├── cis-benchmark-crd └── fleet.yaml ├── cis-benchmark └── fleet.yaml ├── gatekeeper-crd └── fleet.yaml ├── gatekeeper └── fleet.yaml ├── istio └── fleet.yaml ├── kiali-crd └── fleet.yaml ├── kiali-server └── fleet.yaml ├── local-path-provisioner └── local-path-storage.yaml ├── logging-crd └── fleet.yaml ├── logging └── fleet.yaml ├── longhorn-crd └── fleet.yaml ├── longhorn └── fleet.yaml ├── monitoring-crd └── fleet.yaml ├── monitoring └── fleet.yaml ├── rancher-backup-crd └── fleet.yaml └── rancher-backup └── fleet.yaml /cis-benchmark-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cis-operator-system 2 | helm: 3 | releaseName: rancher-cis-benchmark-crd 4 | repo: https://charts.rancher.io 5 | chart: rancher-cis-benchmark-crd 6 | version: 1.0.400 -------------------------------------------------------------------------------- /cis-benchmark/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cis-operator-system 2 | helm: 3 | releaseName: rancher-cis-benchmark 4 | repo: https://charts.rancher.io 5 | chart: rancher-cis-benchmark 6 | version: 1.0.400 7 | values: 8 | resources: 9 | requests: 10 | cpu: 10m 11 | -------------------------------------------------------------------------------- /gatekeeper-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-gatekeeper-system 2 | helm: 3 | releaseName: rancher-gatekeeper-crd 4 | repo: https://charts.rancher.io 5 | chart: rancher-gatekeeper-crd 6 | version: 3.3.001 7 | diff: 8 | comparePatches: 9 | - apiVersion: policy/v1beta1 10 | kind: PodSecurityPolicy 11 | operations: 12 | - {"op":"remove", "path":"/spec/hostIPC"} 13 | - {"op":"remove", "path":"/spec/hostNetwork"} 14 | - {"op":"remove", "path":"/spec/hostPID"} 15 | - {"op":"remove", "path":"/spec/privileged"} 16 | - {"op":"remove", "path":"/spec/readOnlyRootFilesystem"} 17 | -------------------------------------------------------------------------------- /gatekeeper/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-gatekeeper-system 2 | diff: 3 | comparePatches: 4 | - apiVersion: apps/v1 5 | kind: Deployment 6 | name: gatekeeper-audit 7 | namespace: cattle-gatekeeper-system 8 | operations: 9 | - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"} 10 | - {"op": "remove", "path": "/spec/template/spec/tolerations"} 11 | - apiVersion: apps/v1 12 | kind: Deployment 13 | name: gatekeeper-controller-manager 14 | namespace: cattle-gatekeeper-system 15 | operations: 16 | - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"} 17 | - {"op": "remove", "path": "/spec/template/spec/tolerations"} 18 | - apiVersion: admissionregistration.k8s.io/v1beta1 19 | kind: ValidatingWebhookConfiguration 20 | name: gatekeeper-validating-webhook-configuration 21 | operations: 22 | - {"op": "remove", "path":"/webhooks"} 23 | helm: 24 | chart: rancher-gatekeeper 25 | releaseName: rancher-gatekeeper 26 | repo: https://charts.rancher.io 27 | version: 3.3.001 28 | values: 29 | replicas: 1 30 | resources: 31 | requests: 32 | cpu: 10m 33 | -------------------------------------------------------------------------------- /istio/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: istio-system 2 | helm: 3 | releaseName: rancher-istio 4 | repo: https://charts.rancher.io 5 | chart: rancher-istio 6 | -------------------------------------------------------------------------------- /kiali-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: istio-system 2 | helm: 3 | releaseName: rancher-kiali-server-crd 4 | repo: https://charts.rancher.io 5 | chart: rancher-kiali-server-crd 6 | version: 1.32.100 7 | -------------------------------------------------------------------------------- /kiali-server/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: istio-system 2 | helm: 3 | releaseName: rancher-kiali-server 4 | repo: https://charts.rancher.io 5 | chart: rancher-kiali-server 6 | version: 1.32.100 7 | -------------------------------------------------------------------------------- /local-path-provisioner/local-path-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: local-path-storage 5 | --- 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | name: local-path-provisioner-service-account 10 | namespace: local-path-storage 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: local-path-provisioner-role 16 | rules: 17 | - apiGroups: [""] 18 | resources: ["nodes", "persistentvolumeclaims", "configmaps"] 19 | verbs: ["get", "list", "watch"] 20 | - apiGroups: [""] 21 | resources: ["endpoints", "persistentvolumes", "pods"] 22 | verbs: ["*"] 23 | - apiGroups: [""] 24 | resources: ["events"] 25 | verbs: ["create", "patch"] 26 | - apiGroups: ["storage.k8s.io"] 27 | resources: ["storageclasses"] 28 | verbs: ["get", "list", "watch"] 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: ClusterRoleBinding 32 | metadata: 33 | name: local-path-provisioner-bind 34 | roleRef: 35 | apiGroup: rbac.authorization.k8s.io 36 | kind: ClusterRole 37 | name: local-path-provisioner-role 38 | subjects: 39 | - kind: ServiceAccount 40 | name: local-path-provisioner-service-account 41 | namespace: local-path-storage 42 | --- 43 | apiVersion: apps/v1 44 | kind: Deployment 45 | metadata: 46 | name: local-path-provisioner 47 | namespace: local-path-storage 48 | spec: 49 | replicas: 1 50 | selector: 51 | matchLabels: 52 | app: local-path-provisioner 53 | template: 54 | metadata: 55 | labels: 56 | app: local-path-provisioner 57 | spec: 58 | serviceAccountName: local-path-provisioner-service-account 59 | containers: 60 | - name: local-path-provisioner 61 | image: rancher/local-path-provisioner:v0.0.18 62 | imagePullPolicy: IfNotPresent 63 | command: 64 | - local-path-provisioner 65 | - --debug 66 | - start 67 | - --config 68 | - /etc/config/config.json 69 | volumeMounts: 70 | - name: config-volume 71 | mountPath: /etc/config/ 72 | env: 73 | - name: POD_NAMESPACE 74 | valueFrom: 75 | fieldRef: 76 | fieldPath: metadata.namespace 77 | volumes: 78 | - name: config-volume 79 | configMap: 80 | name: local-path-config 81 | --- 82 | apiVersion: storage.k8s.io/v1 83 | kind: StorageClass 84 | metadata: 85 | name: local-path 86 | provisioner: rancher.io/local-path 87 | volumeBindingMode: WaitForFirstConsumer 88 | reclaimPolicy: Delete 89 | --- 90 | kind: ConfigMap 91 | apiVersion: v1 92 | metadata: 93 | name: local-path-config 94 | namespace: local-path-storage 95 | data: 96 | config.json: |- 97 | { 98 | "nodePathMap":[ 99 | { 100 | "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES", 101 | "paths":["/opt/local-path-provisioner"] 102 | } 103 | ] 104 | } 105 | setup: |- 106 | #!/bin/sh 107 | while getopts "m:s:p:" opt 108 | do 109 | case $opt in 110 | p) 111 | absolutePath=$OPTARG 112 | ;; 113 | s) 114 | sizeInBytes=$OPTARG 115 | ;; 116 | m) 117 | volMode=$OPTARG 118 | ;; 119 | esac 120 | done 121 | 122 | mkdir -m 0777 -p ${absolutePath} 123 | teardown: |- 124 | #!/bin/sh 125 | while getopts "m:s:p:" opt 126 | do 127 | case $opt in 128 | p) 129 | absolutePath=$OPTARG 130 | ;; 131 | s) 132 | sizeInBytes=$OPTARG 133 | ;; 134 | m) 135 | volMode=$OPTARG 136 | ;; 137 | esac 138 | done 139 | 140 | rm -rf ${absolutePath} 141 | helperPod.yaml: |- 142 | apiVersion: v1 143 | kind: Pod 144 | metadata: 145 | name: helper-pod 146 | spec: 147 | containers: 148 | - name: helper-pod 149 | image: busybox 150 | 151 | 152 | -------------------------------------------------------------------------------- /logging-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | 2 | defaultNamespace: rancher-logging 3 | helm: 4 | releaseName: rancher-logging-crd 5 | repo: https://charts.rancher.io 6 | chart: rancher-logging-crd 7 | version: 3.9.400 8 | -------------------------------------------------------------------------------- /logging/fleet.yaml: -------------------------------------------------------------------------------- 1 | 2 | defaultNamespace: cattle-logging-system 3 | helm: 4 | repo: https://charts.rancher.io 5 | chart: rancher-logging 6 | releaseName: rancher-logging 7 | version: 3.9.400 8 | diff: 9 | comparePatches: 10 | - apiVersion: logging.banzaicloud.io/v1beta1 11 | kind: Logging 12 | name: rancher-logging 13 | operations: 14 | - {"op": "add", "path": "/spec/fluentbit", "value": '{resources":{"requests":{"cpu":"100m"}}}'} 15 | - {"op": "add", "path": "/spec/fluentd", "value": '{resources":{"requests":{"cpu":"100m"}}}'} 16 | -------------------------------------------------------------------------------- /longhorn-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | 2 | defaultNamespace: longhorn-system 3 | helm: 4 | repo: https://charts.rancher.io 5 | chart: longhorn-crd 6 | releaseName: longhorn-crd 7 | -------------------------------------------------------------------------------- /longhorn/fleet.yaml: -------------------------------------------------------------------------------- 1 | 2 | defaultNamespace: longhorn-system 3 | helm: 4 | repo: https://charts.rancher.io 5 | chart: longhorn 6 | releaseName: longhorn 7 | diff: 8 | comparePatches: 9 | - apiVersion: policy/v1beta1 10 | kind: PodSecurityPolicy 11 | operations: 12 | - {"op":"remove", "path":"/spec/hostIPC"} 13 | - {"op":"remove", "path":"/spec/hostNetwork"} 14 | - apiVersion: v1 15 | kind: Service 16 | name: longhorn-frontend 17 | namespace: longhorn-system 18 | operations: 19 | - {"op":"remove", "path":"/spec/ports/0"} -------------------------------------------------------------------------------- /monitoring-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-monitoring-system 2 | helm: 3 | releaseName: rancher-monitoring-crd 4 | chart: rancher-monitoring-crd 5 | repo: https://charts.rancher.io 6 | version: 14.5.100 7 | diff: 8 | comparePatches: 9 | - apiVersion: policy/v1beta1 10 | kind: PodSecurityPolicy 11 | operations: 12 | - {"op":"remove", "path":"/spec/hostIPC"} 13 | - {"op":"remove", "path":"/spec/hostNetwork"} 14 | - {"op":"remove", "path":"/spec/hostPID"} 15 | - {"op":"remove", "path":"/spec/privileged"} 16 | - {"op":"remove", "path":"/spec/readOnlyRootFilesystem"} 17 | -------------------------------------------------------------------------------- /monitoring/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-monitoring-system 2 | helm: 3 | releaseName: rancher-monitoring 4 | repo: https://charts.rancher.io 5 | chart: rancher-monitoring 6 | version: 14.5.100 7 | values: 8 | grafana: 9 | additionalDataSources: 10 | - name: "loki" 11 | type: "loki" 12 | url: "http://loki.loki.svc:3100" 13 | prometheusOperator: 14 | prometheusSpec: 15 | resources: 16 | requests: 17 | cpu: 10m 18 | diff: 19 | comparePatches: 20 | - apiVersion: admissionregistration.k8s.io/v1beta1 21 | kind: MutatingWebhookConfiguration 22 | name: rancher-monitoring-admission 23 | operations: 24 | - {"op":"remove", "path":"/webhooks"} 25 | - apiVersion: admissionregistration.k8s.io/v1beta1 26 | kind: ValidatingWebhookConfiguration 27 | name: rancher-monitoring-admission 28 | jsonPointers: 29 | - "/webhooks" 30 | - apiVersion: admissionregistration.k8s.io/v1 31 | kind: MutatingWebhookConfiguration 32 | name: rancher-monitoring-admission 33 | operations: 34 | - {"op":"remove", "path":"/webhooks"} 35 | - apiVersion: admissionregistration.k8s.io/v1 36 | kind: ValidatingWebhookConfiguration 37 | name: rancher-monitoring-admission 38 | jsonPointers: 39 | - "/webhooks" 40 | - apiVersion: policy/v1beta1 41 | kind: PodSecurityPolicy 42 | operations: 43 | - {"op":"remove", "path":"/spec/hostIPC"} 44 | - {"op":"remove", "path":"/spec/hostNetwork"} 45 | - {"op":"remove", "path":"/spec/hostPID"} 46 | - {"op":"remove", "path":"/spec/privileged"} 47 | - {"op":"remove", "path":"/spec/readOnlyRootFilesystem"} 48 | - apiVersion: apps/v1 49 | kind: Deployment 50 | name: rancher-monitoring-grafana 51 | namespace: cattle-monitoring-system 52 | operations: 53 | - {"op":"remove", "path":"/spec/template/spec/containers/0/env/0/value"} 54 | - apiVersion: apps/v1 55 | kind: Deployment 56 | operations: 57 | - {"op":"remove", "path":"/spec/template/spec/hostNetwork"} 58 | - {"op":"remove", "path":"/spec/template/spec/nodeSelector"} 59 | - {"op":"remove", "path":"/spec/template/spec/priorityClassName"} 60 | - {"op":"remove", "path":"/spec/template/spec/tolerations"} 61 | - apiVersion: v1 62 | kind: ServiceAccount 63 | operations: 64 | - {"op":"remove", "path":"/imagePullSecrets"} 65 | -------------------------------------------------------------------------------- /rancher-backup-crd/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-resources-system 2 | helm: 3 | releaseName: rancher-backup-crd 4 | repo: https://charts.rancher.io 5 | chart: rancher-backup-crd 6 | version: 1.0.400 7 | -------------------------------------------------------------------------------- /rancher-backup/fleet.yaml: -------------------------------------------------------------------------------- 1 | defaultNamespace: cattle-resources-system 2 | helm: 3 | releaseName: rancher-backup 4 | repo: https://charts.rancher.io 5 | chart: rancher-backup 6 | version: 1.0.400 7 | values: 8 | persistence: 9 | enabled: true 10 | storageClass: local-path 11 | --------------------------------------------------------------------------------