├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── ci.yaml │ └── release.yaml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── NOTICE ├── README.md ├── docs └── logo │ ├── amazon-eks.png │ └── aws.png ├── scripts ├── draft-release.sh ├── install-toolchain.sh ├── lint-charts.sh ├── package-charts.sh ├── publish-charts.sh ├── validate-chart-versions.sh └── validate-charts.sh ├── stable ├── appmesh-controller │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── values.yaml │ ├── crds │ │ ├── crds.yaml │ │ └── kustomization.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── pdb.yaml │ │ ├── psp.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── webhook.yaml │ ├── test.yaml │ ├── upgrade │ │ └── pre_upgrade_check.sh │ ├── values.yaml │ └── webhookconfig.yaml ├── appmesh-gateway │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── gateway.yaml │ │ ├── hpa.yaml │ │ ├── psp.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── appmesh-grafana │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── dashboards │ │ ├── canary-releases.json │ │ ├── control-plane.json │ │ └── data-plane.json │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── dashboards-cfg.yaml │ │ ├── datasources-cfg.yaml │ │ ├── deployment.yaml │ │ ├── grafana-cfg.yaml │ │ ├── providers-cfg.yaml │ │ ├── psp.yaml │ │ └── service.yaml │ └── values.yaml ├── appmesh-inject │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── deployment.yaml │ │ ├── mesh.yaml │ │ ├── psp.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── webhook.yaml │ └── values.yaml ├── appmesh-jaeger │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── deployment.yaml │ │ ├── psp.yaml │ │ └── service.yaml │ └── values.yaml ├── appmesh-prometheus │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── config.yaml │ │ ├── deployment.yaml │ │ ├── psp.yaml │ │ ├── rbac.yaml │ │ └── service.yaml │ └── values.yaml ├── appmesh-spire-agent │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── deployment.yaml │ │ ├── rbac.yaml │ │ └── spire-agent-cfg.yaml │ └── values.yaml ├── appmesh-spire-server │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── account.yaml │ │ ├── deployment.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ ├── spire-bundle-cfg.yaml │ │ └── spire-server-cfg.yaml │ └── values.yaml ├── aws-cloudwatch-metrics │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── daemonset.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── aws-efa-k8s-device-plugin │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── daemonset.yaml │ └── values.yaml ├── aws-for-fluent-bit │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── daemonset.yaml │ │ ├── psp.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── aws-load-balancer-controller │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ ├── extra_args │ │ └── values.yaml │ ├── crds │ │ ├── crds.yaml │ │ └── kustomization.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingressclass.yaml │ │ ├── pdb.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── webhook.yaml │ ├── test.yaml │ └── values.yaml ├── aws-sigv4-proxy-admission-controller │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── webhook.yaml │ └── values.yaml ├── aws-vpc-cni │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── crds │ │ ├── customresourcedefinition.yaml │ │ └── kustomization.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── daemonset.yaml │ │ ├── eniconfig.yaml │ │ ├── podmonitor.yaml │ │ └── serviceaccount.yaml │ └── values.yaml └── cni-metrics-helper │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── deployment.yaml │ └── serviceaccount.yaml │ └── values.yaml └── test ├── e2e └── appmesh.bats ├── lib ├── helm.sh └── kind.sh └── run.sh /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in 2 | # the repo. Unless a later match takes precedence, 3 | * @dims 4 | 5 | /stable/appmesh-*/ @aws/app-mesh-eks-admin 6 | 7 | /stable/aws-load-balancer-controller/ @aws/eks-networking 8 | 9 | /stable/aws-efa-k8s-device-plugin/ @aws/eks-networking 10 | /stable/aws-vpc-cni/ @aws/eks-networking 11 | /stable/cni-metrics-helper/ @aws/eks-networking 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A concise description of what the bug is. 12 | 13 | **Steps to reproduce** 14 | 15 | **Expected outcome** 16 | A concise description of what you expected to happen. 17 | 18 | **Environment** 19 | 20 | * Chart name: 21 | * Chart version: 22 | * Kubernetes version: 23 | * Using EKS (yes/no), if so version? 24 | 25 | **Additional Context**: 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem?** 11 | A description of what the problem is. For example: I'm frustrated when [...] 12 | 13 | **Is your feature request related to a specific Helm chart, if yes mention name of the chart?** 14 | e.g. appmesh-controller 15 | 16 | **Describe the solution you'd like** 17 | A description of what you want to happen. 18 | 19 | **Describe alternatives you've considered** 20 | A description of any alternative solutions or features you've considered. 21 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ### Issue 2 | 3 | 4 | 5 | ### Description of changes 6 | 7 | 8 | 9 | ### Checklist 10 | - [ ] Added/modified documentation as required (such as the `README.md` for modified charts) 11 | - [ ] Incremented the chart `version` in `Chart.yaml` for the modified chart(s) 12 | - [ ] Manually tested. Describe what testing was done in the testing section below 13 | - [ ] Make sure the title of the PR is a good description that can go into the release notes 14 | 15 | ### Testing 16 | 17 | 18 | 19 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 20 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: 3 | pull_request: 4 | paths: 5 | - "**/*.tpl" 6 | - "**/*.yaml" 7 | workflow_dispatch: 8 | 9 | jobs: 10 | ci: 11 | runs-on: ubuntu-latest 12 | if: github.repository == 'aws/eks-charts' 13 | steps: 14 | - 15 | name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | 20 | - run: make install-toolchain 21 | - run: make verify 22 | - run: make package 23 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: release 2 | on: 3 | push: 4 | tags: 5 | - 'v[0-9]+.[0-9]+.[0-9]+' 6 | workflow_dispatch: 7 | permissions: 8 | id-token: write 9 | pull-requests: write 10 | contents: write 11 | jobs: 12 | release: 13 | runs-on: ubuntu-latest 14 | if: github.repository == 'aws/eks-charts' 15 | steps: 16 | - 17 | name: Checkout 18 | uses: actions/checkout@v4 19 | with: 20 | fetch-depth: 0 21 | 22 | - run: make install-toolchain 23 | - run: make verify 24 | - run: make package publish 25 | env: 26 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 27 | GITHUB_REPO: ${{ github.repository }} 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, build with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | .DS_Store 14 | 15 | bin/ 16 | _tmp/ 17 | build/ 18 | 19 | .idea 20 | *.iml 21 | charts/ 22 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *master* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | 61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. 62 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | REPO_ROOT ?= $(shell git rev-parse --show-toplevel) 2 | BUILD_DIR ?= $(dir $(realpath -s $(firstword $(MAKEFILE_LIST))))/build 3 | VERSION ?= $(shell git describe --tags --always --dirty) 4 | 5 | $(shell mkdir -p ${BUILD_DIR}) 6 | 7 | all: verify test build 8 | 9 | build: 10 | @echo "build" 11 | 12 | verify: 13 | ${REPO_ROOT}/scripts/validate-charts.sh 14 | ${REPO_ROOT}/scripts/validate-chart-versions.sh 15 | ${REPO_ROOT}/scripts/lint-charts.sh 16 | 17 | draft-release: 18 | ${REPO_ROOT}/scripts/draft-release.sh 19 | 20 | package: 21 | ${REPO_ROOT}/scripts/package-charts.sh 22 | 23 | publish: package 24 | ${REPO_ROOT}/scripts/publish-charts.sh 25 | 26 | version: 27 | @echo ${VERSION} 28 | 29 | install-toolchain: 30 | ${REPO_ROOT}/scripts/install-toolchain.sh 31 | 32 | clean: 33 | rm -rf ${REPO_ROOT}/build/ 34 | 35 | help: 36 | @grep -E '^[a-zA-Z_-]+:.*$$' $(MAKEFILE_LIST) | sort 37 | 38 | .PHONY: all build test verify package publish draft-release help 39 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EKS Charts 2 | 3 | Add the EKS repository to Helm: 4 | 5 | ```sh 6 | helm repo add eks https://aws.github.io/eks-charts 7 | ``` 8 | 9 | ### App Mesh 10 | 11 | * [appmesh-controller](stable/appmesh-controller): App Mesh controller Helm chart for Kubernetes 12 | * [appmesh-prometheus](stable/appmesh-prometheus): App Mesh Prometheus Helm chart for Kubernetes 13 | * [appmesh-grafana](stable/appmesh-grafana): App Mesh Grafana Helm chart for Kubernetes 14 | * [appmesh-jaeger](stable/appmesh-jaeger): App Mesh Jaeger Helm chart for Kubernetes 15 | * [appmesh-spire-server](stable/appmesh-spire-server): App Mesh SPIRE Server Helm chart for Kubernetes 16 | * [appmesh-spire-agent](stable/appmesh-spire-agent): App Mesh SPIRE Agent Helm chart for Kubernetes 17 | * [appmesh-gateway](stable/appmesh-gateway): App Mesh Gateway Helm chart for Kubernetes 18 | * [appmesh-inject](stable/appmesh-inject)(**deprecated**): App Mesh inject Helm chart for Kubernetes 19 | 20 | ### AWS Node Termination Handler 21 | 22 | > [!WARNING] 23 | > This Helm chart is now deprecated. Please see the current chart located in the [aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler/tree/main/config/helm/aws-node-termination-handler) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler) 24 | 25 | ### AWS CloudWatch Metrics 26 | 27 | * [aws-cloudwatch-metrics](stable/aws-cloudwatch-metrics): A helm chart for CloudWatch Agent to Collect Cluster Metrics 28 | 29 | ### AWS for Fluent Bit 30 | 31 | * [aws-for-fluent-bit](stable/aws-for-fluent-bit): A helm chart for [AWS-for-fluent-bit](https://github.com/aws/aws-for-fluent-bit) 32 | 33 | ### AWS Load Balancer Controller 34 | 35 | * [aws-load-balancer-controller](stable/aws-load-balancer-controller): A helm chart for [AWS Load Balancer Controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller) 36 | 37 | ### AWS VPC CNI 38 | 39 | * [aws-vpc-cni](stable/aws-vpc-cni): Networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS. 40 | 41 | ### AWS SIGv4 Proxy Admission Controller 42 | 43 | * [aws-sigv4-proxy-admission-controller](stable/aws-sigv4-proxy-admission-controller): A helm chart for [AWS SIGv4 Proxy Admission Controller](https://github.com/aws-observability/aws-sigv4-proxy-admission-controller) 44 | 45 | ### AWS Secrets Manager and Config Provider for Secret Store CSI Driver 46 | 47 | > [!WARNING] 48 | > This Helm chart is deprecated, please switch to [AWS Secrets Manager and Config Provider](https://github.com/aws/secrets-store-csi-driver-provider-aws) which is reviewed, owned and maintained by AWS 49 | 50 | ### Amazon EC2 Metadata Mock 51 | 52 | > [!WARNING] 53 | > This Helm chart is now deprecated. Please see the current chart located in the [amazon-ec2-metadata-mock](https://github.com/aws/amazon-ec2-metadata-mock/tree/main/helm) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/amazon-ec2-metadata-mock) 54 | 55 | ### CNI Metrics Helper 56 | 57 | * [cni-metrics-helper](stable/cni-metrics-helper): A helm chart for [CNI Metrics Helper](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/cmd/cni-metrics-helper/README.md) 58 | 59 | ### EKS EFA K8s Device Plugin 60 | 61 | * [aws-efa-k8s-device-plugin](stable/aws-efa-k8s-device-plugin): A helm chart for the [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) plugin, which automatically discovers and mounts EFA devices into pods that request them 62 | 63 | ## License 64 | 65 | This project is licensed under the Apache-2.0 License. 66 | -------------------------------------------------------------------------------- /docs/logo/amazon-eks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/eks-charts/2a91e36816290c68b96c7581b55a856b4fe796aa/docs/logo/amazon-eks.png -------------------------------------------------------------------------------- /docs/logo/aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/eks-charts/2a91e36816290c68b96c7581b55a856b4fe796aa/docs/logo/aws.png -------------------------------------------------------------------------------- /scripts/draft-release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 5 | BUILD_DIR="${GIT_REPO_ROOT}/build" 6 | TOOLS_DIR="${BUILD_DIR}/tools" 7 | STABLE="${GIT_REPO_ROOT}/stable" 8 | export PATH="${TOOLS_DIR}:${PATH}" 9 | 10 | RELEASE_NOTES="${BUILD_DIR}/release-notes.md" 11 | touch "${RELEASE_NOTES}" 12 | 13 | function get_chart_version() { 14 | chart="$(basename ${1})" 15 | grep 'version: [0-9]\+\.[0-9]\+\.[0-9]\+' "${GIT_REPO_ROOT}/stable/${chart}/Chart.yaml" | cut -d':' -f2 | tr -d '[:space:]' 16 | } 17 | 18 | function get_app_version() { 19 | chart="$(basename ${1})" 20 | grep 'appVersion:[ ]*v\?[0-9]\+\.[0-9]\+\.[0-9]\+' "${GIT_REPO_ROOT}/stable/${chart}/Chart.yaml" | cut -d':' -f2 | tr -d '[:space:]' 21 | } 22 | 23 | >&2 git fetch --all --tags 24 | 25 | if $(git describe HEAD --tags | grep -Eq "^v[0-9]+(\.[0-9]+)*(-[a-z0-9]+)?$"); then 26 | LAST_RELEASE_HASH=$(git rev-list --tags --max-count=1 --skip=1 --no-walk) 27 | else 28 | TAG=$(git describe HEAD --tags | grep -Eo "^v[0-9]+(\.[0-9]+)*") 29 | LAST_RELEASE_HASH=$(git rev-list -1 $TAG) 30 | fi 31 | LAST_RELEASE_TAG=$(git describe $LAST_RELEASE_HASH --tags) 32 | 33 | CHANGED_CHARTS=() 34 | 35 | cd ${STABLE} 36 | echo "## Charts" | tee "${RELEASE_NOTES}" 37 | for chart in */; do 38 | chart="$(basename $chart)" 39 | LAST_COMMIT_HASH=$(git --no-pager log --pretty=tformat:"%H" -- "${chart}" | awk 'FNR <= 1') 40 | ## If LAST_RELEASE_HASH does not include the chart, then it's a new chart so we'll add it to the notes 41 | if [[ -z $(git ls-tree -d $LAST_RELEASE_HASH "${chart}") ]]; then 42 | echo "- ${chart} (chart $(get_chart_version ${chart}), image $(get_app_version ${chart}))" | tee -a "${RELEASE_NOTES}" 43 | CHANGED_CHARTS+=("${chart}") 44 | continue 45 | fi 46 | ## If LAST_RELEASE_HASH is NOT an ancestor of LAST_COMMIT_HASH then it has not been modified 47 | if [[ ! -z $LAST_COMMIT_HASH && -z $(git rev-list $LAST_COMMIT_HASH | grep $LAST_RELEASE_HASH) || $LAST_COMMIT_HASH == $LAST_RELEASE_HASH ]]; then 48 | continue 49 | fi 50 | ## The chart was modified since the last release 51 | echo "- ${chart} (chart $(get_chart_version ${chart}), image $(get_app_version ${chart}))" | tee -a "${RELEASE_NOTES}" 52 | CHANGED_CHARTS+=("${chart}") 53 | done 54 | 55 | echo "## Changes" | tee -a "${RELEASE_NOTES}" 56 | for chart in "${CHANGED_CHARTS[@]}"; do 57 | echo "- [${chart}]" | tee -a "${RELEASE_NOTES}" 58 | for change in $(git rev-list $LAST_RELEASE_HASH..HEAD ${chart}); do 59 | one_line_msg=$(git --no-pager log --pretty='%s (thanks to %an)' "${change}" -n1 | sed 's/^\[.*\]//' | xargs) 60 | echo " - ${one_line_msg}" | tee -a "${RELEASE_NOTES}" 61 | done 62 | done 63 | 64 | >&2 echo -e "\n\nRelease notes file: ${RELEASE_NOTES}" 65 | -------------------------------------------------------------------------------- /scripts/install-toolchain.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | PLATFORM=$(uname -s | tr '[:upper:]' '[:lower:]') 5 | ARCH=$([[ $(uname -m) = "x86_64" ]] && echo 'amd64' || echo 'arm64') 6 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 7 | BUILD_DIR="${GIT_REPO_ROOT}/build" 8 | TMP_DIR="${BUILD_DIR}/tmp" 9 | TOOLS_DIR="${BUILD_DIR}/tools" 10 | mkdir -p "${TOOLS_DIR}" 11 | export PATH="${TOOLS_DIR}:${PATH}" 12 | 13 | HELM_VERSION="v3.16.1" 14 | KUBECTL_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt) 15 | KIND_VERSION=v0.24.0 16 | BATS_VERSION=1.11.0 17 | 18 | ## Install kubectl 19 | curl -sSL "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/${PLATFORM}/${ARCH}/kubectl" -o "${TOOLS_DIR}/kubectl" 20 | chmod +x "${TOOLS_DIR}/kubectl" 21 | 22 | ## Install kubeval 23 | mkdir -p "${TMP_DIR}/kubeval" 24 | curl -sSL https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-${PLATFORM}-${ARCH}.tar.gz | tar xz -C "${TMP_DIR}/kubeval" 25 | mv "${TMP_DIR}/kubeval/kubeval" "${TOOLS_DIR}/kubeval" 26 | 27 | ## Install helm 28 | mkdir -p "${TMP_DIR}/helm" 29 | curl -sSL https://get.helm.sh/helm-${HELM_VERSION}-${PLATFORM}-${ARCH}.tar.gz | tar xz -C "${TMP_DIR}/helm" 30 | mv "${TMP_DIR}/helm/${PLATFORM}-${ARCH}/helm" "${TOOLS_DIR}/helm" 31 | rm -rf "${PLATFORM}-${ARCH}" 32 | 33 | ## Install Bats 34 | curl -sSL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz | tar xz -C "${TOOLS_DIR}" 35 | ln -s ${TOOLS_DIR}/bats-core-${BATS_VERSION}/bin/bats ${TOOLS_DIR}/bats 36 | 37 | ## Install kind 38 | curl -sSL "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-${PLATFORM}-${ARCH}" -o "${TOOLS_DIR}/kind" 39 | chmod +x "${TOOLS_DIR}/kind" 40 | 41 | rm -rf ${TMP_DIR} 42 | -------------------------------------------------------------------------------- /scripts/lint-charts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 5 | BUILD_DIR="${GIT_REPO_ROOT}/build" 6 | TOOLS_DIR="${BUILD_DIR}/tools" 7 | STABLE="${GIT_REPO_ROOT}/stable" 8 | export PATH="${TOOLS_DIR}:${PATH}" 9 | 10 | FAILED=() 11 | 12 | cd ${STABLE} 13 | for d in */; do 14 | EXTRA_ARGS="" 15 | if [ -f ${STABLE}/${d}/ci/extra_args ]; then 16 | EXTRA_ARGS=$(cat ${STABLE}/${d}/ci/extra_args) 17 | fi 18 | echo "Linting chart ${d} w/ helm" 19 | helm lint ${STABLE}/${d} || FAILED+=("${d}") 20 | done 21 | 22 | if [[ "${#FAILED[@]}" -eq 0 ]]; then 23 | echo "All charts passed linting!" 24 | exit 0 25 | else 26 | echo "Helm linting failed:" 27 | for chart in "${FAILED[@]}"; do 28 | printf "%40s ❌\n" "$chart" 29 | done 30 | fi 31 | -------------------------------------------------------------------------------- /scripts/package-charts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 5 | BUILD_DIR="${GIT_REPO_ROOT}/build" 6 | TOOLS_DIR="${BUILD_DIR}/tools" 7 | STABLE="${GIT_REPO_ROOT}/stable" 8 | export PATH="${TOOLS_DIR}:${PATH}" 9 | 10 | PACKAGE_DIR="${GIT_REPO_ROOT}/build" 11 | mkdir -p "${PACKAGE_DIR}" 12 | 13 | helm package "${STABLE}/"* --destination "${PACKAGE_DIR}/stable" --dependency-update 14 | -------------------------------------------------------------------------------- /scripts/publish-charts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | 5 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 6 | BUILD_DIR="${GIT_REPO_ROOT}/build" 7 | TOOLS_DIR="${BUILD_DIR}/tools" 8 | STABLE="${GIT_REPO_ROOT}/stable" 9 | PACKAGE_DIR="${GIT_REPO_ROOT}/build" 10 | export PATH="${TOOLS_DIR}:${PATH}" 11 | VERSION="$(git describe --tags --always)" 12 | 13 | if echo "${VERSION}" | grep -Eq "^v[0-9]+(\.[0-9]+){2}$"; then 14 | git fetch --all 15 | git config user.email eks-bot@users.noreply.github.com 16 | git config user.name eks-bot 17 | # Don't leak GITHUB_TOKEN 18 | set +x 19 | git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPO} 20 | set -x 21 | git config pull.rebase false 22 | git checkout gh-pages 23 | mv -n $PACKAGE_DIR/stable/*.tgz . 24 | helm repo index . --url https://aws.github.io/eks-charts 25 | git add . 26 | git commit -m "Publish stable charts ${VERSION}" 27 | git push origin gh-pages 28 | echo "✅ Published charts" 29 | else 30 | echo "Not a valid semver release tag! Skip charts publish" 31 | exit 1 32 | fi 33 | 34 | -------------------------------------------------------------------------------- /scripts/validate-chart-versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 5 | BUILD_DIR="${GIT_REPO_ROOT}/build" 6 | TOOLS_DIR="${BUILD_DIR}/tools" 7 | STABLE="${GIT_REPO_ROOT}/stable" 8 | export PATH="${TOOLS_DIR}:${PATH}" 9 | 10 | EXIT_CODE=0 11 | if $(git describe HEAD --tags | grep -Eq "^v[0-9]+(\.[0-9]+)*(-[a-z0-9]+)?$"); then 12 | LAST_RELEASE_HASH=$(git rev-list --tags --max-count=1 --skip=1 --no-walk) 13 | else 14 | TAG=$(git describe HEAD --tags | grep -Eo "^v[0-9]+(\.[0-9]+)*") 15 | LAST_RELEASE_HASH=$(git rev-list -1 $TAG) 16 | fi 17 | LAST_RELEASE_TAG=$(git describe $LAST_RELEASE_HASH --tags) 18 | cd ${STABLE} 19 | echo "📝 Checking for updated Chart versions since the last eks-charts release $LAST_RELEASE_TAG" 20 | for d in */; do 21 | LAST_COMMIT_HASH=$(git --no-pager log --pretty=tformat:"%H" -- $d | awk 'FNR <= 1') 22 | ## If LAST_RELEASE_HASH does not include the chart, then it's a new chart and does not need a version increment 23 | if [[ -z $(git ls-tree -d $LAST_RELEASE_HASH $d) ]]; then 24 | echo "✅ Chart $d is a new chart since the last release" 25 | continue 26 | fi 27 | ## If LAST_RELEASE_HASH is NOT an ancestor of LAST_COMMIT_HASH then it has not been modified 28 | if [[ ! -z $LAST_COMMIT_HASH && -z $(git rev-list $LAST_COMMIT_HASH | grep $LAST_RELEASE_HASH) || $LAST_COMMIT_HASH == $LAST_RELEASE_HASH ]]; then 29 | echo "✅ Chart $d had no changes since the last eks-charts release" 30 | continue 31 | fi 32 | LAST_RELEASE_CHART_VERSION=$(git --no-pager show $LAST_RELEASE_HASH:stable/"$d"Chart.yaml | grep 'version:' | xargs | cut -d' ' -f2 | tr -d '[:space:]') 33 | LAST_COMMIT_CHART_VERSION=$(git --no-pager show $LAST_COMMIT_HASH:stable/"$d"Chart.yaml | grep 'version:' | xargs | cut -d' ' -f2 | tr -d '[:space:]') 34 | if [[ $LAST_RELEASE_CHART_VERSION == $LAST_COMMIT_CHART_VERSION ]]; then 35 | echo "❌ Chart $d has the same Chart version as the last release $LAST_COMMIT_CHART_VERSION" 36 | EXIT_CODE=1 37 | else 38 | echo "✅ Chart $d has a different version since the last eks-charts release ($LAST_RELEASE_CHART_VERSION -> $LAST_COMMIT_CHART_VERSION)" 39 | fi 40 | done 41 | exit $EXIT_CODE 42 | -------------------------------------------------------------------------------- /scripts/validate-charts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | 4 | GIT_REPO_ROOT=$(git rev-parse --show-toplevel) 5 | BUILD_DIR="${GIT_REPO_ROOT}/build" 6 | TOOLS_DIR="${BUILD_DIR}/tools" 7 | STABLE="${GIT_REPO_ROOT}/stable" 8 | export PATH="${TOOLS_DIR}:${PATH}" 9 | 10 | FAILED=() 11 | 12 | cd ${STABLE} 13 | for d in */; do 14 | EXTRA_ARGS="" 15 | if [ -f ${STABLE}/${d}/ci/extra_args ]; then 16 | EXTRA_ARGS=$(cat ${STABLE}/${d}/ci/extra_args) 17 | fi 18 | echo "Validating chart ${d} w/ helm" 19 | helm template ${STABLE}/${d} ${EXTRA_ARGS}| kubeval --strict --ignore-missing-schemas || FAILED+=("${d}") 20 | done 21 | 22 | if [[ "${#FAILED[@]}" -eq 0 ]]; then 23 | echo "All charts passed validations!" 24 | exit 0 25 | else 26 | echo "Helm validation failed:" 27 | for chart in "${FAILED[@]}"; do 28 | printf "%40s ❌\n" "$chart" 29 | done 30 | fi 31 | -------------------------------------------------------------------------------- /stable/appmesh-controller/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | crds/kustomization.yaml 25 | -------------------------------------------------------------------------------- /stable/appmesh-controller/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-controller 3 | description: App Mesh controller Helm chart for Kubernetes 4 | version: 1.13.1 5 | appVersion: 1.13.1 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Kishor Joshi 12 | url: https://github.com/kishorj 13 | email: kishorj@users.noreply.github.com 14 | keywords: 15 | - eks 16 | - appmesh 17 | -------------------------------------------------------------------------------- /stable/appmesh-controller/ci/values.yaml: -------------------------------------------------------------------------------- 1 | # CI testing values for appmesh-controller 2 | 3 | # This is a dummy account for CI test. Not a valid account ID 4 | accountId: 123456789 5 | region: us-west-2 6 | image: 7 | repository: public.ecr.aws/appmesh/appmesh-controller 8 | tag: v1.13.1 9 | pullPolicy: IfNotPresent 10 | -------------------------------------------------------------------------------- /stable/appmesh-controller/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - crds.yaml 5 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh controller installed! 2 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-controller.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-controller.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-controller.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-controller.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-controller.name" . }} 39 | helm.sh/chart: {{ include "appmesh-controller.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-controller.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-controller.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | 58 | {{/* 59 | Generate certificates for webhook 60 | */}} 61 | {{- define "appmesh-controller.gen-certs" -}} 62 | {{- $fullName := ( include "appmesh-controller.fullname" . ) -}} 63 | {{- $altNames := list ( printf "%s-%s.%s" $fullName "webhook-service" .Release.Namespace ) ( printf "%s-%s.%s.svc" $fullName "webhook-service" .Release.Namespace ) -}} 64 | {{- $ca := genCA "appmesh-controller-ca" 3650 -}} 65 | {{- $cert := genSignedCert ( include "appmesh-controller.fullname" . ) nil $altNames 3650 $ca -}} 66 | caCert: {{ $ca.Cert | b64enc }} 67 | clientCert: {{ $cert.Cert | b64enc }} 68 | clientKey: {{ $cert.Key | b64enc }} 69 | {{- end -}} 70 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget }} 2 | {{- if gt (int .Values.replicaCount) 1 }} 3 | kind: PodDisruptionBudget 4 | apiVersion: policy/v1 5 | metadata: 6 | name: {{ template "appmesh-controller.fullname" . }}-pdb 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "appmesh-controller.labels" . | indent 4 }} 10 | spec: 11 | selector: 12 | matchLabels: 13 | control-plane: {{ template "appmesh-controller.fullname" . }} 14 | app.kubernetes.io/name: {{ include "appmesh-controller.fullname" . }} 15 | app.kubernetes.io/part-of: appmesh 16 | {{- toYaml .Values.podDisruptionBudget | nindent 2 }} 17 | {{- end -}} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-controller.fullname" . }} 6 | labels: 7 | {{ include "appmesh-controller.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-controller.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-controller.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-controller.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-controller.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-controller.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-controller.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-controller.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "appmesh-controller.fullname" . }}-leader-election-role 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "appmesh-controller.labels" . | indent 4 }} 9 | rules: 10 | - apiGroups: [""] 11 | resources: [configmaps] 12 | verbs: [create, list, watch] 13 | - apiGroups: [""] 14 | resources: [configmaps] 15 | resourceNames: [appmesh-controller-leader-election] 16 | verbs: [get, patch, update] 17 | - apiGroups: [""] 18 | resources: [events] 19 | verbs: [create, patch] 20 | - apiGroups: ["coordination.k8s.io"] 21 | resources: [leases] 22 | verbs: [create] 23 | - apiGroups: ["coordination.k8s.io"] 24 | resources: [leases] 25 | resourceNames: [appmesh-controller-leader-election] 26 | verbs: [get, update, patch] 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | kind: RoleBinding 30 | metadata: 31 | name: {{ template "appmesh-controller.fullname" . }}-leader-election-rolebinding 32 | namespace: {{ .Release.Namespace }} 33 | labels: 34 | {{ include "appmesh-controller.labels" . | indent 4 }} 35 | roleRef: 36 | apiGroup: rbac.authorization.k8s.io 37 | kind: Role 38 | name: {{ template "appmesh-controller.fullname" . }}-leader-election-role 39 | subjects: 40 | - kind: ServiceAccount 41 | name: {{ template "appmesh-controller.serviceAccountName" . }} 42 | namespace: {{ .Release.Namespace }} 43 | --- 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: ClusterRole 46 | metadata: 47 | name: {{ template "appmesh-controller.fullname" . }}-role 48 | labels: 49 | {{ include "appmesh-controller.labels" . | indent 4 }} 50 | rules: 51 | - apiGroups: [""] 52 | resources: [events] 53 | verbs: [create, delete, get, list, patch, update, watch] 54 | - apiGroups: [""] 55 | resources: [namespaces, pods, nodes] 56 | verbs: [get, list, watch] 57 | - apiGroups: [""] 58 | resources: [pods/status] 59 | verbs: [get, patch, update] 60 | - apiGroups: [appmesh.k8s.aws] 61 | resources: [backendgroups, gatewayroutes, meshes, virtualgateways, virtualnodes, virtualrouters, virtualservices] 62 | verbs: [create, delete, get, list, patch, update, watch] 63 | - apiGroups: [appmesh.k8s.aws] 64 | resources: [backendgroups/status, gatewayroutes/status, meshes/status, virtualgateways/status, virtualnodes/status, virtualrouters/status, virtualservices/status] 65 | verbs: [get, patch, update] 66 | --- 67 | apiVersion: rbac.authorization.k8s.io/v1 68 | kind: ClusterRoleBinding 69 | metadata: 70 | name: {{ template "appmesh-controller.fullname" . }}-rolebinding 71 | labels: 72 | {{ include "appmesh-controller.labels" . | indent 4 }} 73 | roleRef: 74 | apiGroup: rbac.authorization.k8s.io 75 | kind: ClusterRole 76 | name: {{ template "appmesh-controller.fullname" . }}-role 77 | subjects: 78 | - name: {{ template "appmesh-controller.serviceAccountName" . }} 79 | namespace: {{ .Release.Namespace }} 80 | kind: ServiceAccount 81 | {{- end }} 82 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-controller.fullname" . }}-webhook-service 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "appmesh-controller.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: 9443 12 | selector: 13 | control-plane: {{ template "appmesh-controller.fullname" . }} 14 | -------------------------------------------------------------------------------- /stable/appmesh-controller/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "appmesh-controller.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "appmesh-controller.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /stable/appmesh-controller/upgrade/pre_upgrade_check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | check_kube_connection() { 4 | 5 | kube_err=$(kubectl cluster-info 2>&1 >/dev/null) 6 | if [[ -z $kube_err ]]; then 7 | echo "kubectl context check: PASSED!" 8 | return 0 9 | else 10 | echo "kubectl context check: FAILED -- context or permissions issue for kubectl" 11 | echo $kube_err 12 | return 1 13 | fi 14 | 15 | } 16 | 17 | check_kube_installation() { 18 | 19 | kube_err=$(kubectl version --client 2>&1 >/dev/null) 20 | if [[ -z $kube_err ]]; then 21 | echo "kubectl installation check: PASSED!" 22 | return 0 23 | else 24 | echo "kubectl installation check: FAILED -- kubectl not installed" 25 | return 1 26 | fi 27 | 28 | } 29 | 30 | check_jq_installation() { 31 | 32 | jq_err=$(jq --version 2>&1 >/dev/null) 33 | if [[ -z $jq_err ]]; then 34 | echo "jq installation check: PASSED!" 35 | return 0 36 | else 37 | echo "jq installation check: FAILED -- jq not installed" 38 | return 1 39 | fi 40 | 41 | } 42 | 43 | check_old_crds() { 44 | 45 | vs=$(kubectl get crd virtualservices.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') 46 | vn=$(kubectl get crd virtualnodes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') 47 | ms=$(kubectl get crd meshes.appmesh.k8s.aws --ignore-not-found -o json | jq -r '.spec.versions[]? | select(.? | .name == "v1beta1")') 48 | 49 | if [[ -z $vs && -z $vn && -z $ms ]]; then 50 | echo "App Mesh CRD check: PASSED!" 51 | return 0 52 | else 53 | echo "App Mesh CRD check: FAILED -- v1beta1 CRDs are still installed" 54 | return 1 55 | fi 56 | 57 | } 58 | 59 | check_controller_version() { 60 | currentver=$(kubectl get deployment -n appmesh-system appmesh-controller --ignore-not-found -o json | jq -r ".spec.template.spec.containers[].image" | cut -f2 -d ':') 61 | requiredver="v1.0.0" 62 | 63 | if [[ "$(printf '%s\n' "$requiredver" "$currentver" | sort -V | head -n1)" = "$requiredver" || -z "$currentver" ]]; then 64 | echo "Controller version check: PASSED!" 65 | return 0 66 | else 67 | echo "Controller version check: FAILED -- old appmesh-controller ($currentver) is still running" 68 | return 1 69 | 70 | fi 71 | } 72 | 73 | check_injector() { 74 | status=0 75 | for ns in "appmesh-inject" "appmesh-system"; do 76 | 77 | injector=$(kubectl get deployment -n ${ns} appmesh-inject --ignore-not-found -o json | jq -r .kind) 78 | 79 | if [ -z $injector ]; then 80 | echo "Injector check for namespace ${ns}: PASSED!" 81 | else 82 | echo "Injector check: FAILED -- appmesh-inject is still running in namespace ${ns}" 83 | return 1 84 | fi 85 | 86 | done 87 | return 0 88 | } 89 | 90 | main() { 91 | 92 | exitcode=0 93 | check_kube_installation || exitcode=1 94 | check_jq_installation || exitcode=1 95 | check_kube_connection || exitcode=1 96 | if [ ${exitcode} = 0 ]; then 97 | check_old_crds || exitcode=1 98 | check_controller_version || exitcode=1 99 | check_injector || exitcode=1 100 | fi 101 | 102 | if [ ${exitcode} = 0 ]; then 103 | echo -e "\nYour cluster is ready for upgrade. Please proceed to the installation instructions" 104 | else 105 | echo -e "\nYour cluster is NOT ready for upgrade to v1.0.0. Please install/uninstall all the identified items before proceeding" 106 | fi 107 | 108 | } 109 | 110 | main -------------------------------------------------------------------------------- /stable/appmesh-controller/webhookconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file contains configuration for the webhooks defined 2 | # in the appmesh-controller. The contents should not be changed 3 | # unless there are corresponding changes in the appmesh-controller 4 | # controller. This file is referenced in the templates for 5 | # generating the admission webhooks for the resources 6 | customResources: 7 | - name: gatewayroute 8 | resource: gatewayroutes 9 | - name: mesh 10 | resource: meshes 11 | - name: virtualnode 12 | resource: virtualnodes 13 | - name: virtualrouter 14 | resource: virtualrouters 15 | - name: virtualservice 16 | resource: virtualservices 17 | - name: virtualgateway 18 | resource: virtualgateways 19 | - name: backendgroup 20 | resource: backendgroups 21 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | crds/kustomization.yaml 25 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-gateway 3 | description: App Mesh Gateway Helm chart for Kubernetes 4 | version: 0.1.5 5 | appVersion: 1.0.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Stefan Prodan 12 | url: https://github.com/stefanprodan 13 | email: stefanprodan@users.noreply.github.com 14 | keywords: 15 | - eks 16 | - appmesh 17 | - ingress 18 | - gateway 19 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/ci/values.yaml: -------------------------------------------------------------------------------- 1 | # CI testing values for appmesh-gateway 2 | 3 | region: us-west-2 4 | image: 5 | repository: envoyproxy/envoy 6 | tag: v1.14.2 7 | pullPolicy: IfNotPresent 8 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh Gateway installed! 2 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-gateway.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-gateway.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-gateway.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-gateway.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }} 39 | helm.sh/chart: {{ include "appmesh-gateway.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-gateway.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-gateway.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | 58 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "appmesh-gateway.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "appmesh-gateway.labels" . | indent 4 }} 8 | spec: 9 | strategy: 10 | type: RollingUpdate 11 | rollingUpdate: 12 | maxUnavailable: 10% 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} 16 | template: 17 | metadata: 18 | labels: 19 | app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} 20 | app.kubernetes.io/component: "appmesh-gateway" 21 | annotations: 22 | {{- if .Values.appmesh.preview }} 23 | appmesh.k8s.aws/preview: "enabled" 24 | {{- end }} 25 | {{- if .Values.image.skipImageOverride }} 26 | appmesh.k8s.aws/virtualGatewaySkipImageOverride: "enabled" 27 | {{- end }} 28 | {{- range $key, $value := .Values.podAnnotations }} 29 | {{ $key }}: {{ $value | quote }} 30 | {{- end }} 31 | spec: 32 | serviceAccountName: {{ template "appmesh-gateway.serviceAccountName" . }} 33 | terminationGracePeriodSeconds: 30 34 | {{- if .Values.podAntiAffinity }} 35 | affinity: 36 | podAntiAffinity: 37 | preferredDuringSchedulingIgnoredDuringExecution: 38 | - podAffinityTerm: 39 | labelSelector: 40 | matchLabels: 41 | app.kubernetes.io/name: {{ include "appmesh-gateway.name" . }} 42 | topologyKey: kubernetes.io/hostname 43 | weight: 100 44 | {{- end }} 45 | containers: 46 | - name: envoy 47 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 48 | imagePullPolicy: {{ .Values.image.pullPolicy }} 49 | ports: 50 | - containerPort: 8088 51 | name: http 52 | protocol: TCP 53 | - containerPort: 9901 54 | name: http-admin 55 | protocol: TCP 56 | livenessProbe: 57 | exec: 58 | command: 59 | - sh 60 | - -c 61 | - >- 62 | curl -s http://localhost:9901/server_info | grep state | grep -q LIVE 63 | readinessProbe: 64 | initialDelaySeconds: 5 65 | tcpSocket: 66 | port: http-admin 67 | resources: 68 | {{ toYaml .Values.resources | indent 10 }} 69 | {{- with .Values.nodeSelector }} 70 | nodeSelector: 71 | {{ toYaml . | indent 6 }} 72 | {{- end }} 73 | {{- with .Values.affinity }} 74 | affinity: 75 | {{ toYaml . | indent 6 }} 76 | {{- end }} 77 | {{- with .Values.tolerations }} 78 | tolerations: 79 | {{ toYaml . | indent 6 }} 80 | {{- end }} 81 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.appmesh.gateway }} 2 | apiVersion: appmesh.k8s.aws/v1beta2 3 | kind: VirtualGateway 4 | metadata: 5 | name: {{ template "appmesh-gateway.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "appmesh-gateway.labels" . | indent 4 }} 9 | spec: 10 | namespaceSelector: 11 | matchLabels: 12 | appmesh.k8s.aws/sidecarInjectorWebhook: enabled 13 | podSelector: 14 | matchLabels: 15 | app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} 16 | listeners: 17 | - portMapping: 18 | port: 8088 19 | protocol: http 20 | logging: 21 | accessLog: 22 | file: 23 | path: "/dev/stdout" 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.hpa.enabled }} 2 | apiVersion: autoscaling/v2beta2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "appmesh-gateway.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "appmesh-gateway.labels" . | indent 4 }} 9 | spec: 10 | scaleTargetRef: 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | name: {{ template "appmesh-gateway.fullname" . }} 14 | minReplicas: {{ .Values.hpa.minReplicas }} 15 | maxReplicas: {{ .Values.hpa.maxReplicas }} 16 | metrics: 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | target: 21 | type: Utilization 22 | averageUtilization: {{ .Values.hpa.averageUtilization }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-gateway.fullname" . }} 6 | labels: 7 | {{ include "appmesh-gateway.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-gateway.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-gateway.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-gateway.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-gateway.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-gateway.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-gateway.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-gateway.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-gateway.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "appmesh-gateway.labels" . | indent 4 }} 8 | annotations: 9 | {{- range $key, $value := .Values.service.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | spec: 13 | type: {{ .Values.service.type }} 14 | externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} 15 | ports: 16 | - port: {{ .Values.service.port }} 17 | targetPort: http 18 | name: http 19 | protocol: TCP 20 | selector: 21 | app.kubernetes.io/name: {{ template "appmesh-gateway.fullname" . }} 22 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "appmesh-gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "appmesh-gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /stable/appmesh-gateway/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-gateway. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | nameOverride: "" 6 | fullnameOverride: "" 7 | 8 | image: 9 | repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy 10 | tag: v1.15.1.0-prod 11 | pullPolicy: IfNotPresent 12 | # skipImageOverride: when enabled the App Mesh injector will not override the Envoy image 13 | skipImageOverride: false 14 | 15 | service: 16 | type: LoadBalancer 17 | port: 80 18 | # externalTrafficPolicy: when set to Local it preserves the client source IP 19 | externalTrafficPolicy: Cluster 20 | # annotations: NLB as default load balancer type 21 | annotations: 22 | service.beta.kubernetes.io/aws-load-balancer-type: nlb 23 | 24 | appmesh: 25 | # appmesh.gateway: Whether to create a VirtualGateway or not 26 | gateway: true 27 | # appmesh.preview: Whether to enable App Mesh Preview (us-west-2 only) or not 28 | preview: false 29 | 30 | # resources: requests are set by default to enable HPA 31 | resources: 32 | # limits: 33 | # cpu: 2000m 34 | # memory: 1Gi 35 | requests: 36 | cpu: 100m 37 | memory: 64Mi 38 | 39 | # hpa: CPU based auto-scaling 40 | hpa: 41 | enabled: false 42 | minReplicas: 2 43 | maxReplicas: 5 44 | # CPU average utilization percentage 45 | averageUtilization: 90 46 | 47 | # podAntiAffinity: the scheduler should prefer to not schedule 48 | # two replica pods onto the same node but no guarantee is provided. 49 | podAntiAffinity: 50 | enabled: true 51 | 52 | # affinity: node/pod affinity (disable podAntiAffinity to use this) 53 | affinity: {} 54 | 55 | nodeSelector: {} 56 | 57 | tolerations: [] 58 | 59 | podAnnotations: {} 60 | 61 | serviceAccount: 62 | # serviceAccount.create: Whether to create a service account or not 63 | create: true 64 | # serviceAccount.name: The name of the service account to create or use 65 | name: "" 66 | annotations: {} 67 | 68 | rbac: 69 | # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created 70 | pspEnabled: false 71 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-grafana 3 | description: App Mesh Grafana Helm chart for Kubernetes 4 | version: 1.0.4 5 | appVersion: 6.4.3 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Nicholas Turner 12 | url: https://github.com/nckturner 13 | email: nckturner@users.noreply.github.com 14 | - name: Stefan Prodan 15 | url: https://github.com/stefanprodan 16 | email: stefanprodan@users.noreply.github.com 17 | keywords: 18 | - eks 19 | - appmesh 20 | - grafana 21 | 22 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/README.md: -------------------------------------------------------------------------------- 1 | # App Mesh Grafana 2 | 3 | App Mesh Grafana Helm chart for Kubernetes 4 | 5 | ## Prerequisites 6 | 7 | * Kubernetes >= 1.16 8 | * AWS App Mesh [Prometheus](https://github.com/aws/eks-charts/tree/master/stable/appmesh-prometheus) >= 0.3.0 9 | 10 | ## Installing the Chart 11 | 12 | Add the EKS repository to Helm: 13 | 14 | ```sh 15 | helm repo add eks https://aws.github.io/eks-charts 16 | ``` 17 | 18 | Install App Mesh Grafana: 19 | 20 | ```sh 21 | helm upgrade -i appmesh-grafana eks/appmesh-grafana \ 22 | --namespace appmesh-system 23 | ``` 24 | 25 | The [configuration](#configuration) section lists the parameters that can be configured during installation. 26 | 27 | ## Uninstalling the Chart 28 | 29 | To uninstall/delete the `appmesh-grafana` deployment: 30 | 31 | ```console 32 | helm delete --purge appmesh-grafana 33 | ``` 34 | 35 | The command removes all the Kubernetes components associated with the chart and deletes the release. 36 | 37 | ## Configuration 38 | 39 | The following tables lists the configurable parameters of the chart and their default values. 40 | 41 | Parameter | Description | Default 42 | --- | --- | --- 43 | `image.repository` | image repository | `grafana/grafana` 44 | `image.tag` | image tag | `` 45 | `image.pullPolicy` | image pull policy | `IfNotPresent` 46 | `resources.requests/cpu` | pod CPU request | `100m` 47 | `resources.requests/memory` | pod memory request | `256Mi` 48 | `resources.limits/cpu` | pod CPU limit | `2000m` 49 | `resources.limits/memory` | pod memory limit | `2Gi` 50 | `affinity` | node/pod affinities | None 51 | `nodeSelector` | node labels for pod assignment | `{}` 52 | `tolerations` | list of node taints to tolerate | `[]` 53 | `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` 54 | `serviceAccount.create` | If `true`, create a new service account | `true` 55 | `serviceAccount.name` | Service account to be used | None 56 | `url` | Prometheus URL | `http://appmesh-prometheus:9090` 57 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh Grafana installed! -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-grafana.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-grafana.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-grafana.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-grafana.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} 39 | helm.sh/chart: {{ include "appmesh-grafana.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-grafana.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-grafana.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "appmesh-grafana.serviceAccountName" . }} 6 | labels: 7 | {{ include "appmesh-grafana.labels" . | indent 4 }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/dashboards-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }}-dashboards 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | data: 8 | {{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }} 9 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/datasources-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }}-datasources 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | data: 8 | datasources.yaml: |- 9 | apiVersion: 1 10 | deleteDatasources: 11 | - name: prometheus 12 | datasources: 13 | - name: prometheus 14 | type: prometheus 15 | access: proxy 16 | url: {{ .Values.url }} 17 | isDefault: true 18 | editable: true 19 | version: 1 20 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }} 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | strategy: 10 | type: Recreate 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} 14 | app.kubernetes.io/instance: {{ .Release.Name }} 15 | template: 16 | metadata: 17 | labels: 18 | app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | app.kubernetes.io/part-of: appmesh 21 | annotations: 22 | prometheus.io/scrape: "false" 23 | spec: 24 | serviceAccountName: {{ include "appmesh-grafana.serviceAccountName" . }} 25 | volumes: 26 | - name: grafana 27 | emptyDir: {} 28 | - name: dashboards 29 | configMap: 30 | name: {{ template "appmesh-grafana.fullname" . }}-dashboards 31 | - name: providers 32 | configMap: 33 | name: {{ template "appmesh-grafana.fullname" . }}-providers 34 | - name: datasources 35 | configMap: 36 | name: {{ template "appmesh-grafana.fullname" . }}-datasources 37 | - name: ini 38 | configMap: 39 | name: {{ template "appmesh-grafana.fullname" . }}-ini 40 | containers: 41 | - name: {{ .Chart.Name }} 42 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 43 | imagePullPolicy: {{ .Values.image.pullPolicy }} 44 | env: 45 | - name: GF_PATHS_PROVISIONING 46 | value: /etc/grafana/provisioning/ 47 | - name: GF_AUTH_BASIC_ENABLED 48 | value: "false" 49 | - name: GF_AUTH_ANONYMOUS_ENABLED 50 | value: "true" 51 | - name: GF_AUTH_ANONYMOUS_ORG_ROLE 52 | value: Admin 53 | ports: 54 | - name: http 55 | containerPort: 3000 56 | protocol: TCP 57 | livenessProbe: 58 | tcpSocket: 59 | port: http 60 | readinessProbe: 61 | tcpSocket: 62 | port: http 63 | volumeMounts: 64 | - name: grafana 65 | mountPath: /var/lib/grafana 66 | - name: ini 67 | mountPath: "/etc/grafana/grafana.ini" 68 | subPath: grafana.ini 69 | - name: dashboards 70 | mountPath: /etc/grafana/dashboards 71 | - name: datasources 72 | mountPath: /etc/grafana/provisioning/datasources 73 | - name: providers 74 | mountPath: /etc/grafana/provisioning/dashboards 75 | resources: 76 | {{ toYaml .Values.resources | indent 12 }} 77 | {{- with .Values.nodeSelector }} 78 | nodeSelector: 79 | {{ toYaml . | indent 8 }} 80 | {{- end }} 81 | {{- with .Values.affinity }} 82 | affinity: 83 | {{ toYaml . | indent 8 }} 84 | {{- end }} 85 | {{- with .Values.tolerations }} 86 | tolerations: 87 | {{ toYaml . | indent 8 }} 88 | {{- end }} 89 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/grafana-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }}-ini 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | data: 8 | grafana.ini: | 9 | [users] 10 | default_theme = light 11 | [analytics] 12 | reporting_enabled = false 13 | check_for_updates = false 14 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/providers-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }}-providers 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | data: 8 | providers.yaml: |+ 9 | apiVersion: 1 10 | providers: 11 | - name: 'default' 12 | orgId: 1 13 | folder: '' 14 | type: file 15 | disableDeletion: false 16 | editable: true 17 | options: 18 | path: /etc/grafana/dashboards 19 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-grafana.fullname" . }} 6 | labels: 7 | {{ include "appmesh-grafana.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-grafana.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-grafana.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-grafana.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-grafana.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-grafana.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-grafana.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-grafana.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-grafana.fullname" . }} 5 | labels: 6 | {{ include "appmesh-grafana.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "appmesh-grafana.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /stable/appmesh-grafana/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-grafana. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: grafana/grafana 9 | tag: 6.4.3 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | service: 16 | type: ClusterIP 17 | port: 3000 18 | 19 | resources: 20 | limits: 21 | memory: 512Mi 22 | requests: 23 | cpu: 10m 24 | memory: 128Mi 25 | 26 | nodeSelector: {} 27 | 28 | tolerations: [] 29 | 30 | affinity: {} 31 | 32 | serviceAccount: 33 | # serviceAccount.create: Whether to create a service account or not 34 | create: true 35 | # serviceAccount.name: The name of the service account to create or use 36 | name: "" 37 | 38 | rbac: 39 | # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created 40 | pspEnabled: false 41 | 42 | # Prometheus URL 43 | url: http://appmesh-prometheus:9090 44 | -------------------------------------------------------------------------------- /stable/appmesh-inject/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /stable/appmesh-inject/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-inject 3 | description: App Mesh Inject Helm chart for Kubernetes 4 | version: 0.14.8 5 | appVersion: 0.5.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Nicholas Turner 12 | url: https://github.com/nckturner 13 | email: nckturner@users.noreply.github.com 14 | - name: Stefan Prodan 15 | url: https://github.com/stefanprodan 16 | email: stefanprodan@users.noreply.github.com 17 | keywords: 18 | - eks 19 | - appmesh 20 | -------------------------------------------------------------------------------- /stable/appmesh-inject/README.md: -------------------------------------------------------------------------------- 1 | # App Mesh Inject 2 | 3 | App Mesh inject Helm chart for Kubernetes 4 | 5 | **Note**: Users of AppMesh controller v1.0.0+ **shouldn't** install this inject chart. The sidecar injection functionality is already included in the controller itself. 6 | 7 | ## Prerequisites 8 | 9 | * Kubernetes >= 1.13 10 | 11 | ## Installing the Chart 12 | 13 | Add the EKS repository to Helm: 14 | 15 | ```sh 16 | helm repo add eks https://aws.github.io/eks-charts 17 | ``` 18 | 19 | Install the App Mesh CRDs: 20 | 21 | ```sh 22 | kubectl apply -k github.com/aws/eks-charts/stable/appmesh-controller//crds?ref=master 23 | ``` 24 | 25 | Install the App Mesh admission controller: 26 | 27 | ```sh 28 | helm upgrade -i appmesh-inject eks/appmesh-inject \ 29 | --namespace appmesh-system \ 30 | --set mesh.name=global 31 | ``` 32 | 33 | Optionally you can create a mesh at install time: 34 | 35 | ```sh 36 | helm upgrade -i appmesh-inject eks/appmesh-inject \ 37 | --namespace appmesh-system \ 38 | --set mesh.name=global \ 39 | --set mesh.create=true 40 | ``` 41 | 42 | The [configuration](#configuration) section lists the parameters that can be configured during installation. 43 | 44 | ## Uninstalling the Chart 45 | 46 | To uninstall/delete the `appmesh-inject` deployment: 47 | 48 | ```console 49 | helm delete --purge appmesh-inject 50 | ``` 51 | 52 | The command removes all the Kubernetes components associated with the chart and deletes the release. 53 | 54 | ## Configuration 55 | 56 | The following tables lists the configurable parameters of the chart and their default values. 57 | 58 | Parameter | Description | Default 59 | --- | --- | --- 60 | `image.repository` | controller image repository | `602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-app-mesh-inject` 61 | `image.tag` | controller image tag | `` 62 | `image.pullPolicy` | image pull policy | `IfNotPresent` 63 | `resources.requests/cpu` | pod CPU request | `100m` 64 | `resources.requests/memory` | pod memory request | `64Mi` 65 | `resources.limits/cpu` | pod CPU limit | `2000m` 66 | `resources.limits/memory` | pod memory limit | `1Gi` 67 | `affinity` | node/pod affinities | None 68 | `nodeSelector` | node labels for pod assignment | `{}` 69 | `podAnnotations` | annotations to add to each pod | `{}` 70 | `tolerations` | list of node taints to tolerate | `[]` 71 | `rbac.create` | if `true`, create and use RBAC resources | `true` 72 | `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` 73 | `serviceAccount.create` | If `true`, create a new service account | `true` 74 | `serviceAccount.name` | Service account to be used | None 75 | `sidecar.image.repository` | Envoy image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy` 76 | `sidecar.image.tag` | Envoy image tag | `` 77 | `sidecar.logLevel` | Envoy log level | `info` 78 | `sidecar.resources` | Envoy container resources | `requests: cpu 10m memory 32Mi` 79 | `init.image.repository` | Route manager image repository | `840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager` 80 | `init.image.tag` | Route manager image tag | `` 81 | `mesh.create` | If `true`, create mesh custom resource | `false` 82 | `mesh.name` | The name of the mesh to use | `global` 83 | `mesh.discovery` | The service discovery type to use, can be dns or cloudmap | `dns` 84 | `mesh.egressFilter` | The egress filter used by Mesh, can be DROP_ALL or ALLOW_ALL | `DROP_ALL` 85 | `tracing.enabled` | If `true`, Envoy will be configured with tracing | `false` 86 | `tracing.provider` | The tracing provider can be x-ray, jaeger or datadog | `x-ray` 87 | `tracing.address` | Jaeger or Datadog agent server address (ignored for X-Ray) | `appmesh-jaeger.appmesh-system` 88 | `tracing.port` | Jaeger or Datadog agent port (ignored for X-Ray) | `9411` 89 | -------------------------------------------------------------------------------- /stable/appmesh-inject/ci/values.yaml: -------------------------------------------------------------------------------- 1 | # CI testing values for appmesh-inject. 2 | 3 | region: us-west-2 4 | image: 5 | repository: stefanprodan/aws-app-mesh-inject 6 | tag: v0.2.0 7 | pullPolicy: IfNotPresent 8 | 9 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh Inject installed! -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-inject.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-inject.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-inject.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-inject.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} 39 | helm.sh/chart: {{ include "appmesh-inject.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-inject.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-inject.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | 58 | {{/* 59 | Generate certificates for webhook 60 | */}} 61 | {{- define "appmesh-inject.gen-certs" -}} 62 | {{- $altNames := list ( printf "%s.%s" (include "appmesh-inject.fullname" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "appmesh-inject.fullname" .) .Release.Namespace ) -}} 63 | {{- $ca := genCA "appmesh-inject-ca" 3650 -}} 64 | {{- $cert := genSignedCert ( include "appmesh-inject.fullname" . ) nil $altNames 3650 $ca -}} 65 | caCert: {{ $ca.Cert | b64enc }} 66 | clientCert: {{ $cert.Cert | b64enc }} 67 | clientKey: {{ $cert.Key | b64enc }} 68 | {{- end -}} 69 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "appmesh-inject.serviceAccountName" . }} 6 | labels: 7 | {{ include "appmesh-inject.labels" . | indent 4 }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/mesh.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.mesh.create }} 2 | apiVersion: appmesh.k8s.aws/v1beta1 3 | kind: Mesh 4 | metadata: 5 | name: {{ .Values.mesh.name }} 6 | annotations: 7 | helm.sh/resource-policy: keep 8 | labels: 9 | {{ include "appmesh-inject.labels" . | indent 4 }} 10 | spec: 11 | serviceDiscoveryType: {{ .Values.mesh.discovery }} 12 | egressFilter: 13 | type: {{ .Values.mesh.egressFilter }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-inject.fullname" . }} 6 | labels: 7 | {{ include "appmesh-inject.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-inject.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-inject.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-inject.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-inject.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-inject.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-inject.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-inject.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "appmesh-inject.fullname" . }} 6 | labels: 7 | {{ include "appmesh-inject.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: ["*"] 10 | resources: ["replicasets"] 11 | verbs: ["get"] 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1beta1 14 | kind: ClusterRoleBinding 15 | metadata: 16 | name: {{ template "appmesh-inject.fullname" . }} 17 | labels: 18 | {{ include "appmesh-inject.labels" . | indent 4 }} 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: ClusterRole 22 | name: {{ template "appmesh-inject.fullname" . }} 23 | subjects: 24 | - name: {{ template "appmesh-inject.serviceAccountName" . }} 25 | namespace: {{ .Release.Namespace }} 26 | kind: ServiceAccount 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-inject.fullname" . }} 5 | labels: 6 | {{ include "appmesh-inject.labels" . | indent 4 }} 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: https 11 | port: 443 12 | targetPort: https 13 | selector: 14 | app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | -------------------------------------------------------------------------------- /stable/appmesh-inject/templates/webhook.yaml: -------------------------------------------------------------------------------- 1 | {{ $tls := fromYaml ( include "appmesh-inject.gen-certs" . ) }} 2 | --- 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: {{ template "appmesh-inject.fullname" . }} 7 | labels: 8 | {{ include "appmesh-inject.labels" . | indent 4 }} 9 | webhooks: 10 | - name: aws-app-mesh-inject.aws.amazon.com 11 | clientConfig: 12 | service: 13 | name: {{ include "appmesh-inject.name" . }} 14 | namespace: {{ .Release.Namespace }} 15 | path: "/" 16 | caBundle: {{ $tls.caCert }} 17 | rules: 18 | - operations: ["CREATE","UPDATE"] 19 | apiGroups: [""] 20 | apiVersions: ["v1"] 21 | resources: ["pods"] 22 | failurePolicy: Ignore 23 | namespaceSelector: 24 | matchLabels: 25 | appmesh.k8s.aws/sidecarInjectorWebhook: enabled 26 | --- 27 | apiVersion: v1 28 | kind: Secret 29 | metadata: 30 | name: {{ template "appmesh-inject.fullname" . }} 31 | labels: 32 | {{ include "appmesh-inject.labels" . | indent 4 }} 33 | type: Opaque 34 | data: 35 | cert.pem: {{ $tls.clientCert }} 36 | key.pem: {{ $tls.clientKey }} 37 | -------------------------------------------------------------------------------- /stable/appmesh-inject/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-inject. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | region: "" 7 | 8 | image: 9 | repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-app-mesh-inject 10 | tag: v0.5.0 11 | pullPolicy: IfNotPresent 12 | 13 | sidecar: 14 | image: 15 | repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy 16 | tag: v1.15.1.0-prod 17 | # sidecar.logLevel: Envoy log level can be info, warn, error or debug 18 | logLevel: info 19 | resources: 20 | # sidecar.resources.requests: Envoy CPU and memory requests 21 | requests: 22 | cpu: 10m 23 | memory: 32Mi 24 | init: 25 | image: 26 | repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-proxy-route-manager 27 | tag: v3-prod 28 | 29 | nameOverride: "" 30 | fullnameOverride: "" 31 | 32 | resources: 33 | limits: 34 | cpu: 500m 35 | memory: 512Mi 36 | requests: 37 | cpu: 100m 38 | memory: 64Mi 39 | 40 | nodeSelector: {} 41 | 42 | tolerations: [] 43 | 44 | affinity: {} 45 | 46 | podAnnotations: {} 47 | 48 | serviceAccount: 49 | # serviceAccount.create: Whether to create a service account or not 50 | create: true 51 | # serviceAccount.name: The name of the service account to create or use 52 | name: "" 53 | 54 | rbac: 55 | # rbac.create: `true` if rbac resources should be created 56 | create: true 57 | # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created 58 | pspEnabled: false 59 | 60 | mesh: 61 | # mesh.create: `true` if mesh resource should be created 62 | create: false 63 | # mesh.name: The name of the mesh to use 64 | name: "global" 65 | # mesh.discovery: The service discovery type to use, can be dns or cloudmap 66 | discovery: dns 67 | # mesh.egressFilter: The mesh Egress Filter, can be ALLOW_ALL or DROP_ALL 68 | egressFilter: DROP_ALL 69 | 70 | tracing: 71 | # tracing.enabled: `true` if Envoy should be configured tracing 72 | enabled: false 73 | # tracing.provider: can be x-ray, jaeger or datadog 74 | provider: x-ray 75 | # tracing.address: Jaeger or Datadog agent server address (ignored for X-Ray) 76 | address: appmesh-jaeger.appmesh-system 77 | # tracing.address: Jaeger or Datadog agent server port (ignored for X-Ray) 78 | port: 9411 79 | 80 | stats: 81 | # stats.tagsEnabled: `true` if Envoy should include app-mesh tags 82 | tagsEnabled: false 83 | # stats.statsdEnabled: `true` if Envoy should publish stats to statsd endpoint @ 127.0.0.1:8125 84 | statsdEnabled: false 85 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-jaeger 3 | description: App Mesh Jaeger Helm chart for Kubernetes 4 | version: 1.0.3 5 | appVersion: 1.29.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Nicholas Turner 12 | url: https://github.com/nckturner 13 | email: nckturner@users.noreply.github.com 14 | - name: Stefan Prodan 15 | url: https://github.com/stefanprodan 16 | email: stefanprodan@users.noreply.github.com 17 | keywords: 18 | - eks 19 | - appmesh 20 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/README.md: -------------------------------------------------------------------------------- 1 | # App Mesh Jaeger 2 | 3 | App Mesh Jaeger Helm chart for Kubernetes 4 | 5 | ## Prerequisites 6 | 7 | * Kubernetes >= 1.13 8 | 9 | ## Installing the Chart 10 | 11 | Add the EKS repository to Helm: 12 | 13 | ```sh 14 | helm repo add eks https://aws.github.io/eks-charts 15 | ``` 16 | 17 | Install App Mesh Jaeger: 18 | 19 | ```sh 20 | helm upgrade -i appmesh-jaeger eks/appmesh-jaeger \ 21 | --namespace appmesh-system 22 | ``` 23 | 24 | For Jaeger persistent storage you can create a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) 25 | and use `--set persistentVolumeClaim.claimName=`. 26 | 27 | Enable Jaeger tracing for the App Mesh data plane: 28 | 29 | ```sh 30 | helm upgrade -i appmesh-controller eks/appmesh-controller \ 31 | --namespace appmesh-system \ 32 | --set tracing.enabled=true \ 33 | --set tracing.provider=jaeger \ 34 | --set tracing.address=appmesh-jaeger.appmesh-system \ 35 | --set tracing.port=9411 36 | ``` 37 | 38 | **Note** that you should restart all pods running inside the mesh after enabling tracing. 39 | 40 | The [configuration](#configuration) section lists the parameters that can be configured during installation. 41 | 42 | ## Uninstalling the Chart 43 | 44 | To uninstall/delete the `appmesh-jaeger` deployment: 45 | 46 | ```console 47 | helm delete appmesh-jaeger -n appmesh-system 48 | ``` 49 | 50 | The command removes all the Kubernetes components associated with the chart and deletes the release. 51 | 52 | ## Configuration 53 | 54 | The following tables lists the configurable parameters of the chart and their default values. 55 | 56 | Parameter | Description | Default 57 | --- | --- | --- 58 | `image.repository` | image repository | `jaegertracing/all-in-one` 59 | `image.tag` | image tag | `` 60 | `image.pullPolicy` | image pull policy | `IfNotPresent` 61 | `resources.requests/cpu` | pod CPU request | `100m` 62 | `resources.requests/memory` | pod memory request | `256Mi` 63 | `resources.limits/cpu` | pod CPU limit | `2000m` 64 | `resources.limits/memory` | pod memory limit | `2Gi` 65 | `probes.liveness.initialDelaySeconds` | seconds to delay liveness probing | `0` 66 | `probes.liveness.periodSeconds` | interval between liveness probing | `10` 67 | `probes.liveness.timeoutSeconds` | timeout for liveness probe | `1` 68 | `probes.liveness.successThreshold` | minimum consecutive successes for probe to be considered successful | `1` 69 | `probes.liveness.failureThreshold` | minimum consecutive fails for probe to be considered failed | `3` 70 | `probes.readiness.initialDelaySeconds` | seconds to delay readiness probing | `0` 71 | `probes.readiness.periodSeconds` | interval between readiness probing | `10` 72 | `probes.readiness.timeoutSeconds` | timeout for readiness probe | `1` 73 | `probes.readiness.successThreshold` | minimum consecutive successes for probe to be considered successful | `1` 74 | `probes.readiness.failureThreshold` | minimum consecutive fails for probe to be considered failed | `3` 75 | `affinity` | node/pod affinities | None 76 | `nodeSelector` | node labels for pod assignment | `{}` 77 | `tolerations` | list of node taints to tolerate | `[]` 78 | `rbac.create` | if `true`, create and use RBAC resources | `true` 79 | `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` 80 | `serviceAccount.create` | If `true`, create a new service account | `true` 81 | `serviceAccount.name` | Service account to be used | None 82 | `memory.maxTraces` | The amount of traces stored in memory | `40000` 83 | `persistentVolumeClaim.claimName` | Specify an existing volume claim to be used for Badger data | None 84 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh Jaeger installed! 2 | Jaeger UI port: 16686 3 | Jaeger Zipkin port: 9411 -------------------------------------------------------------------------------- /stable/appmesh-jaeger/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-jaeger.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-jaeger.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-jaeger.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-jaeger.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} 39 | helm.sh/chart: {{ include "appmesh-jaeger.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-jaeger.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-jaeger.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "appmesh-jaeger.serviceAccountName" . }} 6 | labels: 7 | {{ include "appmesh-jaeger.labels" . | indent 4 }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-jaeger.fullname" . }} 6 | labels: 7 | {{ include "appmesh-jaeger.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-jaeger.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-jaeger.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-jaeger.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-jaeger.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-jaeger.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-jaeger.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-jaeger.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-jaeger.fullname" . }} 5 | labels: 6 | {{ include "appmesh-jaeger.labels" . | indent 4 }} 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 9411 11 | targetPort: 9411 12 | protocol: TCP 13 | name: http-zipkin 14 | - port: 16686 15 | targetPort: 16686 16 | protocol: TCP 17 | name: http-ui 18 | selector: 19 | app.kubernetes.io/name: {{ include "appmesh-jaeger.name" . }} 20 | app.kubernetes.io/instance: {{ .Release.Name }} 21 | -------------------------------------------------------------------------------- /stable/appmesh-jaeger/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-jaeger. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: jaegertracing/all-in-one 9 | tag: 1.29 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | resources: 16 | limits: 17 | cpu: 2000m 18 | memory: 2Gi 19 | requests: 20 | cpu: 100m 21 | memory: 256Mi 22 | 23 | ## Jaeger server readiness and liveness probe initial delay and timeout 24 | ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ 25 | ## 26 | probes: 27 | liveness: 28 | initialDelaySeconds: 0 29 | periodSeconds: 10 30 | timeoutSeconds: 1 31 | successThreshold: 1 32 | failureThreshold: 3 33 | readiness: 34 | initialDelaySeconds: 0 35 | periodSeconds: 10 36 | timeoutSeconds: 1 37 | successThreshold: 1 38 | failureThreshold: 3 39 | 40 | nodeSelector: {} 41 | 42 | tolerations: [] 43 | 44 | affinity: {} 45 | 46 | serviceAccount: 47 | # serviceAccount.create: Whether to create a service account or not 48 | create: true 49 | # serviceAccount.name: The name of the service account to create or use 50 | name: "" 51 | 52 | rbac: 53 | # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created 54 | pspEnabled: false 55 | 56 | memory: 57 | # memory.maxTraces: The amount of traces stored in memory 58 | maxTraces: 40000 59 | 60 | persistentVolumeClaim: 61 | # persistentVolumeClaim.claimName: Specify an existing volume claim to be used for Badger data 62 | claimName: "" 63 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-prometheus 3 | description: App Mesh Prometheus Helm chart for Kubernetes 4 | version: 1.0.3 5 | appVersion: 2.13.1 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Nicholas Turner 12 | url: https://github.com/nckturner 13 | email: nckturner@users.noreply.github.com 14 | - name: Stefan Prodan 15 | url: https://github.com/stefanprodan 16 | email: stefanprodan@users.noreply.github.com 17 | keywords: 18 | - eks 19 | - appmesh 20 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS App Mesh Prometheus installed! -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-prometheus.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-prometheus.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-prometheus.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-prometheus.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} 39 | helm.sh/chart: {{ include "appmesh-prometheus.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-prometheus.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-prometheus.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "appmesh-prometheus.serviceAccountName" . }} 6 | labels: 7 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "appmesh-prometheus.fullname" . }} 5 | labels: 6 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | strategy: 10 | type: Recreate 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} 14 | app.kubernetes.io/instance: {{ .Release.Name }} 15 | template: 16 | metadata: 17 | labels: 18 | app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | app.kubernetes.io/part-of: appmesh 21 | annotations: 22 | checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum | quote }} 23 | spec: 24 | serviceAccountName: {{ include "appmesh-prometheus.serviceAccountName" . }} 25 | volumes: 26 | - name: config-volume 27 | configMap: 28 | name: {{ template "appmesh-prometheus.fullname" . }} 29 | - name: data-volume 30 | {{- if .Values.persistentVolumeClaim.claimName }} 31 | persistentVolumeClaim: 32 | claimName: {{ .Values.persistentVolumeClaim.claimName }} 33 | {{- else }} 34 | emptyDir: {} 35 | {{- end }} 36 | initContainers: 37 | - name: chown 38 | image: alpine:latest 39 | command: ["/bin/sh", "-c"] 40 | args: 41 | - chown 65534:65534 /mount; 42 | volumeMounts: 43 | - name: data-volume 44 | mountPath: /mount 45 | containers: 46 | - name: {{ .Chart.Name }} 47 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 48 | imagePullPolicy: {{ .Values.image.pullPolicy }} 49 | args: 50 | - "--storage.tsdb.retention={{ .Values.retention }}" 51 | - "--config.file=/etc/prometheus/prometheus.yml" 52 | ports: 53 | - name: http 54 | containerPort: 9090 55 | protocol: TCP 56 | livenessProbe: 57 | httpGet: 58 | path: /-/healthy 59 | port: http 60 | readinessProbe: 61 | httpGet: 62 | path: /-/ready 63 | port: http 64 | securityContext: 65 | runAsUser: 65534 66 | runAsGroup: 65534 67 | runAsNonRoot: true 68 | volumeMounts: 69 | - name: config-volume 70 | mountPath: /etc/prometheus 71 | - name: data-volume 72 | mountPath: /prometheus/data 73 | resources: 74 | {{ toYaml .Values.resources | indent 12 }} 75 | {{- with .Values.nodeSelector }} 76 | nodeSelector: 77 | {{ toYaml . | indent 8 }} 78 | {{- end }} 79 | {{- with .Values.affinity }} 80 | affinity: 81 | {{ toYaml . | indent 8 }} 82 | {{- end }} 83 | {{- with .Values.tolerations }} 84 | tolerations: 85 | {{ toYaml . | indent 8 }} 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "appmesh-prometheus.fullname" . }} 6 | labels: 7 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: false 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --- 30 | kind: ClusterRole 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | metadata: 33 | name: {{ template "appmesh-prometheus.fullname" . }}-psp 34 | labels: 35 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ['policy'] 38 | resources: ['podsecuritypolicies'] 39 | verbs: ['use'] 40 | resourceNames: 41 | - {{ template "appmesh-prometheus.fullname" . }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: RoleBinding 45 | metadata: 46 | name: {{ template "appmesh-prometheus.fullname" . }}-psp 47 | labels: 48 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: ClusterRole 52 | name: {{ template "appmesh-prometheus.fullname" . }}-psp 53 | subjects: 54 | - kind: ServiceAccount 55 | name: {{ template "appmesh-prometheus.serviceAccountName" . }} 56 | namespace: {{ .Release.Namespace }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "appmesh-prometheus.fullname" . }} 6 | labels: 7 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: 11 | - nodes 12 | - services 13 | - endpoints 14 | - pods 15 | - nodes/proxy 16 | verbs: ["get", "list", "watch"] 17 | - apiGroups: [""] 18 | resources: 19 | - configmaps 20 | verbs: ["get"] 21 | - nonResourceURLs: ["/metrics"] 22 | verbs: ["get"] 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | name: {{ template "appmesh-prometheus.fullname" . }} 28 | labels: 29 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 30 | roleRef: 31 | apiGroup: rbac.authorization.k8s.io 32 | kind: ClusterRole 33 | name: {{ template "appmesh-prometheus.fullname" . }} 34 | subjects: 35 | - name: {{ template "appmesh-prometheus.serviceAccountName" . }} 36 | namespace: {{ .Release.Namespace }} 37 | kind: ServiceAccount 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-prometheus.fullname" . }} 5 | labels: 6 | {{ include "appmesh-prometheus.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "appmesh-prometheus.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /stable/appmesh-prometheus/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-prometheus. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | retention: 6h 6 | scrapeInterval: 5s 7 | 8 | replicaCount: 1 9 | 10 | image: 11 | repository: prom/prometheus 12 | tag: v2.13.1 13 | pullPolicy: IfNotPresent 14 | 15 | nameOverride: "" 16 | fullnameOverride: "" 17 | 18 | service: 19 | type: ClusterIP 20 | port: 9090 21 | 22 | resources: 23 | limits: 24 | cpu: 2000m 25 | memory: 2Gi 26 | requests: 27 | cpu: 100m 28 | memory: 256Mi 29 | 30 | nodeSelector: {} 31 | 32 | tolerations: [] 33 | 34 | affinity: {} 35 | 36 | serviceAccount: 37 | # serviceAccount.create: Whether to create a service account or not 38 | create: true 39 | # serviceAccount.name: The name of the service account to create or use 40 | name: "" 41 | 42 | rbac: 43 | # rbac.create: `true` if rbac resources should be created 44 | create: true 45 | # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created 46 | pspEnabled: false 47 | 48 | persistentVolumeClaim: 49 | # persistentVolumeClaim.claimName: Specify an existing volume claim to be used for Prometheus data 50 | claimName: "" 51 | 52 | remote_write: 53 | enabled: false 54 | endpoint: "" 55 | bearer_token: "" -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-spire-agent 3 | description: SPIRE Agent Helm chart for AppMesh mTLS support on Kubernetes 4 | version: 1.0.7 5 | appVersion: 1.5.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Apurup Chevuru 12 | url: https://github.com/achevuru 13 | keywords: 14 | - eks 15 | - appmesh 16 | - spire 17 | 18 | -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/README.md: -------------------------------------------------------------------------------- 1 | # Sample App Mesh SPIRE Agent 2 | 3 | Sample App Mesh SPIRE Agent Helm chart for Kubernetes 4 | 5 | ## Installing the Chart 6 | 7 | Add the EKS repository to Helm: 8 | 9 | ```sh 10 | helm repo add eks https://aws.github.io/eks-charts 11 | ``` 12 | 13 | Install App Mesh SPIRE Agent: 14 | 15 | ```sh 16 | helm upgrade -i appmesh-spire-agent eks/appmesh-spire-agent \ 17 | --namespace spire 18 | ``` 19 | 20 | The [configuration](#configuration) section lists the parameters that can be configured during installation. 21 | 22 | ## Uninstalling the Chart 23 | 24 | To uninstall/delete the `appmesh-spire-agent` deployment: 25 | 26 | ```console 27 | helm delete appmesh-spire-agent --namespace spire 28 | ``` 29 | 30 | The command removes all the Kubernetes components associated with the chart and deletes the release. 31 | 32 | ## Configuration 33 | 34 | The following tables lists the configurable parameters of the chart and their default values. 35 | 36 | Parameter | Description | Default 37 | --- | --- | --- 38 | `config.trustDomain` | SPIRE Trust Domain | `appmesh.aws` 39 | `config.logLevel` | Log Level | `DEBUG` 40 | `config.serverAddress` | SPIRE Server Address | `spire-server` 41 | `config.serverPort` | SPIRE Server Bind Port | `8081` 42 | `serviceAccount.create` | If `true`, create a new service account | `true` 43 | `serviceAccount.name` | Service account to be used | `spire-agent` 44 | `image.tag` | SPIRE Server image version | `1.5.0` 45 | 46 | If you want to upgrade existing SPIRE to a later version without down time, be aware that the difference between SPIRE Agent and SPIRE Server CANNOT BE GREATER than 1 minor version. Also you have to upgrade 1 minor version at a time. Check this [documentation](https://github.com/spiffe/spire/blob/main/doc/upgrading.md) for more info. -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | SPIRE Agent installed! -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-spire-agent.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-spire-agent.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-spire-agent.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-spire-agent.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} 39 | helm.sh/chart: {{ include "appmesh-spire-agent.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-spire-agent.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-spire-agent.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "appmesh-spire-agent.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "appmesh-spire-agent.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end -}} -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ template "appmesh-spire-agent.fullname" . }} 5 | labels: 6 | {{ include "appmesh-spire-agent.labels" . | indent 4 }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: {{ include "appmesh-spire-agent.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | app.kubernetes.io/part-of: appmesh 18 | spec: 19 | hostPID: true 20 | hostNetwork: true 21 | dnsPolicy: ClusterFirstWithHostNet 22 | serviceAccountName: {{ include "appmesh-spire-agent.serviceAccountName" . }} 23 | initContainers: 24 | - name: init 25 | image: "{{ .Values.initContainers.image }}" 26 | args: 27 | - -t 28 | - "30" 29 | - spire-server:8081 30 | volumes: 31 | - name: spire-config 32 | configMap: 33 | name: {{ template "appmesh-spire-agent.fullname" . }} 34 | - name: spire-bundle 35 | configMap: 36 | name: spire-bundle 37 | - name: spire-agent-socket 38 | hostPath: 39 | path: /run/spire/sockets 40 | type: DirectoryOrCreate 41 | containers: 42 | - name: {{ .Chart.Name }} 43 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 44 | imagePullPolicy: {{ .Values.image.pullPolicy }} 45 | args: 46 | - -config 47 | - /run/spire/config/agent.conf 48 | livenessProbe: 49 | exec: 50 | command: 51 | - /opt/spire/bin/spire-agent 52 | - healthcheck 53 | - -socketPath 54 | - /run/spire/sockets/agent.sock 55 | failureThreshold: 2 56 | initialDelaySeconds: 15 57 | periodSeconds: 60 58 | timeoutSeconds: 3 59 | volumeMounts: 60 | - name: spire-config 61 | mountPath: /run/spire/config 62 | readOnly: true 63 | - name: spire-bundle 64 | mountPath: /run/spire/bundle 65 | readOnly: true 66 | - name: spire-agent-socket 67 | mountPath: /run/spire/sockets 68 | readOnly: false 69 | -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "appmesh-spire-agent.fullname" . }}-role 6 | labels: 7 | {{ include "appmesh-spire-agent.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: ["pods","nodes","nodes/proxy"] 11 | verbs: ["get"] 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: ClusterRoleBinding 15 | metadata: 16 | name: {{ template "appmesh-spire-agent.fullname" . }}-rolebinding 17 | labels: 18 | {{ include "appmesh-spire-agent.labels" . | indent 4 }} 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: ClusterRole 22 | name: {{ template "appmesh-spire-agent.fullname" . }}-role 23 | subjects: 24 | - name: {{ template "appmesh-spire-agent.serviceAccountName" . }} 25 | namespace: {{ .Release.Namespace }} 26 | kind: ServiceAccount 27 | {{- end }} -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/templates/spire-agent-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-spire-agent.fullname" . }} 5 | labels: 6 | {{ include "appmesh-spire-agent.labels" . | indent 4 }} 7 | data: 8 | agent.conf: | 9 | agent { 10 | data_dir = "/run/spire" 11 | log_level = "{{ .Values.config.logLevel }}" 12 | server_address = "{{ .Values.config.serverAddress }}" 13 | server_port = "{{ .Values.config.serverPort }}" 14 | socket_path = "{{ .Values.config.socketPath }}" 15 | trust_bundle_path = "/run/spire/bundle/bundle.crt" 16 | trust_domain = "{{ .Values.config.trustDomain }}" 17 | } 18 | 19 | plugins { 20 | NodeAttestor "k8s_sat" { 21 | plugin_data { 22 | cluster = "k8s-cluster" 23 | } 24 | } 25 | 26 | KeyManager "memory" { 27 | plugin_data { 28 | } 29 | } 30 | 31 | WorkloadAttestor "k8s" { 32 | plugin_data { 33 | skip_kubelet_verification = true 34 | } 35 | } 36 | 37 | WorkloadAttestor "unix" { 38 | plugin_data { 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /stable/appmesh-spire-agent/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-spire-agent. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | image: 6 | repository: gcr.io/spiffe-io/spire-agent 7 | tag: 1.5.0 8 | pullPolicy: IfNotPresent 9 | 10 | nameOverride: "" 11 | fullnameOverride: "spire-agent" 12 | 13 | resources: 14 | #SPIRE Agent memory limits 15 | limits: 16 | memory: 512Mi 17 | #SPIRE Agent CPU and memory requests 18 | requests: 19 | cpu: 10m 20 | memory: 1Gi 21 | 22 | nodeSelector: {} 23 | 24 | tolerations: [] 25 | 26 | affinity: {} 27 | 28 | #SPIRE Agent Init Container parameters 29 | initContainers: 30 | image: gcr.io/spiffe-io/wait-for-it 31 | pullPolicy: IfNotPresent 32 | 33 | serviceAccount: 34 | # serviceAccount.create: Whether to create a service account or not 35 | create: true 36 | # serviceAccount.name: The name of the service account to create or use 37 | name: "spire-agent" 38 | 39 | rbac: 40 | # rbac.create: `true` if rbac resources should be created 41 | create: true 42 | 43 | config: 44 | # SPIRE Trust Domain 45 | trustDomain: appmesh.aws 46 | ## SPIRE Agent Log Level 47 | logLevel: DEBUG 48 | # SPIRE Server Bind Address 49 | serverAddress: spire-server 50 | #SPIRE Server Bind Port 51 | serverPort: 8081 52 | #SPIRE Agent Socket Path 53 | socketPath: /run/spire/sockets/agent.sock 54 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: appmesh-spire-server 3 | description: SPIRE Server Helm chart for AppMesh mTLS support on Kubernetes 4 | version: 1.0.7 5 | appVersion: 1.5.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Apurup Chevuru 12 | url: https://github.com/achevuru 13 | keywords: 14 | - eks 15 | - appmesh 16 | - spire 17 | 18 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/README.md: -------------------------------------------------------------------------------- 1 | # Sample App Mesh SPIRE Server 2 | 3 | Sample App Mesh SPIRE Server Helm chart for Kubernetes 4 | 5 | ## Installing the Chart 6 | 7 | Add the EKS repository to Helm: 8 | 9 | ```sh 10 | helm repo add eks https://aws.github.io/eks-charts 11 | ``` 12 | 13 | Install App Mesh SPIRE Server: 14 | 15 | ```sh 16 | helm upgrade -i appmesh-spire-server eks/appmesh-spire-server \ 17 | --namespace spire 18 | ``` 19 | 20 | The [configuration](#configuration) section lists the parameters that can be configured during installation. 21 | 22 | ## Uninstalling the Chart 23 | 24 | To uninstall/delete the `appmesh-spire-server` deployment: 25 | 26 | ```console 27 | helm delete appmesh-spire-server --namespace spire 28 | ``` 29 | 30 | The command removes all the Kubernetes components associated with the chart and deletes the release. 31 | 32 | ## Configuration 33 | 34 | The following tables lists the configurable parameters of the chart and their default values. 35 | 36 | Parameter | Description | Default 37 | --- | --- | --- 38 | `config.trustDomain` | SPIRE Trust Domain | `appmesh.aws` 39 | `config.logLevel` | Log Level | `DEBUG` 40 | `config.svidTTL` | SVID TTL value | `1h` 41 | `config.bindAddress` | SPIRE Server Bind Address | `0.0.0.0` 42 | `config.bindPort` | SPIRE Server Bind Port | `8081` 43 | `serviceAccount.create` | If `true`, create a new service account | `true` 44 | `serviceAccount.name` | Service account to be used | `spire-server` 45 | `config.plugin`| SPIRE Plugin(s) | `null` 46 | `image.tag` | SPIRE Server image version | `1.5.0` 47 | 48 | 49 | To add plugins to the SPIRE server according to the [documentation](https://spiffe.io/docs/latest/planning/extending/), use the following convention 50 | ``` yaml 51 | config: 52 | plugin: | 53 | NodeAttestor "tpm" { 54 | plugin_cmd = "/path/to/plugin_cmd" 55 | plugin_checksum = "sha256 of the plugin binary" 56 | plugin_data { 57 | ca_path = "/opt/spire/.data/certs" 58 | } 59 | } 60 | ``` 61 | 62 | If you want to upgrade existing SPIRE to a later version without down time, be aware that the difference between SPIRE Agent and SPIRE Server CANNOT BE GREATER than 1 minor version. Also you have to upgrade 1 minor version at a time. Check this [documentation](https://github.com/spiffe/spire/blob/main/doc/upgrading.md) for more info. 63 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | SPIRE Server installed! -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "appmesh-spire-server.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "appmesh-spire-server.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "appmesh-spire-server.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "appmesh-spire-server.labels" -}} 38 | app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} 39 | helm.sh/chart: {{ include "appmesh-spire-server.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "appmesh-spire-server.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "appmesh-spire-server.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "appmesh-spire-server.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "appmesh-spire-server.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end -}} 14 | 15 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: {{ template "appmesh-spire-server.fullname" . }} 5 | labels: 6 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | serviceName: spire-server 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | app.kubernetes.io/part-of: appmesh 20 | spec: 21 | serviceAccountName: {{ include "appmesh-spire-server.serviceAccountName" . }} 22 | volumes: 23 | - name: spire-config 24 | configMap: 25 | name: {{ template "appmesh-spire-server.fullname" . }} 26 | containers: 27 | - name: spire-server 28 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 29 | imagePullPolicy: {{ .Values.image.pullPolicy }} 30 | args: 31 | - -config 32 | - /run/spire/config/server.conf 33 | ports: 34 | - containerPort: 8081 35 | livenessProbe: 36 | exec: 37 | command: 38 | - /opt/spire/bin/spire-server 39 | - healthcheck 40 | failureThreshold: 2 41 | initialDelaySeconds: 15 42 | periodSeconds: 60 43 | timeoutSeconds: 3 44 | volumeMounts: 45 | - name: spire-config 46 | mountPath: /run/spire/config 47 | readOnly: true 48 | - name: spire-data 49 | mountPath: /run/spire/data 50 | readOnly: false 51 | volumeClaimTemplates: 52 | - metadata: 53 | name: spire-data 54 | namespace: spire 55 | spec: 56 | accessModes: 57 | - ReadWriteOnce 58 | resources: 59 | requests: 60 | storage: 1Gi 61 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "appmesh-spire-server.fullname" . }}-configmap-role 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 9 | rules: 10 | - apiGroups: [""] 11 | resources: ["configmaps"] 12 | verbs: ["patch", "get", "list"] 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: {{ template "appmesh-spire-server.fullname" . }}-configmap-rolebinding 18 | namespace: {{ .Release.Namespace }} 19 | labels: 20 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 21 | subjects: 22 | - kind: ServiceAccount 23 | name: {{ template "appmesh-spire-server.serviceAccountName" . }} 24 | namespace: {{ .Release.Namespace }} 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: Role 28 | name: {{ template "appmesh-spire-server.fullname" . }}-configmap-role 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: ClusterRole 32 | metadata: 33 | name: {{ template "appmesh-spire-server.fullname" . }}-role 34 | labels: 35 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 36 | rules: 37 | - apiGroups: ["authentication.k8s.io"] 38 | resources: ["tokenreviews"] 39 | verbs: ["create"] 40 | --- 41 | apiVersion: rbac.authorization.k8s.io/v1 42 | kind: ClusterRoleBinding 43 | metadata: 44 | name: {{ template "appmesh-spire-server.fullname" . }}-rolebinding 45 | labels: 46 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 47 | roleRef: 48 | apiGroup: rbac.authorization.k8s.io 49 | kind: ClusterRole 50 | name: {{ template "appmesh-spire-server.fullname" . }}-role 51 | subjects: 52 | - name: {{ template "appmesh-spire-server.serviceAccountName" . }} 53 | namespace: {{ .Release.Namespace }} 54 | kind: ServiceAccount 55 | {{- end }} 56 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "appmesh-spire-server.fullname" . }} 5 | spec: 6 | type: {{ .Values.service.type }} 7 | ports: 8 | - port: {{ .Values.service.port }} 9 | targetPort: {{ .Values.service.port }} 10 | protocol: TCP 11 | name: grpc 12 | selector: 13 | app.kubernetes.io/name: {{ include "appmesh-spire-server.name" . }} -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/spire-bundle-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: spire-bundle 5 | namespace: spire -------------------------------------------------------------------------------- /stable/appmesh-spire-server/templates/spire-server-cfg.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "appmesh-spire-server.fullname" . }} 5 | labels: 6 | {{ include "appmesh-spire-server.labels" . | indent 4 }} 7 | data: 8 | server.conf: | 9 | server { 10 | bind_address = "{{ .Values.config.bindAddress }}" 11 | bind_port = "{{ .Values.config.bindPort }}" 12 | socket_path = "/tmp/spire-server/private/api.sock" 13 | trust_domain = "{{ .Values.config.trustDomain }}" 14 | data_dir = "/run/spire/data" 15 | log_level = "{{ .Values.config.logLevel }}" 16 | ca_key_type = "rsa-2048" 17 | 18 | default_svid_ttl = "{{ .Values.config.svidTTL }}" 19 | ca_subject = { 20 | country = ["US"], 21 | organization = ["SPIFFE"], 22 | common_name = "", 23 | } 24 | } 25 | 26 | plugins { 27 | DataStore "sql" { 28 | plugin_data { 29 | database_type = "sqlite3" 30 | connection_string = "/run/spire/data/datastore.sqlite3" 31 | } 32 | } 33 | 34 | NodeAttestor "k8s_sat" { 35 | plugin_data { 36 | clusters = { 37 | "k8s-cluster" = { 38 | use_token_review_api_validation = true 39 | service_account_allow_list = ["spire:spire-agent"] 40 | } 41 | } 42 | } 43 | } 44 | 45 | KeyManager "disk" { 46 | plugin_data { 47 | keys_path = "/run/spire/data/keys.json" 48 | } 49 | } 50 | 51 | Notifier "k8sbundle" { 52 | plugin_data { 53 | } 54 | } 55 | 56 | {{ if .Values.config.plugin }} 57 | {{- .Values.config.plugin | nindent 6 -}} 58 | {{ end }} 59 | } 60 | -------------------------------------------------------------------------------- /stable/appmesh-spire-server/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for appmesh-spire-server. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: gcr.io/spiffe-io/spire-server 9 | tag: 1.5.0 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "" 13 | fullnameOverride: "spire-server" 14 | 15 | #SPIRE server service parameters 16 | service: 17 | type: NodePort 18 | port: 8081 19 | 20 | resources: 21 | #SPIRE Server memory limits 22 | limits: 23 | memory: 512Mi 24 | #SPIRE Server CPU and memory requests 25 | requests: 26 | cpu: 10m 27 | memory: 1Gi 28 | 29 | nodeSelector: {} 30 | 31 | tolerations: [] 32 | 33 | affinity: {} 34 | 35 | serviceAccount: 36 | # serviceAccount.create: Whether to create a service account or not 37 | create: true 38 | # serviceAccount.name: The name of the service account to create or use 39 | name: "spire-server" 40 | 41 | rbac: 42 | # rbac.create: `true` if rbac resources should be created 43 | create: true 44 | 45 | config: 46 | # SPIRE Trust Domain 47 | trustDomain: appmesh.aws 48 | ## SPIRE Server Log Level 49 | logLevel: DEBUG 50 | # SVID TTL value 51 | svidTTL: 1h 52 | # SPIRE Server Bind Address 53 | bindAddress: 0.0.0.0 54 | # SPIRE Server Bind Port 55 | bindPort: 8081 56 | # SPIRE Plugins 57 | plugin: "" 58 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-cloudwatch-metrics 3 | description: A Helm chart to deploy aws-cloudwatch-metrics project 4 | version: 0.0.11 5 | appVersion: "1.300032.2b361" 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | keywords: 11 | - eks 12 | - cloudwatch 13 | - cloudwatch-metrics 14 | - containerinsights 15 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/README.md: -------------------------------------------------------------------------------- 1 | # aws-cloudwatch-metrics 2 | 3 | A helm chart for CloudWatch Agent to Collect Cluster Metrics 4 | 5 | ## Installing the Chart 6 | 7 | Add the EKS repository to Helm: 8 | 9 | ```sh 10 | helm repo add eks https://aws.github.io/eks-charts 11 | ``` 12 | 13 | Install or upgrading aws-cloudwatch-metrics chart with default configuration: 14 | 15 | ```sh 16 | helm upgrade --install aws-cloudwatch-metrics \ 17 | --namespace amazon-cloudwatch eks/aws-cloudwatch-metrics \ 18 | --set clusterName=my-eks-cluster 19 | ``` 20 | 21 | ## Configuration 22 | 23 | | Parameter | Description | Default | Required | 24 | | - | - | - | - 25 | | `image.repository` | Image to deploy | `amazon/cloudwatch-agent` | ✔ 26 | | `image.tag` | Image tag to deploy | `1.247345.36b249270` 27 | | `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | ✔ 28 | | `clusterName` | Name of your cluster | `cluster_name` | ✔ 29 | | `enhancedContainerInsights` | EKS cluster with enhanced monitoring | `true` | 30 | | `serviceAccount.create` | Whether a new service account should be created | `true` | 31 | | `serviceAccount.name` | Service account to be used | | 32 | | `hostNetwork` | Allow to use the network namespace and network resources of the node | `false` | 33 | | `nodeSelector` | Node labels for pod assignment | {} | 34 | | `tolerations` | Optional deployment tolerations | {} | 35 | | `annotations` | Optional pod annotations | {} | 36 | | `containerdSockPath` | Path to containerd' socket | /run/containerd/containerd.sock | 37 | | `priorityClassName` | Optional priorityClassName | | 38 | | `statsd.enabled` | Whether the cloudwatch agent should listen for statsd metrics | `false` | 39 | | `statsd.port` | The port listening for statsd metrics | `8125` | 40 | | `statsd.protocol` | The protocol used for statsd metrics | `UDP` | 41 | | `statsd.cloudwatch_namespace` | Optional custom Cloudwatch namespace for statsd metrics | | 42 | | `statsd.metrics_aggregation_interval` | Optional cutom metrics aggregation interval for statsd metrics | | 43 | | `statsd.metrics_collection_interval` | Optional custom metrics collection interval for statsd metrics | | 44 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ .Release.Name }} has been installed or updated. To check the status of pods, run: 2 | 3 | kubectl get pods -l app.kubernetes.io/name: {{ include "aws-cloudwatch-metrics.name" . }} 4 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "aws-cloudwatch-metrics.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "aws-cloudwatch-metrics.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "aws-cloudwatch-metrics.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "aws-cloudwatch-metrics.labels" -}} 38 | helm.sh/chart: {{ include "aws-cloudwatch-metrics.chart" . }} 39 | {{ include "aws-cloudwatch-metrics.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "aws-cloudwatch-metrics.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "aws-cloudwatch-metrics.name" . }} 51 | {{- end -}} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "aws-cloudwatch-metrics.serviceAccountName" -}} 57 | {{ default (include "aws-cloudwatch-metrics.fullname" .) .Values.serviceAccount.name }} 58 | {{- end -}} 59 | 60 | {{/* 61 | Create a config section for StatsD ports. 62 | */}} 63 | {{- define "aws-cloudwatch-metrics.statsdConfig" -}} 64 | {{- if .Values.statsd.enabled -}} 65 | ports: 66 | - containerPort: {{ .Values.statsd.port }} 67 | hostPort: {{ .Values.statsd.port }} 68 | protocol: {{ .Values.statsd.protocol }} 69 | {{ end -}} 70 | {{- end -}} 71 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 5 | rules: 6 | - apiGroups: [""] 7 | resources: ["pods", "nodes", "endpoints"] 8 | verbs: ["list", "watch"] 9 | - apiGroups: ["apps"] 10 | resources: ["replicasets", "daemonsets", "deployments", "statefulsets"] 11 | verbs: ["list", "watch"] 12 | - apiGroups: ["batch"] 13 | resources: ["jobs"] 14 | verbs: ["list", "watch"] 15 | - apiGroups: [""] 16 | resources: ["nodes/proxy"] 17 | verbs: ["get"] 18 | - apiGroups: [""] 19 | resources: ["nodes/stats", "configmaps", "events"] 20 | verbs: ["create"] 21 | - apiGroups: [""] 22 | resources: ["configmaps"] 23 | resourceNames: ["cwagent-clusterleader"] 24 | verbs: ["get","update"] 25 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ include "aws-cloudwatch-metrics.serviceAccountName" . }} 12 | namespace: {{ .Release.Namespace }} 13 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 5 | labels: 6 | {{- include "aws-cloudwatch-metrics.labels" . | nindent 4 }} 7 | data: 8 | cwagentconfig.json: | 9 | { 10 | "logs": { 11 | "metrics_collected": { 12 | "kubernetes": { 13 | "cluster_name": "{{ .Values.clusterName }}", 14 | "enhanced_container_insights": {{ .Values.enhancedContainerInsights.enabled }}, 15 | "metrics_collection_interval": 60 16 | } 17 | }, 18 | "force_flush_interval": 5 19 | {{- if .Values.statsd.enabled }} 20 | }, 21 | "metrics": { 22 | {{- if .Values.statsd.cloudwatch_namespace }} 23 | "namespace": "{{- .Values.statsd.cloudwatch_namespace -}}", 24 | {{- end }} 25 | "metrics_collected": { 26 | "statsd": { 27 | {{- if .Values.statsd.metrics_aggregation_interval }} 28 | "metrics_aggregation_interval": {{ .Values.statsd.metrics_aggregation_interval }}, 29 | {{- end }} 30 | {{- if .Values.statsd.metrics_collection_interval }} 31 | "metrics_collection_interval": {{ .Values.statsd.metrics_collection_interval }}, 32 | {{- end }} 33 | "service_address": ":{{- .Values.statsd.port -}}" 34 | } 35 | } 36 | } 37 | {{- else }} 38 | } 39 | {{- end }} 40 | } 41 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 5 | labels: 6 | {{- include "aws-cloudwatch-metrics.labels" . | nindent 4 }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | {{- include "aws-cloudwatch-metrics.selectorLabels" . | nindent 6 }} 11 | template: 12 | metadata: 13 | labels: 14 | {{- include "aws-cloudwatch-metrics.selectorLabels" . | nindent 8 }} 15 | spec: 16 | serviceAccountName: {{ include "aws-cloudwatch-metrics.serviceAccountName" . }} 17 | hostNetwork: {{ .Values.hostNetwork }} 18 | containers: 19 | - name: {{ .Chart.Name }} 20 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 21 | imagePullPolicy: {{ .Values.image.pullPolicy }} 22 | {{- include "aws-cloudwatch-metrics.statsdConfig" . | nindent 8 -}} 23 | # Please don't change below envs 24 | env: 25 | - name: HOST_IP 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: status.hostIP 29 | - name: HOST_NAME 30 | valueFrom: 31 | fieldRef: 32 | fieldPath: spec.nodeName 33 | - name: K8S_NAMESPACE 34 | valueFrom: 35 | fieldRef: 36 | fieldPath: metadata.namespace 37 | - name: CI_VERSION 38 | value: "k8s/1.3.9" 39 | # Please don't change the mountPath 40 | volumeMounts: 41 | - name: cwagentconfig 42 | mountPath: /etc/cwagentconfig 43 | - name: rootfs 44 | mountPath: /rootfs 45 | readOnly: true 46 | - name: dockersock 47 | mountPath: /var/run/docker.sock 48 | readOnly: true 49 | - name: varlibdocker 50 | mountPath: /var/lib/docker 51 | readOnly: true 52 | - name: containerdsock 53 | mountPath: /run/containerd/containerd.sock 54 | readOnly: true 55 | - name: sys 56 | mountPath: /sys 57 | readOnly: true 58 | - name: devdisk 59 | mountPath: /dev/disk 60 | readOnly: true 61 | resources: 62 | {{- toYaml .Values.resources | nindent 10 }} 63 | volumes: 64 | - name: cwagentconfig 65 | configMap: 66 | name: {{ include "aws-cloudwatch-metrics.fullname" . }} 67 | - name: rootfs 68 | hostPath: 69 | path: / 70 | - name: dockersock 71 | hostPath: 72 | path: /var/run/docker.sock 73 | - name: varlibdocker 74 | hostPath: 75 | path: /var/lib/docker 76 | - name: containerdsock 77 | hostPath: 78 | path: {{ .Values.containerdSockPath }} 79 | - name: sys 80 | hostPath: 81 | path: /sys 82 | - name: devdisk 83 | hostPath: 84 | path: /dev/disk/ 85 | terminationGracePeriodSeconds: 60 86 | {{- with .Values.nodeSelector }} 87 | nodeSelector: 88 | {{- toYaml . | nindent 8 }} 89 | {{- end }} 90 | {{- with .Values.affinity }} 91 | affinity: 92 | {{- toYaml . | nindent 8 }} 93 | {{- end }} 94 | {{- with .Values.tolerations }} 95 | tolerations: 96 | {{- toYaml . | nindent 8 }} 97 | {{- end }} 98 | {{- if .Values.priorityClassName }} 99 | priorityClassName: {{ .Values.priorityClassName }} 100 | {{- end }} 101 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "aws-cloudwatch-metrics.serviceAccountName" . }} 6 | labels: 7 | {{- include "aws-cloudwatch-metrics.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /stable/aws-cloudwatch-metrics/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: amazon/cloudwatch-agent 3 | tag: 1.300032.2b361 4 | pullPolicy: IfNotPresent 5 | 6 | clusterName: cluster_name 7 | 8 | enhancedContainerInsights: 9 | enabled: true 10 | 11 | resources: 12 | limits: 13 | cpu: 200m 14 | memory: 200Mi 15 | requests: 16 | cpu: 200m 17 | memory: 200Mi 18 | 19 | serviceAccount: 20 | create: true 21 | name: 22 | 23 | hostNetwork: false 24 | 25 | nodeSelector: {} 26 | 27 | tolerations: [] 28 | 29 | affinity: {} 30 | 31 | # For bottlerocket OS (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContainerInsights-troubleshooting.html#ContainerInsights-troubleshooting-bottlerocket) 32 | # containerdSockPath: /run/dockershim.sock 33 | containerdSockPath: /run/containerd/containerd.sock 34 | 35 | ## Assign a PriorityClassName to pods if set 36 | # priorityClassName: 37 | 38 | statsd: 39 | enabled: false 40 | port: 8125 41 | protocol: UDP 42 | # Overrides default values in the agent configuration if set 43 | # cloudwatch_namespace: 44 | # metrics_aggregation_interval: 45 | # metrics_collection_interval: 46 | -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-efa-k8s-device-plugin 3 | description: A Helm chart for EFA device plugin. 4 | version: v0.5.10 5 | appVersion: "v0.5.6" 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/README.md: -------------------------------------------------------------------------------- 1 | # AWS EFA Kubernetes Device Plugin 2 | This chart installs the AWS EFA Kubernetes Device Plugin daemonset 3 | 4 | ## Prerequisites 5 | - Helm v3 6 | 7 | ## Installing the Chart 8 | First add the EKS repository to Helm: 9 | 10 | ```shell 11 | helm repo add eks https://aws.github.io/eks-charts 12 | ``` 13 | 14 | To install the chart with the release name `efa` in the `kube-system` namespace and default configuration: 15 | 16 | ```shell 17 | helm install efa ./aws-efa-k8s-device-plugin -n kube-system 18 | ``` 19 | 20 | # Configuration 21 | 22 | Parameter | Description | Default 23 | --- | --- | --- 24 | `image.repository` | EFA image repository | `602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efa-k8s-device-plugin` 25 | `image.tag` | EFA image tag | `v0.5.4` 26 | `securityContext.allowPrivilegeEscalation` | Controls whether a process can gain more privilege than its parent process | `false` 27 | `securityContext` | EFA plugin security context | `capabilities: drop: ["ALL"] runAsNonRoot: false` 28 | `supportedInstanceLabels.keys` | Kubernetes key to interpret as instance type | `nodes.kubernetes.io/instance-type` 29 | `supportedInstanceLabels.values` | List of instances which currently support EFA devices | `see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html#efa-instance-types` 30 | `resources` | Resources for containers in pod | `requests.cpu: 10m requests.memory: 20Mi` 31 | `nodeSelector` | Node labels for pod assignment | `{}` 32 | `tolerations` | Optional deployment tolerations | `[]` 33 | `additionalPodAnnotations` | Pod annotations to apply in addition to the default ones | `{}` 34 | `additionalPodLabels` | Pod labels to apply in addition to the defualt ones | `{}` 35 | `nameOverride` | Override the name of the chart | `""` 36 | `fullnameOverride` | Override the full name of the chart | `""` 37 | `imagePullSecrets` | Docker registry pull secret | `[]` 38 | 39 | -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | EFA device plugin is installed, it can be requested as `vpc.amazonaws.com/efa` resource. -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "aws-efa-k8s-device-plugin.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "aws-efa-k8s-device-plugin.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "aws-efa-k8s-device-plugin.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "aws-efa-k8s-device-plugin.labels" -}} 37 | helm.sh/chart: {{ include "aws-efa-k8s-device-plugin.chart" . }} 38 | {{ include "aws-efa-k8s-device-plugin.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "aws-efa-k8s-device-plugin.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "aws-efa-k8s-device-plugin.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "aws-efa-k8s-device-plugin.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "aws-efa-k8s-device-plugin.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /stable/aws-efa-k8s-device-plugin/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ include "aws-efa-k8s-device-plugin.fullname" . }} 5 | labels: 6 | {{- include "aws-efa-k8s-device-plugin.labels" . | nindent 4 }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | name: {{ include "aws-efa-k8s-device-plugin.fullname" . }} 11 | updateStrategy: 12 | type: RollingUpdate 13 | template: 14 | metadata: 15 | {{- if .Values.additionalPodAnnotations }} 16 | annotations: 17 | {{- with .Values.additionalPodAnnotations }} 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | {{- end }} 21 | labels: 22 | name: {{ include "aws-efa-k8s-device-plugin.fullname" . }} 23 | {{- with .Values.additionalPodLabels }} 24 | {{- toYaml . | nindent 8 }} 25 | {{- end }} 26 | spec: 27 | {{- with .Values.imagePullSecrets }} 28 | imagePullSecrets: 29 | {{- toYaml . | nindent 8 }} 30 | {{- end }} 31 | tolerations: 32 | - key: CriticalAddonsOnly 33 | operator: Exists 34 | {{- with .Values.tolerations }} 35 | {{- toYaml . | nindent 8 }} 36 | {{- end }} 37 | # Mark this pod as a critical add-on; when enabled, the critical add-on 38 | # scheduler reserves resources for critical add-on pods so that they can 39 | # be rescheduled after a failure. 40 | # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ 41 | priorityClassName: "system-node-critical" 42 | {{- with .Values.nodeSelector }} 43 | nodeSelector: 44 | {{- toYaml . | nindent 8 }} 45 | {{- end }} 46 | affinity: 47 | nodeAffinity: 48 | requiredDuringSchedulingIgnoredDuringExecution: 49 | nodeSelectorTerms: 50 | {{- range .Values.supportedInstanceLabels.keys }} 51 | - matchExpressions: 52 | - key: {{ . }} 53 | operator: In 54 | values: 55 | {{- toYaml $.Values.supportedInstanceLabels.values | nindent 20 }} 56 | {{- end }} 57 | - key: eks.amazonaws.com/compute-type 58 | operator: NotIn 59 | values: 60 | - auto 61 | hostNetwork: true 62 | containers: 63 | - image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} 64 | name: aws-efa-k8s-device-plugin 65 | securityContext: 66 | {{- toYaml .Values.securityContext | nindent 12}} 67 | {{- with .Values.resources }} 68 | resources: 69 | {{- toYaml . | nindent 12 }} 70 | {{- end }} 71 | volumeMounts: 72 | - name: device-plugin 73 | mountPath: /var/lib/kubelet/device-plugins 74 | - name: infiniband-volume 75 | mountPath: /dev/infiniband/ 76 | volumes: 77 | - name: device-plugin 78 | hostPath: 79 | path: /var/lib/kubelet/device-plugins 80 | - name: infiniband-volume 81 | hostPath: 82 | path: /dev/infiniband/ -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-for-fluent-bit 3 | description: A Helm chart to deploy aws-for-fluent-bit project 4 | version: 0.1.35 5 | appVersion: 2.32.2.20240516 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: Wesley Pettit 12 | url: https://github.com/pettitwesley 13 | - name: Mohammad Forutan 14 | url: https://github.com/mforutan 15 | email: mforutan@users.noreply.github.com 16 | keywords: 17 | - eks 18 | - fluentbit 19 | - fluent-bit 20 | - cloudwatch 21 | - firehose 22 | - kinesis 23 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ .Release.Name }} has been installed or updated. To check the status of pods, run: 2 | 3 | kubectl get pods -n {{ include "aws-for-fluent-bit.namespace" . }} 4 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "aws-for-fluent-bit.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "aws-for-fluent-bit.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "aws-for-fluent-bit.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "aws-for-fluent-bit.labels" -}} 38 | helm.sh/chart: {{ include "aws-for-fluent-bit.chart" . }} 39 | {{ include "aws-for-fluent-bit.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "aws-for-fluent-bit.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "aws-for-fluent-bit.name" . }} 51 | app.kubernetes.io/instance: {{ include "aws-for-fluent-bit.fullname" . }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "aws-for-fluent-bit.serviceAccountName" -}} 58 | {{ default (include "aws-for-fluent-bit.fullname" .) .Values.serviceAccount.name }} 59 | {{- end -}} 60 | 61 | {{/* 62 | Allow the release namespace to be overridden for multi-namespace deployments in combined charts. 63 | */}} 64 | {{- define "aws-for-fluent-bit.namespace" -}} 65 | {{- if .Values.global -}} 66 | {{- if .Values.global.namespaceOverride -}} 67 | {{- .Values.global.namespaceOverride -}} 68 | {{- else -}} 69 | {{- .Release.Namespace -}} 70 | {{- end -}} 71 | {{- else -}} 72 | {{- .Release.Namespace -}} 73 | {{- end -}} 74 | {{- end -}} 75 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "aws-for-fluent-bit.fullname" . }} 5 | rules: 6 | - apiGroups: [""] 7 | resources: 8 | - namespaces 9 | - pods 10 | - pods/logs 11 | - nodes 12 | - nodes/proxy 13 | verbs: ["get", "list", "watch"] 14 | - apiGroups: ["policy"] 15 | resources: ["podsecuritypolicies"] 16 | verbs: ["use"] 17 | resourceNames: 18 | - {{ include "aws-for-fluent-bit.fullname" . }} 19 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "aws-for-fluent-bit.fullname" . }} 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ include "aws-for-fluent-bit.fullname" . }} 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ include "aws-for-fluent-bit.serviceAccountName" . }} 12 | namespace: {{ include "aws-for-fluent-bit.namespace" . }} 13 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ include "aws-for-fluent-bit.fullname" . }} 5 | namespace: {{ include "aws-for-fluent-bit.namespace" . }} 6 | labels: 7 | {{- include "aws-for-fluent-bit.labels" . | nindent 4 }} 8 | spec: 9 | updateStrategy: 10 | {{ toYaml .Values.updateStrategy | indent 4 }} 11 | selector: 12 | matchLabels: 13 | {{- include "aws-for-fluent-bit.selectorLabels" . | nindent 6 }} 14 | template: 15 | metadata: 16 | annotations: 17 | checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 18 | {{- if .Values.annotations }} 19 | {{- toYaml .Values.annotations | nindent 8 }} 20 | {{- end }} 21 | labels: 22 | {{- include "aws-for-fluent-bit.selectorLabels" . | nindent 8 }} 23 | spec: 24 | {{- if .Values.imagePullSecrets }} 25 | imagePullSecrets: 26 | {{- toYaml .Values.imagePullSecrets | nindent 8 }} 27 | {{- end }} 28 | serviceAccountName: {{ include "aws-for-fluent-bit.serviceAccountName" . }} 29 | {{- with .Values.podSecurityContext }} 30 | securityContext: 31 | {{- toYaml . | nindent 8 }} 32 | {{- end }} 33 | {{- if .Values.priorityClassName }} 34 | priorityClassName: {{ .Values.priorityClassName }} 35 | {{- end }} 36 | {{- if .Values.hostNetwork }} 37 | hostNetwork: {{ .Values.hostNetwork }} 38 | {{- end }} 39 | {{- if .Values.dnsPolicy }} 40 | dnsPolicy: {{ .Values.dnsPolicy }} 41 | {{- end }} 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | imagePullPolicy: {{ .Values.image.pullPolicy }} 45 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 46 | {{- with .Values.containerSecurityContext }} 47 | securityContext: 48 | {{- toYaml . | nindent 12 }} 49 | {{- end }} 50 | {{- if .Values.env }} 51 | env: 52 | {{- toYaml .Values.env | nindent 12 }} 53 | {{- end }} 54 | volumeMounts: 55 | - name: fluentbit-config 56 | mountPath: /fluent-bit/etc/ 57 | {{- if .Values.volumeMounts }} 58 | {{- toYaml .Values.volumeMounts | nindent 12 }} 59 | {{- end }} 60 | resources: 61 | {{- toYaml .Values.resources | nindent 12 }} 62 | {{- if .Values.livenessProbe }} 63 | livenessProbe: 64 | {{- toYaml .Values.livenessProbe | nindent 12 }} 65 | {{- end }} 66 | {{- if .Values.readinessProbe }} 67 | readinessProbe: 68 | {{- toYaml .Values.readinessProbe | nindent 12 }} 69 | {{- end }} 70 | volumes: 71 | - name: fluentbit-config 72 | configMap: 73 | name: {{ include "aws-for-fluent-bit.fullname" . }} 74 | {{- if .Values.volumes }} 75 | {{- toYaml .Values.volumes | nindent 8 }} 76 | {{- end}} 77 | {{- if .Values.tolerations }} 78 | tolerations: 79 | {{- toYaml .Values.tolerations | nindent 8 }} 80 | {{- end }} 81 | {{- if .Values.affinity }} 82 | affinity: 83 | {{- toYaml .Values.affinity | nindent 8 }} 84 | {{- end }} 85 | {{- if .Values.nodeSelector }} 86 | nodeSelector: 87 | {{- toYaml .Values.nodeSelector | nindent 8 }} 88 | {{- end }} 89 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ include "aws-for-fluent-bit.fullname" . }} 6 | spec: 7 | privileged: false 8 | allowPrivilegeEscalation: false 9 | requiredDropCapabilities: 10 | - ALL 11 | volumes: 12 | - 'configMap' 13 | - 'secret' 14 | - 'hostPath' 15 | - 'projected' 16 | allowedHostPaths: 17 | - pathPrefix: "/var/log" 18 | - pathPrefix: "/var/lib/docker/containers" 19 | readOnly: true 20 | hostIPC: false 21 | hostPID: false 22 | runAsUser: 23 | rule: 'RunAsAny' 24 | seLinux: 25 | rule: 'RunAsAny' 26 | supplementalGroups: 27 | rule: 'MustRunAs' 28 | ranges: 29 | # Forbid adding the root group. 30 | - min: 1 31 | max: 65535 32 | fsGroup: 33 | rule: 'MustRunAs' 34 | ranges: 35 | # Forbid adding the root group. 36 | - min: 1 37 | max: 65535 38 | readOnlyRootFilesystem: false 39 | {{- end }} -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | {{- include "aws-for-fluent-bit.labels" . | nindent 4 }} 6 | name: {{ include "aws-for-fluent-bit.fullname" . }} 7 | namespace: {{ include "aws-for-fluent-bit.namespace" . }} 8 | spec: 9 | ports: 10 | - name: monitor-agent 11 | port: {{ .Values.serviceMonitor.service.port }} 12 | protocol: TCP 13 | targetPort: {{ .Values.serviceMonitor.service.targetPort }} 14 | {{- if .Values.serviceMonitor.service.extraPorts }} 15 | {{- range .Values.serviceMonitor.service.extraPorts }} 16 | - name: {{ .name }} 17 | targetPort: {{ .targetPort }} 18 | protocol: {{ .protocol }} 19 | port: {{ .port }} 20 | {{- end }} 21 | {{- end }} 22 | selector: 23 | {{- include "aws-for-fluent-bit.selectorLabels" . | nindent 4 }} 24 | sessionAffinity: None 25 | type: {{ .Values.serviceMonitor.service.type }} 26 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "aws-for-fluent-bit.serviceAccountName" . }} 6 | namespace: {{ include "aws-for-fluent-bit.namespace" . }} 7 | labels: 8 | {{- include "aws-for-fluent-bit.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /stable/aws-for-fluent-bit/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if $.Values.serviceMonitor }} 2 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | {{- if .Values.serviceMonitor.labels }} 7 | labels: 8 | {{ toYaml .Values.serviceMonitor.labels | indent 4}} 9 | {{- end }} 10 | name: {{ include "aws-for-fluent-bit.fullname" . }} 11 | namespace: {{ include "aws-for-fluent-bit.namespace" . }} 12 | spec: 13 | endpoints: 14 | - port: monitor-agent 15 | scheme: http 16 | {{- if .Values.serviceMonitor.interval }} 17 | interval: {{ .Values.serviceMonitor.interval }} 18 | {{- end }} 19 | {{- if .Values.serviceMonitor.telemetryPath }} 20 | path: {{ .Values.serviceMonitor.telemetryPath }} 21 | {{- end }} 22 | {{- if .Values.serviceMonitor.timeout }} 23 | scrapeTimeout: {{ .Values.serviceMonitor.timeout }} 24 | {{- end }} 25 | {{- if .Values.serviceMonitor.metricRelabelings }} 26 | metricRelabelings: 27 | {{ toYaml .Values.serviceMonitor.metricRelabelings | indent 4 }} 28 | {{- end }} 29 | {{- if .Values.serviceMonitor.relabelings }} 30 | relabelings: 31 | {{ toYaml .Values.serviceMonitor.relabelings | indent 4 }} 32 | {{- end }} 33 | {{- with .Values.serviceMonitor.extraEndpoints }} 34 | {{- toYaml . | nindent 2 }} 35 | {{- end }} 36 | jobLabel: {{ default "app.kubernetes.io/instance" .Values.serviceMonitor.jobLabel }} 37 | namespaceSelector: 38 | matchNames: 39 | - {{ .Release.Namespace }} 40 | selector: 41 | matchLabels: 42 | {{- include "aws-for-fluent-bit.selectorLabels" . | nindent 6 }} 43 | {{- if .Values.serviceMonitor.targetLabels }} 44 | targetLabels: 45 | {{- range .Values.serviceMonitor.targetLabels }} 46 | - {{ . }} 47 | {{- end }} 48 | {{- end }} 49 | {{- end }} 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | crds/kustomization.yaml 25 | test.yaml 26 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: aws-load-balancer-controller 3 | description: AWS Load Balancer Controller Helm chart for Kubernetes 4 | version: 1.13.2 5 | appVersion: v2.13.2 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: kishorj 12 | url: https://github.com/kishorj 13 | email: kishorj@users.noreply.github.com 14 | - name: m00nf1sh 15 | url: https://github.com/m00nf1sh 16 | email: m00nf1sh@users.noreply.github.com 17 | keywords: 18 | - eks 19 | - alb 20 | - load balancer 21 | - ingress 22 | - nlb 23 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/ci/extra_args: -------------------------------------------------------------------------------- 1 | --set clusterName=k8s-ci-cluster 2 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/ci/values.yaml: -------------------------------------------------------------------------------- 1 | # CI testing values for aws-load-balancer-controller 2 | 3 | region: us-west-2 4 | image: 5 | repository: public.ecr.aws/eks/aws-load-balancer-controller 6 | tag: v2.4.5 7 | pullPolicy: Always 8 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - crds.yaml 5 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | AWS Load Balancer controller installed! 2 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | {{- if (semverCompare ">=1.23-0" .Capabilities.KubeVersion.Version)}} 3 | apiVersion: autoscaling/v2 4 | {{- else }} 5 | apiVersion: autoscaling/v2beta2 6 | {{- end }} 7 | kind: HorizontalPodAutoscaler 8 | metadata: 9 | name: {{ include "aws-load-balancer-controller.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | labels: 12 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 13 | annotations: 14 | {{- .Values.annotations | toYaml | nindent 4 }} 15 | spec: 16 | scaleTargetRef: 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | name: {{ include "aws-load-balancer-controller.fullname" . }} 20 | minReplicas: {{ .Values.autoscaling.minReplicas }} 21 | maxReplicas: {{ required "A valid .Values.autoscaling.maxReplicas value is required" .Values.autoscaling.maxReplicas }} 22 | metrics: 23 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 24 | - type: Resource 25 | resource: 26 | name: cpu 27 | target: 28 | averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 29 | type: Utilization 30 | {{- end }} 31 | {{- if .Values.autoscaling.autoscaleBehavior }} 32 | behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} 33 | {{- end }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | [caution] AWSLoadBalancerController <= v2.4.2 expects referenced IngressClassParams to be created before IngressClass. 3 | We use a list here to force Helm create IngressClassParams(if any) before apply any IngressClass changes. 4 | */}} 5 | {{- if .Values.createIngressClassResource }} 6 | apiVersion: v1 7 | kind: List 8 | metadata: 9 | name: ingress-class 10 | items: 11 | {{- if .Values.ingressClassParams.create }} 12 | - apiVersion: elbv2.k8s.aws/v1beta1 13 | kind: IngressClassParams 14 | metadata: 15 | name: {{ include "aws-load-balancer-controller.ingressClassParamsName" . }} 16 | labels: 17 | {{- include "aws-load-balancer-controller.labels" . | nindent 6 }} 18 | {{- with .Values.ingressClassParams.spec }} 19 | spec: 20 | {{- toYaml . | nindent 4 }} 21 | {{- end }} 22 | {{- end }} 23 | - apiVersion: networking.k8s.io/v1 24 | kind: IngressClass 25 | metadata: 26 | name: {{ .Values.ingressClass }} 27 | labels: 28 | {{- include "aws-load-balancer-controller.labels" . | nindent 6 }} 29 | {{- if .Values.ingressClassConfig.default }} 30 | annotations: 31 | ingressclass.kubernetes.io/is-default-class: "true" 32 | {{- end }} 33 | spec: 34 | controller: ingress.k8s.aws/alb 35 | {{- if or .Values.ingressClassParams.name (and .Values.ingressClassParams.create .Values.ingressClassParams.spec) }} 36 | parameters: 37 | apiGroup: elbv2.k8s.aws 38 | kind: IngressClassParams 39 | name: {{ include "aws-load-balancer-controller.ingressClassParamsName" . }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.podDisruptionBudget (gt (int .Values.replicaCount) 1) }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "aws-load-balancer-controller.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 6 }} 13 | {{- toYaml .Values.podDisruptionBudget | nindent 2 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if.Values.serviceMonitor.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "aws-load-balancer-controller.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | {{- with .Values.serviceAnnotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | labels: 12 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 13 | spec: 14 | ports: 15 | - port: 8080 16 | name: metrics-server 17 | targetPort: metrics-server 18 | selector: 19 | {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 4 }} 20 | --- 21 | {{- end }} 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: {{ template "aws-load-balancer-controller.webhookService" . }} 26 | namespace: {{ .Release.Namespace }} 27 | {{- with .Values.serviceAnnotations }} 28 | annotations: 29 | {{- toYaml . | nindent 4 }} 30 | {{- end }} 31 | labels: 32 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 33 | app.kubernetes.io/component: webhook 34 | prometheus.io/service-monitor: "false" 35 | spec: 36 | ports: 37 | - port: 443 38 | name: webhook-server 39 | targetPort: webhook-server 40 | selector: 41 | {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 4 }} 42 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "aws-load-balancer-controller.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 14 | {{- with .Values.serviceAccount.imagePullSecrets }} 15 | imagePullSecrets: 16 | {{ toYaml . }} 17 | {{- end }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /stable/aws-load-balancer-controller/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if.Values.serviceMonitor.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "aws-load-balancer-controller.fullname" . }} 6 | namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }} 7 | labels: 8 | {{- include "aws-load-balancer-controller.labels" . | nindent 4 }} 9 | {{- with .Values.serviceMonitor.additionalLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | jobLabel: app.kubernetes.io/instance 14 | namespaceSelector: 15 | matchNames: 16 | - {{ .Release.Namespace }} 17 | selector: 18 | matchLabels: 19 | {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 6 }} 20 | matchExpressions: 21 | - key: prometheus.io/service-monitor 22 | operator: NotIn 23 | values: 24 | - "false" 25 | endpoints: 26 | - port: metrics-server 27 | path: /metrics 28 | scheme: http 29 | {{- with .Values.serviceMonitor.interval }} 30 | interval: {{ . }} 31 | {{- end }} 32 | {{- with .Values.serviceMonitor.scrapeTimeout }} 33 | scrapeTimeout: {{ . }} 34 | {{- end }} 35 | {{- with .Values.serviceMonitor.relabelings }} 36 | relabelings: 37 | {{- toYaml . | nindent 8 }} 38 | {{- end }} 39 | {{- with .Values.serviceMonitor.metricRelabelings }} 40 | metricRelabelings: 41 | {{- toYaml . | nindent 8 }} 42 | {{- end }} 43 | {{- end -}} 44 | -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-sigv4-proxy-admission-controller 3 | description: AWS SIGv4 Admission Controller Helm Chart for Kubernetes 4 | version: 0.1.2 5 | appVersion: 1.0 6 | home: https://github.com/aws/eks-charts 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws/eks-charts 10 | maintainers: 11 | - name: AWS Observability Team 12 | url: https://github.com/aws-observability 13 | -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/README.md: -------------------------------------------------------------------------------- 1 | # AWS SIGv4 Admission Controller 2 | 3 | A helm chart for [AWS SIGv4 Admission Controller](https://github.com/aws-observability/aws-sigv4-proxy-admission-controller) 4 | 5 | ## Installing the Chart 6 | 7 | Add the EKS repository to Helm: 8 | 9 | ```bash 10 | helm repo add eks https://aws.github.io/eks-charts 11 | ``` 12 | 13 | Install the AWS SIGv4 Admission Controller chart with default configuration: 14 | 15 | ```bash 16 | helm install aws-sigv4-proxy-admission-controller eks/aws-sigv4-proxy-admission-controller --namespace 17 | ``` 18 | 19 | ## Uninstalling the Chart 20 | 21 | To uninstall/delete the `aws-sigv4-proxy-admission-controller` release: 22 | 23 | ```bash 24 | helm uninstall aws-sigv4-proxy-admission-controller --namespace 25 | ``` 26 | 27 | ## Configuration 28 | 29 | | Parameter | Description | Default 30 | | - | - | - 31 | | `nameOverride` | Used to override name of chart | `""` 32 | | `fullnameOverride` | Used to override the full name of the application | `""` 33 | | `replicaCount` | Number of replicas | `1` 34 | | `image.repository` | Repository of image to pull for deployment | `public.ecr.aws/aws-observability/aws-sigv4-proxy-admission-controller` 35 | | `image.tag` | Tag of image to pull from repository | `1.0` 36 | | `image.pullPolicy` | Policy of how to pull image | `IfNotPresent` 37 | | `env.awsSigV4ProxyImage` | Image URI of sidecar container for AWS SIGv4 Proxy | `public.ecr.aws/aws-observability/aws-sigv4-proxy:1.0` 38 | | `serviceAccount.create` | Whether to create a service account or not | `true` 39 | | `serviceAccount.name` | The name of the service account to create or use | `""` 40 | | `rbac.create` | Whether to create rbac resources or not | `true` 41 | | `webhookService.port` | Incoming port used by webhook service | `443` 42 | | `webhookService.targetPort` | Target port used by webhook service | `443` -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ .Release.Name }} has been installed or updated. To check the status of pods, run: 2 | kubectl get pods -n {{ .Release.Namespace }} -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "aws-sigv4-proxy-admission-controller.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "aws-sigv4-proxy-admission-controller.fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "aws-sigv4-proxy-admission-controller.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "aws-sigv4-proxy-admission-controller.labels" -}} 37 | helm.sh/chart: {{ include "aws-sigv4-proxy-admission-controller.chart" . }} 38 | {{- if .Chart.AppVersion }} 39 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 40 | {{- end }} 41 | app.kubernetes.io/managed-by: {{ .Release.Service }} 42 | {{- end }} 43 | 44 | {{/* 45 | Create the name of the service account to use 46 | */}} 47 | {{- define "aws-sigv4-proxy-admission-controller.serviceAccountName" -}} 48 | {{ default (include "aws-sigv4-proxy-admission-controller.fullname" .) .Values.serviceAccount.name }} 49 | {{- end -}} 50 | 51 | {{/* 52 | Generate certificates for webhook 53 | */}} 54 | {{- define "aws-sigv4-proxy-admission-controller.gen-certs" -}} 55 | {{- $fullName := ( include "aws-sigv4-proxy-admission-controller.fullname" . ) -}} 56 | {{- $serviceName := ( printf "%s-%s" $fullName "webhook-service" ) -}} 57 | {{- $altNames := list ( printf "%s.%s" $serviceName .Release.Namespace ) ( printf "%s.%s.svc" $serviceName .Release.Namespace ) -}} 58 | {{- $ca := genCA "aws-sigv4-proxy-admission-controller-ca" 3650 -}} 59 | {{- $cert := genSignedCert $fullName nil $altNames 3650 $ca -}} 60 | caCert: {{ $ca.Cert | b64enc }} 61 | clientCert: {{ $cert.Cert | b64enc }} 62 | clientKey: {{ $cert.Key | b64enc }} 63 | {{- end -}} -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-deployment 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 8 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 9 | spec: 10 | replicas: {{ .Values.replicaCount }} 11 | selector: 12 | matchLabels: 13 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 14 | template: 15 | metadata: 16 | labels: 17 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 18 | spec: 19 | serviceAccountName: {{ template "aws-sigv4-proxy-admission-controller.serviceAccountName" . }} 20 | containers: 21 | - name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 22 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 23 | imagePullPolicy: {{ .Values.image.pullPolicy }} 24 | args: 25 | - -tlsCertFile=/etc/webhook/certs/cert.pem 26 | - -tlsKeyFile=/etc/webhook/certs/key.pem 27 | ports: 28 | - containerPort: {{ .Values.webhookService.targetPort }} 29 | volumeMounts: 30 | - name: webhook-certs 31 | mountPath: /etc/webhook/certs 32 | readOnly: true 33 | env: 34 | - name: AWS-SIGV4-PROXY-IMAGE 35 | value: {{ .Values.env.awsSigV4ProxyImage }} 36 | volumes: 37 | - name: webhook-certs 38 | secret: 39 | secretName: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-certs -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-role 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 9 | rules: 10 | - apiGroups: [""] 11 | resources: [namespaces] 12 | verbs: [get, list] 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-rolebinding 18 | namespace: {{ .Release.Namespace }} 19 | labels: 20 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 21 | roleRef: 22 | apiGroup: rbac.authorization.k8s.io 23 | kind: ClusterRole 24 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-role 25 | subjects: 26 | - kind: ServiceAccount 27 | name: {{ template "aws-sigv4-proxy-admission-controller.serviceAccountName" . }} 28 | namespace: {{ .Release.Namespace }} 29 | {{- end }} -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-service 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 8 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - port: {{ .Values.webhookService.port }} 12 | targetPort: {{ .Values.webhookService.targetPort }} 13 | selector: 14 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "aws-sigv4-proxy-admission-controller.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 9 | {{- end -}} -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/templates/webhook.yaml: -------------------------------------------------------------------------------- 1 | {{ $tls := fromYaml ( include "aws-sigv4-proxy-admission-controller.gen-certs" . ) }} 2 | --- 3 | {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} 4 | apiVersion: admissionregistration.k8s.io/v1 5 | {{- else }} 6 | apiVersion: admissionregistration.k8s.io/v1beta1 7 | {{- end }} 8 | kind: MutatingWebhookConfiguration 9 | metadata: 10 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-config 11 | labels: 12 | app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} 13 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 14 | webhooks: 15 | - name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}.k8s.aws 16 | clientConfig: 17 | service: 18 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-service 19 | namespace: {{ .Release.Namespace }} 20 | path: "/mutate" 21 | caBundle: {{ $tls.caCert }} 22 | rules: 23 | - operations: [ "CREATE" ] 24 | apiGroups: ["apps", ""] 25 | apiVersions: ["v1"] 26 | resources: ["pods"] 27 | sideEffects: None 28 | admissionReviewVersions: 29 | - v1beta1 30 | --- 31 | apiVersion: v1 32 | kind: Secret 33 | metadata: 34 | name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-certs 35 | namespace: {{ .Release.Namespace }} 36 | labels: 37 | {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} 38 | type: Opaque 39 | data: 40 | cert.pem: {{ $tls.clientCert }} 41 | key.pem: {{ $tls.clientKey }} 42 | -------------------------------------------------------------------------------- /stable/aws-sigv4-proxy-admission-controller/values.yaml: -------------------------------------------------------------------------------- 1 | # nameOverride: Used to override name of chart 2 | nameOverride: "" 3 | # fullnameOverride: Used to override the full name of the application 4 | fullnameOverride: "" 5 | 6 | # replicaCount: Number of replicas 7 | replicaCount: 1 8 | 9 | image: 10 | # image.repository: Repository of image to pull for deployment 11 | repository: public.ecr.aws/aws-observability/aws-sigv4-proxy-admission-controller 12 | # image.tag: Tag of image to pull from repository 13 | tag: "1.0" 14 | # image.pullPolicy: Policy of how to pull image 15 | pullPolicy: IfNotPresent 16 | 17 | env: 18 | # env.awsSigV4ProxyImage: Image URI of sidecar container for AWS SIGv4 Proxy 19 | awsSigV4ProxyImage: public.ecr.aws/aws-observability/aws-sigv4-proxy:1.0 20 | 21 | serviceAccount: 22 | # serviceAccount.create: Whether to create a service account or not 23 | create: true 24 | # serviceAccount.name: The name of the service account to create or use 25 | name: "" 26 | 27 | rbac: 28 | # rbac.create: Whether to create rbac resources or not 29 | create: true 30 | 31 | webhookService: 32 | # webhookService.port: Incoming port used by webhook service 33 | port: 443 34 | # webhookService.targetPort: Target port used by webhook service 35 | targetPort: 443 -------------------------------------------------------------------------------- /stable/aws-vpc-cni/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | crds/kustomization.yaml -------------------------------------------------------------------------------- /stable/aws-vpc-cni/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-vpc-cni 3 | version: 1.19.5 4 | appVersion: "v1.19.5" 5 | description: A Helm chart for the AWS VPC CNI 6 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 7 | home: https://github.com/aws/amazon-vpc-cni-k8s 8 | sources: 9 | - https://github.com/aws/amazon-vpc-cni-k8s 10 | keywords: 11 | - eks 12 | - cni 13 | - networking 14 | - vpc 15 | maintainers: 16 | - name: Jayanth Varavani 17 | url: https://github.com/jayanthvn 18 | email: jayanthvn@users.noreply.github.com 19 | engine: gotpl 20 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - customresourcedefinition.yaml 5 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | {{ .Release.Name }} has been installed or updated. To check the status of pods, run: 3 | 4 | kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-vpc-cni.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" 5 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "aws-vpc-cni.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "aws-vpc-cni.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "aws-vpc-cni.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "aws-vpc-cni.labels" -}} 38 | app.kubernetes.io/name: {{ include "aws-vpc-cni.name" . }} 39 | helm.sh/chart: {{ include "aws-vpc-cni.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | k8s-app: aws-node 42 | {{- if .Chart.AppVersion }} 43 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 44 | {{- end }} 45 | app.kubernetes.io/managed-by: {{ .Release.Service }} 46 | {{- end -}} 47 | 48 | {{/* 49 | Create the name of the service account to use 50 | */}} 51 | {{- define "aws-vpc-cni.serviceAccountName" -}} 52 | {{- if .Values.serviceAccount.create -}} 53 | {{ default (include "aws-vpc-cni.fullname" .) .Values.serviceAccount.name }} 54 | {{- else -}} 55 | {{ default "default" .Values.serviceAccount.name }} 56 | {{- end -}} 57 | {{- end -}} 58 | 59 | {{/* 60 | The aws-vpc-cni-init image to use 61 | */}} 62 | {{- define "aws-vpc-cni.initImage" -}} 63 | {{- if .Values.init.image.override }} 64 | {{- .Values.init.image.override }} 65 | {{- else }} 66 | {{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni-init:%s" .Values.init.image.account .Values.init.image.endpoint .Values.init.image.region .Values.init.image.domain .Values.init.image.tag }} 67 | {{- end }} 68 | {{- end }} 69 | 70 | {{/* 71 | The aws-vpc-cni image to use 72 | */}} 73 | {{- define "aws-vpc-cni.image" -}} 74 | {{- if .Values.image.override }} 75 | {{- .Values.image.override }} 76 | {{- else }} 77 | {{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni:%s" .Values.image.account .Values.image.endpoint .Values.image.region .Values.image.domain .Values.image.tag }} 78 | {{- end }} 79 | {{- end }} 80 | 81 | {{/* 82 | The aws-network-policy-agent image to use 83 | */}} 84 | {{- define "aws-vpc-cni.nodeAgentImage" -}} 85 | {{- if .Values.nodeAgent.image.override }} 86 | {{- .Values.nodeAgent.image.override }} 87 | {{- else }} 88 | {{- printf "%s.dkr.%s.%s.%s/amazon/aws-network-policy-agent:%s" .Values.nodeAgent.image.account .Values.nodeAgent.image.endpoint .Values.nodeAgent.image.region .Values.nodeAgent.image.domain .Values.nodeAgent.image.tag }} 89 | {{- end -}} 90 | {{- end -}} 91 | 92 | {{/* 93 | The aws-network-policy-agent port to bind to for metrics 94 | */}} 95 | {{- define "aws-vpc-cni.nodeAgentMetricsBindAddr" -}} 96 | {{- printf ":%s" .Values.nodeAgent.metricsBindAddr }} 97 | {{- end -}} 98 | 99 | {{/* 100 | The aws-network-policy-agent port to bind to for health probes 101 | */}} 102 | {{- define "aws-vpc-cni.nodeAgentHealthProbeBindAddr" -}} 103 | {{- printf ":%s" .Values.nodeAgent.healthProbeBindAddr }} 104 | {{- end -}} 105 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "aws-vpc-cni.fullname" . }} 5 | labels: 6 | {{ include "aws-vpc-cni.labels" . | indent 4 }} 7 | rules: 8 | - apiGroups: 9 | - crd.k8s.amazonaws.com 10 | resources: 11 | - eniconfigs 12 | verbs: ["list", "watch", "get"] 13 | - apiGroups: [""] 14 | resources: 15 | - namespaces 16 | verbs: ["list", "watch", "get"] 17 | {{- if .Values.env.ANNOTATE_POD_IP }} 18 | - apiGroups: [""] 19 | resources: 20 | - pods 21 | verbs: ["list", "watch", "get", "patch"] 22 | {{- else }} 23 | - apiGroups: [""] 24 | resources: 25 | - pods 26 | verbs: ["list", "watch", "get"] 27 | {{- end }} 28 | - apiGroups: [""] 29 | resources: 30 | - nodes 31 | verbs: ["list", "watch", "get"] 32 | - apiGroups: ["", "events.k8s.io"] 33 | resources: 34 | - events 35 | verbs: ["create", "patch", "list"] 36 | - apiGroups: ["networking.k8s.aws"] 37 | resources: 38 | - policyendpoints 39 | verbs: ["get", "list", "watch"] 40 | - apiGroups: ["networking.k8s.aws"] 41 | resources: 42 | - policyendpoints/status 43 | verbs: ["get"] 44 | - apiGroups: 45 | - vpcresources.k8s.aws 46 | resources: 47 | - cninodes 48 | verbs: ["get", "list", "watch", "patch"] 49 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "aws-vpc-cni.fullname" . }} 5 | labels: 6 | {{ include "aws-vpc-cni.labels" . | indent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ include "aws-vpc-cni.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "aws-vpc-cni.serviceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cniConfig.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "aws-vpc-cni.fullname" . }} 6 | labels: 7 | {{ include "aws-vpc-cni.labels" . | indent 4 }} 8 | binaryData: 9 | 10-aws.conflist: {{ .Values.cniConfig.fileContents | b64enc }} 10 | {{- end }} 11 | --- 12 | apiVersion: v1 13 | kind: ConfigMap 14 | metadata: 15 | name: amazon-vpc-cni 16 | namespace: {{ .Release.Namespace }} 17 | labels: 18 | {{ include "aws-vpc-cni.labels" . | indent 4 }} 19 | data: 20 | enable-windows-ipam: {{ .Values.enableWindowsIpam | quote }} 21 | enable-network-policy-controller: {{ .Values.enableNetworkPolicy | quote }} 22 | enable-windows-prefix-delegation: {{ .Values.enableWindowsPrefixDelegation | quote }} 23 | warm-prefix-target: {{ .Values.warmWindowsPrefixTarget | quote }} 24 | warm-ip-target: {{ .Values.warmWindowsIPTarget | quote }} 25 | minimum-ip-target: {{ .Values.minimumWindowsIPTarget | quote }} 26 | branch-eni-cooldown: {{ .Values.branchENICooldown | quote }} 27 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/eniconfig.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.eniConfig.create }} 2 | {{- range $key, $value := (required ".Values.eniConfig.subnets must be specified" .Values.eniConfig.subnets) }} 3 | apiVersion: crd.k8s.amazonaws.com/v1alpha1 4 | kind: ENIConfig 5 | metadata: 6 | name: "{{ $key }}" 7 | spec: 8 | {{- if $value.securityGroups }} 9 | securityGroups: 10 | {{- range $sg := $value.securityGroups }} 11 | - {{ $sg }} 12 | {{- end }} 13 | {{- end }} 14 | subnet: {{ $value.id }} 15 | --- 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podMonitor.create }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: {{ include "aws-vpc-cni.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- with .Values.podMonitor.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.podMonitor.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | jobLabel: {{ include "aws-vpc-cni.fullname" . }} 17 | namespaceSelector: 18 | matchNames: 19 | - {{ .Release.Namespace }} 20 | podMetricsEndpoints: 21 | - interval: {{ .Values.podMonitor.interval }} 22 | path: /metrics 23 | port: metrics 24 | {{- with .Values.podMonitor.relabelings }} 25 | relabelings: 26 | {{- toYaml . | nindent 6 }} 27 | {{- end }} 28 | {{- if .Values.nodeAgent.enabled }} 29 | - interval: {{ .Values.podMonitor.interval }} 30 | path: /metrics 31 | port: agentmetrics 32 | {{- with .Values.podMonitor.relabelings }} 33 | relabelings: 34 | {{- toYaml . | nindent 6 }} 35 | {{- end }} 36 | {{- end }} 37 | selector: 38 | matchLabels: 39 | k8s-app: aws-node 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /stable/aws-vpc-cni/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "aws-vpc-cni.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | {{- with .Values.serviceAccount.annotations }} 8 | annotations: 9 | {{ toYaml . | indent 4 }} 10 | {{- end }} 11 | labels: 12 | {{ include "aws-vpc-cni.labels" . | indent 4 }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cni-metrics-helper 3 | version: 1.19.5 4 | appVersion: v1.19.5 5 | description: A Helm chart for the AWS VPC CNI Metrics Helper 6 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 7 | home: https://github.com/aws/amazon-vpc-cni-k8s 8 | sources: 9 | - https://github.com/aws/amazon-vpc-cni-k8s 10 | keywords: 11 | - eks 12 | - cni 13 | - networking 14 | - vpc 15 | maintainers: 16 | - name: Jayanth Varavani 17 | url: https://github.com/jayanthvn 18 | email: jayanthvn@users.noreply.github.com 19 | engine: gotpl 20 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ .Release.Name }} has been installed or updated. To check the status of pods, run: 2 | 3 | kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cni-metrics-helper.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "cni-metrics-helper.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "cni-metrics-helper.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "cni-metrics-helper.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "cni-metrics-helper.labels" -}} 38 | helm.sh/chart: {{ include "cni-metrics-helper.chart" . }} 39 | {{ include "cni-metrics-helper.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end }} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "cni-metrics-helper.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "cni-metrics-helper.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end }} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "cni-metrics-helper.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create }} 59 | {{- default (include "cni-metrics-helper.fullname" .) .Values.serviceAccount.name }} 60 | {{- else }} 61 | {{- default "default" .Values.serviceAccount.name }} 62 | {{- end }} 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "cni-metrics-helper.fullname" . }} 5 | labels: 6 | {{ include "cni-metrics-helper.labels" . | indent 4 }} 7 | rules: 8 | - apiGroups: [""] 9 | resources: 10 | - pods 11 | - pods/proxy 12 | verbs: ["get", "watch", "list"] 13 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "cni-metrics-helper.fullname" . }} 5 | labels: 6 | {{ include "cni-metrics-helper.labels" . | indent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: {{ include "cni-metrics-helper.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "cni-metrics-helper.serviceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: {{ include "cni-metrics-helper.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | k8s-app: cni-metrics-helper 8 | {{ include "cni-metrics-helper.labels" . | indent 4 }} 9 | spec: 10 | {{- if .Values.updateStrategy }} 11 | strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} 12 | {{- end }} 13 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 14 | selector: 15 | matchLabels: 16 | k8s-app: cni-metrics-helper 17 | template: 18 | metadata: 19 | {{- if .Values.podAnnotations }} 20 | annotations: 21 | {{- range $key, $value := .Values.podAnnotations }} 22 | {{ $key }}: {{ $value | quote }} 23 | {{- end }} 24 | {{- end }} 25 | labels: 26 | app.kubernetes.io/name: {{ include "cni-metrics-helper.name" . }} 27 | app.kubernetes.io/instance: {{ .Release.Name }} 28 | k8s-app: cni-metrics-helper 29 | spec: 30 | containers: 31 | - env: 32 | {{- range $key, $value := .Values.env }} 33 | - name: {{ $key }} 34 | value: {{ $value | quote }} 35 | {{- end }} 36 | {{- if .Values.resources }} 37 | resources: {{ toYaml .Values.resources | nindent 10 }} 38 | {{- end }} 39 | {{- if .Values.containerSecurityContext }} 40 | securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} 41 | {{- end }} 42 | name: cni-metrics-helper 43 | image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/cni-metrics-helper:{{- .Values.image.tag }}{{- end}}" 44 | {{- if eq (get .Values.env "USE_PROMETHEUS") "true" }} 45 | ports: 46 | - containerPort: 61681 47 | name: metrics 48 | {{- end }} 49 | serviceAccountName: {{ template "cni-metrics-helper.serviceAccountName" . }} 50 | {{- with .Values.tolerations }} 51 | tolerations: 52 | {{- toYaml . | nindent 8 }} 53 | {{- end }} 54 | {{- with .Values.imagePullSecrets }} 55 | imagePullSecrets: 56 | {{- toYaml . | nindent 8 }} 57 | {{- end }} 58 | {{- with .Values.podSecurityContext }} 59 | securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} 60 | {{- end }} 61 | {{- with .Values.nodeSelector }} 62 | nodeSelector: 63 | {{- toYaml . | nindent 8 }} 64 | {{- end }} 65 | {{- with .Values.affinity }} 66 | affinity: 67 | {{- toYaml . | nindent 8 }} 68 | {{- end }} -------------------------------------------------------------------------------- /stable/cni-metrics-helper/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "cni-metrics-helper.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | {{- with .Values.serviceAccount.annotations }} 8 | annotations: 9 | {{ toYaml . | indent 4 }} 10 | {{- end }} 11 | labels: 12 | {{ include "cni-metrics-helper.labels" . | indent 4 }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /stable/cni-metrics-helper/values.yaml: -------------------------------------------------------------------------------- 1 | # This default name override is to maintain backwards compatability with 2 | # existing naming 3 | nameOverride: cni-metrics-helper 4 | 5 | image: 6 | region: us-west-2 7 | tag: v1.19.5 8 | account: "602401143452" 9 | domain: "amazonaws.com" 10 | # Set to use custom image 11 | # override: "repo/org/image:tag" 12 | 13 | env: 14 | USE_CLOUDWATCH: "true" 15 | USE_PROMETHEUS: "false" 16 | AWS_CLUSTER_ID: "" 17 | AWS_VPC_K8S_CNI_LOGLEVEL: "INFO" 18 | 19 | fullnameOverride: "cni-metrics-helper" 20 | 21 | serviceAccount: 22 | # Specifies whether a service account should be created 23 | create: true 24 | # The name of the service account to use. 25 | # If not set and create is true, a name is generated using the fullname template 26 | name: 27 | annotations: {} 28 | # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME 29 | 30 | resources: {} 31 | 32 | revisionHistoryLimit: 10 33 | 34 | podSecurityContext: {} 35 | 36 | containerSecurityContext: {} 37 | 38 | podAnnotations: {} 39 | 40 | imagePullSecrets: [] 41 | 42 | updateStrategy: {} 43 | # type: RollingUpdate 44 | # rollingUpdate: 45 | # maxUnavailable: "10%" 46 | 47 | nodeSelector: {} 48 | 49 | tolerations: [] 50 | # - operator: Exists 51 | 52 | affinity: {} 53 | # nodeAffinity: 54 | # requiredDuringSchedulingIgnoredDuringExecution: 55 | # nodeSelectorTerms: 56 | # - matchExpressions: 57 | # - key: "kubernetes.io/os" 58 | # operator: In 59 | # values: 60 | # - linux 61 | # - key: "kubernetes.io/arch" 62 | # operator: In 63 | # values: 64 | # - amd64 65 | # - arm64 66 | # - key: "eks.amazonaws.com/compute-type" 67 | # operator: NotIn 68 | # values: 69 | # - fargate 70 | -------------------------------------------------------------------------------- /test/e2e/appmesh.bats: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | # App Mesh charts e2e test 4 | 5 | set -o errexit 6 | 7 | export REPO_ROOT=$(git rev-parse --show-toplevel) 8 | 9 | if [[ "${KUBECONFIG}" == "" ]]; then 10 | kind get kubeconfig > $REPO_ROOT/build/kind-kubeconfig 11 | export KUBECONFIG="$REPO_ROOT/build/kind-kubeconfig" 12 | fi 13 | 14 | namespace=appmesh-system 15 | charts=${REPO_ROOT}/stable 16 | 17 | load ${REPO_ROOT}/test/lib/helm.sh 18 | 19 | function setup() { 20 | infof "Preparing namespace $namespace" 21 | kubectl create ns $namespace >&3 22 | kubectl apply -k ${REPO_ROOT}/stable/appmesh-controller/crds >&3 23 | } 24 | 25 | @test "App Mesh" { 26 | chart=$charts/appmesh-controller 27 | installChart $chart $namespace 28 | waitForDeployment $chart $namespace 29 | 30 | chart=$charts/appmesh-inject 31 | installChart $chart $namespace 32 | waitForDeployment $chart $namespace 33 | waitForService $chart $namespace 34 | 35 | chart=$charts/appmesh-prometheus 36 | installChart $chart $namespace 37 | waitForDeployment $chart $namespace 38 | waitForService $chart $namespace 39 | 40 | chart=$charts/appmesh-jaeger 41 | installChart $chart $namespace 42 | waitForDeployment $chart $namespace 43 | waitForService $chart $namespace 44 | } 45 | 46 | function teardown() { 47 | infof "Printing container logs" 48 | kubectl -n $namespace logs -l app.kubernetes.io/part-of=appmesh >&3 || true 49 | 50 | infof "Listing pods" 51 | kubectl -n $namespace get pods >&3 || true 52 | } 53 | -------------------------------------------------------------------------------- /test/lib/helm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Helm charts testing helpers 4 | 5 | set -o errexit 6 | 7 | export REPO_ROOT=$(git rev-parse --show-toplevel) 8 | 9 | function infof() { 10 | echo -e "\e[32m${1}\e[0m" >&3 11 | } 12 | 13 | function errorf() { 14 | echo -e "\e[31m${1}\e[0m" >&3 15 | exit 1 16 | } 17 | 18 | function installChart() { 19 | chartName=$(basename $1) 20 | testValues="$1/ci/values.yaml" 21 | 22 | infof "Installing chart $chartName" 23 | if test -f "$testValues"; then 24 | helm upgrade -i $chartName $1 --namespace $2 -f $testValues 25 | else 26 | helm upgrade -i $chartName $1 --namespace $2 27 | fi 28 | infof "✔ $chartName chart install test passed" 29 | } 30 | 31 | function waitForDeployment() { 32 | chartName=$(basename $1) 33 | infof "Waiting for deployment $chartName" 34 | retries=10 35 | count=0 36 | ok=false 37 | until $ok; do 38 | kubectl -n $2 get deployment/$chartName && ok=true || ok=false 39 | sleep 6 40 | count=$(($count + 1)) 41 | if [[ $count -eq $retries ]]; then 42 | errorf "No more retries left" 43 | fi 44 | done 45 | 46 | kubectl -n $2 rollout status deployment/$chartName --timeout=1m >&3 47 | infof "✔ deployment/$chartName test passed" 48 | } 49 | 50 | function waitForService() { 51 | chartName=$(basename $1) 52 | infof "Waiting for service $chartName" 53 | retries=10 54 | count=0 55 | ok=false 56 | until $ok; do 57 | kubectl -n $2 get svc/$chartName && ok=true || ok=false 58 | sleep 6 59 | count=$(($count + 1)) 60 | if [[ $count -eq $retries ]]; then 61 | errorf "No more retries left" 62 | fi 63 | done 64 | infof "✔ service/$chartName test passed" 65 | } 66 | -------------------------------------------------------------------------------- /test/lib/kind.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Create Kubernetes cluster with Kind 4 | 5 | set -o errexit 6 | 7 | REPO_ROOT=$(git rev-parse --show-toplevel) 8 | TOOLS_DIR="$REPO_ROOT/build/tools" 9 | export PATH="$TOOLS_DIR:$PATH" 10 | HELM_MODE="${HELM_MODE:-v2}" 11 | 12 | kind create cluster --wait 5m 13 | 14 | function installHelm() { 15 | 16 | if [[ "${1}" == "v2" ]]; then 17 | kubectl --namespace kube-system create sa tiller 18 | 19 | kubectl create clusterrolebinding tiller-cluster-rule \ 20 | --clusterrole=cluster-admin --serviceaccount=kube-system:tiller 21 | 22 | cp -f $TOOLS_DIR/helmv2 $TOOLS_DIR/helm 23 | 24 | helm init --stable-repo-url https://charts.helm.sh/stable --service-account tiller --upgrade --wait 25 | else 26 | cp -f $TOOLS_DIR/helmv3 $TOOLS_DIR/helm 27 | fi 28 | } 29 | 30 | export KUBECONFIG="$(kind get kubeconfig > $REPO_ROOT/build/kind-kubeconfig)" 31 | 32 | installHelm $HELM_MODE 33 | 34 | kubectl get pods --all-namespaces 35 | -------------------------------------------------------------------------------- /test/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Run e2e tests 4 | 5 | set -o errexit 6 | 7 | export REPO_ROOT=$(git rev-parse --show-toplevel) 8 | export PATH="$REPO_ROOT/build/tools:$PATH" 9 | 10 | cd "${REPO_ROOT}/test/e2e/" 11 | bats -t . 12 | --------------------------------------------------------------------------------