapiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ include "upgrade-controller.fullname" . }}-validating-webhook-configuration
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "upgrade-controller.certificate" . }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "upgrade-controller.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-lifecycle-suse-com-v1alpha1-upgradeplan
failurePolicy: Fail
name: upgrade-plan-policy.suse.com
rules:
- apiGroups:
- lifecycle.suse.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- upgradeplans
sideEffects: None
0707010000000a000081a400000000000000000000000168e8e380000001da000000000000000000000000000000000000001f00000000templates/webhook_service.yamlapiVersion: v1
kind: Service
metadata:
name: {{ include "upgrade-controller.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "upgrade-controller.labels" . | nindent 4 }}
spec:
type: {{ .Values.webhookService.type }}
ports:
- port: {{ .Values.webhookService.port }}
targetPort: {{ .Values.webhookService.targetPort }}
protocol: TCP
selector:
{{- include "upgrade-controller.selectorLabels" . | nindent 4 }}
0707010000000b000041ed00000000000000000000000168e8e38000000000000000000000000000000000000000000000000a00000000templates07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
