├── .github ├── dependabot.yml └── workflows │ └── main.yml ├── .travis.yml ├── README.md ├── bin ├── debug-host-pod └── debug-normal-pod ├── charts ├── charts │ ├── buildall │ ├── chronyd │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── requirements.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── daemonset.yaml │ │ │ ├── rolebinding.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ ├── console │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── requirements.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ └── deployment.yaml │ │ └── values.yaml │ ├── dhcpd │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── requirements.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ └── daemonset.yaml │ │ └── values.yaml │ ├── gitlab-runner-operator │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── deployment.yaml │ │ │ ├── flavor-clusterrole.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── runner-clusterrole.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ ├── grafana-misc-dashboards │ │ ├── Chart.yaml │ │ ├── files │ │ │ ├── ipmi.json │ │ │ ├── pvc-usage.json │ │ │ └── utilization.json │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── ipmi-configmap.yaml │ │ │ ├── pvc-usage-configmap.yaml │ │ │ └── utilization-configmap.yaml │ │ └── values.yaml │ ├── ipmi-exporter │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── requirements.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ ├── secret.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ ├── k8s-node-image │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── anaconda-deployment.yaml │ │ │ ├── anaconda-pdb.yaml │ │ │ ├── anaconda-service.yaml │ │ │ ├── ingress.yaml │ │ │ ├── k8s-node-deployment.yaml │ │ │ ├── k8s-node-pdb.yaml │ │ │ └── k8s-node-service.yaml │ │ └── values.yaml │ ├── k8s-node-image9 │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── anaconda-deployment.yaml │ │ │ ├── anaconda-pdb.yaml │ │ │ ├── anaconda-service.yaml │ │ │ ├── httproute.yaml │ │ │ ├── ingress.yaml │ │ │ ├── k8s-node-deployment.yaml │ │ │ ├── k8s-node-pdb.yaml │ │ │ └── k8s-node-service.yaml │ │ └── values.yaml │ ├── kubeupdater │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── bin │ │ │ └── kubeupdater │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── bin-configmap.yaml │ │ │ ├── daemonset.yaml │ │ │ ├── node-role.yaml │ │ │ ├── node-rolebinding.yaml │ │ │ ├── psp.yaml │ │ │ ├── repo-configmap.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ ├── magic-namespace │ │ ├── Chart.yaml │ │ ├── LICENSE │ │ ├── README.md │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── namespace.yaml │ │ │ ├── rolebindings.yaml │ │ │ └── serviceaccounts.yaml │ │ └── values.yaml │ ├── nginx-app │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── DISCLAIMER │ │ ├── LICENSE │ │ ├── README.md │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ ├── pixiecore-simpleconfig │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ ├── pixiecore │ │ ├── Chart.yaml │ │ ├── requirements.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── daemonset.yaml │ │ └── values.yaml │ ├── smartctl-exporter │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── requirements.yaml │ │ ├── rules │ │ │ └── rules.txt │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── daemonset.yaml │ │ │ ├── prometheusrule.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── servicemonitor.yaml │ │ └── values.yaml │ ├── tenant-namespace-operator │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── deployment.yaml │ │ │ ├── flavor-clusterrole.yaml │ │ │ ├── ic-clusterrole.yaml │ │ │ ├── ingressclass.yaml │ │ │ ├── leader-election-role-binding.yaml │ │ │ ├── leader-election-role.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── runner-clusterrole.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ └── tenant-namespace │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── certificate.yaml │ │ ├── gateway.yaml │ │ ├── gitlabrunner.yaml │ │ ├── ingress-nginx-clusterrolebinding.yaml │ │ ├── issuer.yaml │ │ ├── limitrange.yaml │ │ ├── nginx-ingress-role.yaml │ │ ├── nginx-ingress-rolebinding.yaml │ │ ├── operatorgroup.yaml │ │ ├── rbac-admin-group-rolebinding.yaml │ │ ├── resourcequota.yaml │ │ └── simple-restricted-networkpolicy.yaml │ │ └── values.yaml └── image-library-charts │ ├── Chart.yaml │ ├── build │ └── buildall ├── containers ├── anaconda-nginx │ ├── Dockerfile │ └── buildenv ├── anaconda-nginx9 │ ├── Dockerfile │ └── buildenv ├── anaconda │ ├── Dockerfile │ └── buildenv ├── anaconda9 │ ├── Dockerfile │ └── buildenv ├── build ├── chronyd │ ├── Dockerfile │ └── buildenv ├── curl-jq │ ├── Dockerfile │ └── buildenv ├── debug-toolbox │ ├── Dockerfile │ └── buildenv ├── dhcpd │ ├── Dockerfile │ └── buildenv ├── git │ ├── Dockerfile │ └── buildenv ├── gitlab-runner-operator │ ├── Dockerfile │ ├── LICENSE │ ├── buildenv │ ├── deploy │ │ └── crds │ │ │ ├── miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml │ │ │ └── miscscripts.pnnl.gov_gitlabrunners_crd.yaml │ ├── examples │ │ ├── miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml │ │ └── miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml │ ├── requirements.yml │ ├── roles │ │ └── gitlabrunner │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ └── main.yml │ │ │ ├── meta │ │ │ └── main.yml │ │ │ ├── tasks │ │ │ └── main.yml │ │ │ └── vars │ │ │ └── main.yml │ ├── volume.patch │ └── watches.yaml ├── inotify-tools │ ├── Dockerfile │ └── buildenv ├── ipmi-exporter │ ├── Dockerfile │ └── buildenv ├── ipmitool │ ├── Dockerfile │ └── buildenv ├── k8s-node-image-nginx │ ├── Dockerfile │ └── buildenv ├── k8s-node-image-nginx9 │ ├── Dockerfile │ └── buildenv ├── k8s-node-image │ ├── Dockerfile │ └── buildenv ├── k8s-node-image9 │ ├── Dockerfile │ └── buildenv ├── pixiecore │ ├── Dockerfile │ └── buildenv ├── py2lint │ ├── Dockerfile │ └── buildenv ├── rpmmacros ├── rpms-containerd │ ├── Dockerfile │ ├── buildenv │ └── docker-ce.repo ├── rpms-containerd9 │ ├── Dockerfile │ ├── buildenv │ └── docker-ce.repo ├── rpms-kubernetes │ ├── Dockerfile │ ├── buildenv │ └── kubernetes.repo ├── rpms-kubernetes9 │ ├── Dockerfile │ ├── buildenv │ └── kubernetes.repo ├── rpms-node-base │ ├── Dockerfile │ └── buildenv ├── rpms-node-base9 │ ├── Dockerfile │ └── buildenv ├── rpms-openvswitch │ ├── Dockerfile │ └── buildenv ├── rpms-openvswitch9 │ ├── Dockerfile │ └── buildenv ├── smartctl-exporter │ ├── Dockerfile │ ├── buildenv │ └── smartctl_exporter.yaml ├── tenant-namespace-operator │ ├── .gitignore │ ├── Dockerfile │ ├── LICENSE │ ├── Makefile │ ├── PROJECT │ ├── buildenv │ ├── config │ │ ├── crd │ │ │ ├── bases │ │ │ │ ├── miscscripts.pnnl.gov_tenantnamespaceflavors.yaml │ │ │ │ └── miscscripts.pnnl.gov_tenantnamespaces.yaml │ │ │ └── kustomization.yaml │ │ ├── default │ │ │ ├── kustomization.yaml │ │ │ ├── manager_auth_proxy_patch.yaml │ │ │ └── manager_config_patch.yaml │ │ ├── manager │ │ │ ├── kustomization.yaml │ │ │ └── manager.yaml │ │ ├── manifests │ │ │ └── kustomization.yaml │ │ ├── prometheus │ │ │ ├── kustomization.yaml │ │ │ └── monitor.yaml │ │ ├── rbac │ │ │ ├── auth_proxy_client_clusterrole.yaml │ │ │ ├── auth_proxy_role.yaml │ │ │ ├── auth_proxy_role_binding.yaml │ │ │ ├── auth_proxy_service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── leader_election_role.yaml │ │ │ ├── leader_election_role_binding.yaml │ │ │ ├── role.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── service_account.yaml │ │ │ ├── tenantnamespace_editor_role.yaml │ │ │ ├── tenantnamespace_viewer_role.yaml │ │ │ ├── tenantnamespaceflavor_editor_role.yaml │ │ │ └── tenantnamespaceflavor_viewer_role.yaml │ │ ├── samples │ │ │ ├── kustomization.yaml │ │ │ ├── miscscripts_v1beta1_tenantnamespace.yaml │ │ │ └── miscscripts_v1beta1_tenantnamespaceflavor.yaml │ │ └── scorecard │ │ │ ├── bases │ │ │ └── config.yaml │ │ │ ├── kustomization.yaml │ │ │ └── patches │ │ │ ├── basic.config.yaml │ │ │ └── olm.config.yaml │ ├── requirements.yml │ ├── roles │ │ ├── tenantnamespace │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── meta │ │ │ │ └── main.yml │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── vars │ │ │ │ └── main.yml │ │ └── tenantnamespacefin │ │ │ ├── README.md │ │ │ ├── defaults │ │ │ └── main.yml │ │ │ ├── handlers │ │ │ └── main.yml │ │ │ ├── meta │ │ │ └── main.yml │ │ │ ├── tasks │ │ │ └── main.yml │ │ │ └── vars │ │ │ └── main.yml │ └── watches.yaml └── xmlstarlet │ ├── Dockerfile │ └── buildenv ├── disclaimer.txt ├── license.txt ├── rpm.priv.enc └── rpm.pub /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | - package-ecosystem: "docker" 8 | directory: "/" 9 | schedule: 10 | interval: "daily" 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # miscscripts 2 | 3 | [![Build](https://github.com/pnnl-miscscripts/miscscripts/workflows/Build/badge.svg)](https://github.com/pnnl-miscscripts/miscscripts/actions?query=workflow%3ABuild) 4 | 5 | This repository houses a bunch of miscellaneous scripts, docker files, helm charts, etc that we have built up over time that could be useful to others. 6 | -------------------------------------------------------------------------------- /bin/debug-host-pod: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DEBUGTOOLBOXIMAGE=${DEBUGTOOLBOXIMAGE:-pnnlmiscscripts/debug-toolbox} 4 | 5 | mykubectl () { 6 | if [ "x$NAMESPACE" != "x" ]; then 7 | kubectl -n "$NAMESPACE" "$@" 8 | else 9 | kubectl "$@" 10 | fi 11 | } 12 | 13 | SERVICEACCOUNT=${SERVICEACCOUNT:-default} 14 | 15 | if [ "x$1" == "x" ]; then 16 | echo "Usage: $0 " 17 | exit -1 18 | fi 19 | 20 | echo Attaching debug container to hostname "$1" 21 | 22 | SHORT=$(echo $1 | tr '.' '-') 23 | 24 | cat <" 17 | exit -1 18 | fi 19 | 20 | echo Attaching debug container to hostname "$1" 21 | 22 | SHORT=$(echo $1 | tr '.' '-') 23 | 24 | cat < console.sh <<'EOF' 4 | #!/bin/bash 5 | kubectl attach -it $(kubectl get pods -l "host=$1" -o go-template='{{"{{"}}(index .items 0).metadata.name{{"}}"}}' -n "{{ .Release.Namespace }}") -n "{{ .Release.Namespace }}" 6 | EOF 7 | chmod +x console.sh 8 | 9 | cat > ipmi.sh <<'EOF' 10 | #!/bin/bash 11 | HOST="$1" 12 | shift 13 | kubectl exec -it $(kubectl get pods -l "host=$HOST" -o go-template='{{(index .items 0).metadata.name}}' -n console) -n console -- ipmitool "$@" 14 | EOF 15 | chmod +x ipmi.sh 16 | 17 | To use it to get into a console: 18 | 19 | ./console.sh 20 | 21 | To ipmi manage a machine: 22 | 23 | ./ipmi.sh power status 24 | ./ipmi.sh chassis bootdev pxe 25 | ./ipmi.sh power on 26 | ./ipmi.sh power off 27 | -------------------------------------------------------------------------------- /charts/charts/console/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "console.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "console.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "console.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/console/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for console. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | ipmitool: 6 | server: 7 | prefix: 8 | org: 9 | repo: 10 | tag: 11 | pullPolicy: IfNotPresent 12 | 13 | resources: {} 14 | # We usually recommend not to specify default resources and to leave this as a conscious 15 | # choice for the user. This also increases chances charts run on environments with little 16 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 17 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 18 | # limits: 19 | # cpu: 100m 20 | # memory: 128Mi 21 | # requests: 22 | # cpu: 100m 23 | # memory: 128Mi 24 | 25 | nodeSelector: {} 26 | 27 | tolerations: [] 28 | #- key: node-role.kubernetes.io/master 29 | # operator: Exists 30 | # effect: NoSchedule 31 | 32 | affinity: {} 33 | 34 | hosts: [] 35 | #- host: 36 | # ip: 37 | # secret: 38 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: dhcpd 2 | version: 0.4.0 3 | description: Super simple dhcp setup 4 | keywords: 5 | - dhcp 6 | - dhcpd 7 | sources: 8 | - https://github.com/pnnl-miscscripts/miscscripts 9 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/README.md: -------------------------------------------------------------------------------- 1 | # DHCPD 2 | 3 | The DHCPD chart launches a simple dhcpd server for your bare metal cluster. 4 | 5 | 6 | ## Install Chart 7 | 8 | To install the Chart into your Kubernetes cluster : 9 | 10 | ```bash 11 | helm install --namespace "dhcpd" --name "dhcpd" pnnl-miscscripts/dhcpd -f dhcpd-values.yaml 12 | ``` 13 | 14 | After installation succeeds, you can get a status of Chart 15 | 16 | ```bash 17 | helm status "dhcpd" 18 | ``` 19 | 20 | If you want to delete your Chart, use this command: 21 | 22 | ```bash 23 | helm delete --purge "dhcpd" 24 | ``` 25 | 26 | ### DHCPD configuration 27 | Set your interface(s) like: 28 | ```yaml 29 | interfaces: ['eth0'] 30 | ``` 31 | 32 | Add your subnets to the subnets list like: 33 | ```yaml 34 | config: 35 | subnets: 36 | - start: 172.22.0.0 37 | netmask: 255.255.255.0 38 | ``` 39 | 40 | Setup a group and add your hosts like: 41 | ```yaml 42 | config: 43 | groups: 44 | - domainName: example.com 45 | domainNameServers: [172.22.0.1] 46 | routers: [172.22.0.1] 47 | subnetMask: 255.255.255.0 48 | hosts: 49 | - name: c1 50 | mac: 00:01:02:aa:bb:cc 51 | ip: 172.22.0.3 52 | ``` 53 | 54 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: dhcpd 3 | version: 2.0.0 4 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 5 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pnnlmiscscripts.dhcp-full.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pnnlmiscscripts.dhcp-full.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pnnlmiscscripts.dhcp-full.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.manage }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} 6 | labels: 7 | heritage: {{ .Release.Service | quote }} 8 | release: {{ .Release.Name | quote }} 9 | chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} 10 | app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} 11 | data: 12 | dhcpd.conf: | 13 | default-lease-time {{ .Values.config.defaultLeaseTime }}; 14 | max-lease-time {{ .Values.config.maxLeaseTime }}; 15 | 16 | ddns-update-style {{ .Values.config.ddnsUpdateStyle }}; 17 | 18 | {{- range .Values.config.subnets }} 19 | subnet {{ .start }} netmask {{ .netmask }} { 20 | {{- if hasKey . "rangeStart" }} 21 | range {{ .rangeStart }} {{ .rangeEnd }}; 22 | {{- end }} 23 | } 24 | {{- end }} 25 | 26 | {{- range .Values.config.groups }} 27 | group { 28 | option routers {{ join ", " .routers }}; 29 | option domain-name "{{ .domainName }}"; 30 | option domain-name-servers {{ join ", " .domainNameServers }}; 31 | option subnet-mask {{ join ", " .subnetMask }}; 32 | {{- range .hosts }} 33 | host {{ .name }} { 34 | hardware ethernet {{ .mac }}; 35 | fixed-address {{ .ip }}; 36 | } 37 | {{- end }} 38 | } 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/charts/dhcpd/values.yaml: -------------------------------------------------------------------------------- 1 | dhcpd: 2 | imagePullPolicy: IfNotPresent 3 | 4 | resources: {} 5 | interfaces: [] 6 | 7 | config: 8 | manage: true 9 | 10 | defaultLeaseTime: 600 11 | maxLeaseTime: 7200 12 | ddnsUpdateStyle: none 13 | 14 | subnets: 15 | - start: 172.22.0.0 16 | netmask: 255.255.255.0 17 | #FIXME rangeStart/End should not be used until pv support is added. 18 | # rangeStart: 192.168.0.100 19 | # rangeEnd: 192.168.0.254 20 | groups: 21 | - domainName: example.com 22 | domainNameServers: [172.22.0.1] 23 | routers: [172.22.0.1] 24 | subnetMask: 255.255.255.0 25 | hosts: 26 | - name: c1 27 | mac: 00:01:02:aa:bb:cc 28 | ip: 172.22.0.3 29 | 30 | nodeSelector: {} 31 | 32 | tolerations: [] 33 | #- key: node-role.kubernetes.io/master 34 | # operator: Exists 35 | # effect: NoSchedule 36 | 37 | affinity: {} 38 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: gitlab-runner-operator 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.5 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 0.1.3-1 22 | 23 | keywords: 24 | - gitlab 25 | - gitlab-runner 26 | - runner 27 | - gitlab-runner-operator 28 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "gitlab-runner-operator.fullname" . }}-fl 5 | labels: 6 | {{ include "gitlab-runner-operator.labels" . | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - miscscripts.pnnl.gov 10 | resources: 11 | - 'clustergitlabrunnerflavors' 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: {{ include "gitlab-runner-operator.fullname" . }}-fl 5 | labels: 6 | {{ include "gitlab-runner-operator.labels" . | nindent 4 }} 7 | subjects: 8 | - kind: ServiceAccount 9 | name: {{ include "gitlab-runner-operator.serviceAccountName" . }} 10 | namespace: {{ .Release.Namespace }} 11 | roleRef: 12 | kind: ClusterRole 13 | name: {{ include "gitlab-runner-operator.fullname" . }}-fl 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: clustergitlabrunnerflavors-edit 5 | rules: 6 | - apiGroups: 7 | - miscscripts.pnnl.gov 8 | resources: 9 | - clustergitlabrunnerflavors 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - create 15 | - update 16 | - patch 17 | - delete 18 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | {{- if eq .Values.mode "cluster" }} 3 | kind: ClusterRole 4 | {{- else if eq .Values.mode "cluster" }} 5 | kind: Role 6 | {{- end }} 7 | metadata: 8 | name: {{ include "gitlab-runner-operator.fullname" . }} 9 | labels: 10 | {{ include "gitlab-runner-operator.labels" . | nindent 4 }} 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods 16 | - services 17 | - services/finalizers 18 | - endpoints 19 | - events 20 | - configmaps 21 | verbs: 22 | - create 23 | - delete 24 | - get 25 | - list 26 | - patch 27 | - update 28 | - watch 29 | - apiGroups: 30 | - apps 31 | resources: 32 | - deployments 33 | - replicasets 34 | verbs: 35 | - create 36 | - delete 37 | - get 38 | - list 39 | - patch 40 | - update 41 | - watch 42 | - apiGroups: 43 | - monitoring.coreos.com 44 | resources: 45 | - servicemonitors 46 | verbs: 47 | - get 48 | - create 49 | - apiGroups: 50 | - apps 51 | resourceNames: 52 | - gitlab-runner-operator 53 | resources: 54 | - deployments/finalizers 55 | verbs: 56 | - update 57 | - apiGroups: 58 | - "" 59 | resources: 60 | - pods 61 | verbs: 62 | - get 63 | - apiGroups: 64 | - apps 65 | resources: 66 | - replicasets 67 | - deployments 68 | verbs: 69 | - get 70 | - apiGroups: 71 | - miscscripts.pnnl.gov 72 | resources: 73 | - '*' 74 | verbs: 75 | - create 76 | - delete 77 | - get 78 | - list 79 | - patch 80 | - update 81 | - watch 82 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | {{- if eq .Values.mode "cluster" }} 3 | kind: ClusterRoleBinding 4 | {{- else if eq .Values.mode "cluster" }} 5 | kind: RoleBinding 6 | {{- end }} 7 | metadata: 8 | name: {{ include "gitlab-runner-operator.fullname" . }} 9 | labels: 10 | {{ include "gitlab-runner-operator.labels" . | nindent 4 }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ include "gitlab-runner-operator.serviceAccountName" . }} 14 | {{- if eq .Values.mode "cluster" }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | roleRef: 18 | {{- if eq .Values.mode "cluster" }} 19 | kind: ClusterRole 20 | {{- else if eq .Values.mode "cluster" }} 21 | kind: Role 22 | {{- end}} 23 | name: {{ include "gitlab-runner-operator.fullname" . }} 24 | apiGroup: rbac.authorization.k8s.io 25 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: gitlabrunner-edit 5 | labels: 6 | {{- if .Values.rbac.aggregate }} 7 | # Add these permissions to the "admin" and "edit" default roles. 8 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 9 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 10 | {{- end }} 11 | rules: 12 | - apiGroups: 13 | - miscscripts.pnnl.gov 14 | resources: 15 | - gitlabrunners 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - create 21 | - update 22 | - patch 23 | - delete 24 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gitlab-runner-operator.serviceAccountName" . }} 6 | labels: 7 | {{- include "gitlab-runner-operator.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/charts/gitlab-runner-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for gitlab-runner-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | mode: cluster # or namespaced. Note, only cluster is currently been tested. 6 | 7 | rbac: 8 | # Allow admin/edit roles to create runners without extra bindings. 9 | aggregate: true 10 | 11 | replicaCount: 1 12 | 13 | image: 14 | repository: pnnlmiscscripts/gitlab-runner-operator 15 | pullPolicy: IfNotPresent 16 | # Overrides the image tag whose default is the chart appVersion. 17 | tag: "" 18 | 19 | imagePullSecrets: [] 20 | nameOverride: "" 21 | fullnameOverride: "" 22 | 23 | serviceAccount: 24 | # Specifies whether a service account should be created 25 | create: true 26 | # Annotations to add to the service account 27 | annotations: {} 28 | # The name of the service account to use. 29 | # If not set and create is true, a name is generated using the fullname template 30 | name: "" 31 | 32 | podAnnotations: {} 33 | 34 | podSecurityContext: {} 35 | # fsGroup: 2000 36 | 37 | securityContext: {} 38 | # capabilities: 39 | # drop: 40 | # - ALL 41 | # readOnlyRootFilesystem: true 42 | # runAsNonRoot: true 43 | # runAsUser: 1000 44 | 45 | resources: {} 46 | # We usually recommend not to specify default resources and to leave this as a conscious 47 | # choice for the user. This also increases chances charts run on environments with little 48 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 49 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 50 | # limits: 51 | # cpu: 100m 52 | # memory: 128Mi 53 | # requests: 54 | # cpu: 100m 55 | # memory: 128Mi 56 | 57 | nodeSelector: {} 58 | 59 | tolerations: [] 60 | 61 | affinity: {} 62 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: grafana-misc-dashboards 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.3.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 0.3.0 22 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "grafana-misc-dashboards.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "grafana-misc-dashboards.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "grafana-misc-dashboards.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "grafana-misc-dashboards.labels" -}} 38 | helm.sh/chart: {{ include "grafana-misc-dashboards.chart" . }} 39 | {{ include "grafana-misc-dashboards.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "grafana-misc-dashboards.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "grafana-misc-dashboards.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ipmi.enabled -}} 2 | {{- $fullName := include "grafana-misc-dashboards.fullname" . -}} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "grafana-misc-dashboards.fullname" . }}-ipmi 7 | labels: 8 | {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} 9 | {{- with .Values.extraLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.extraAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | data: 17 | {{ include "grafana-misc-dashboards.fullname" . }}-ipmi.json: |- 18 | {{- .Files.Get "files/ipmi.json" | nindent 4 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pvcUsage.enabled -}} 2 | {{- $fullName := include "grafana-misc-dashboards.fullname" . -}} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage 7 | labels: 8 | {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} 9 | {{- with .Values.extraLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.extraAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | data: 17 | {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage.json: |- 18 | {{- .Files.Get "files/pvc-usage.json" | nindent 4 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.utilization.enabled -}} 2 | {{- $fullName := include "grafana-misc-dashboards.fullname" . -}} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "grafana-misc-dashboards.fullname" . }}-utilization 7 | labels: 8 | {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} 9 | {{- with .Values.extraLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.extraAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | data: 17 | {{ include "grafana-misc-dashboards.fullname" . }}-utilization.json: |- 18 | {{- .Files.Get "files/utilization.json" | nindent 4 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/grafana-misc-dashboards/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for grafana-misc-dashboards. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | utilization: 6 | enabled: false 7 | pvcUsage: 8 | enabled: false 9 | ipmi: 10 | enabled: false 11 | 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | extraLabels: {} 16 | # grafana_dashboard: "1" 17 | extraAnnotations: {} 18 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: ipmi-exporter 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.1 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 0.1.1 22 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/README.md: -------------------------------------------------------------------------------- 1 | # ipmi-exporter chart 2 | 3 | This chart allows you to deploy the ipmi exporter. 4 | 5 | ## Install Chart 6 | 7 | To install the Chart into your Kubernetes cluster: 8 | 9 | ```bash 10 | helm install --namespace prometheus --name "ipmi-exporter" pnnl-miscscripts/ipmi-exporter" 11 | ``` 12 | 13 | After installation succeeds, you can get a status of Chart 14 | 15 | ```bash 16 | helm status "ipmi-exporter" 17 | ``` 18 | 19 | If you want to delete your Chart, use this command: 20 | 21 | ```bash 22 | helm delete "ipmi-expoerter" 23 | ``` 24 | 25 | ## Configuration 26 | set the value config: with any configuration as described here: 27 | https://github.com/soundcloud/ipmi_exporter#configuration 28 | 29 | An example is provided here: 30 | https://github.com/soundcloud/ipmi_exporter/blob/master/ipmi_remote.yml 31 | 32 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ipmi-exporter 3 | version: 2.0.0 4 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 5 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pnnlmiscscripts.ipmi-exporter-full.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:9290 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "pnnlmiscscripts.ipmi-exporter-full.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1 6 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 7 | apiVersion: networking.k8s.io/v1beta1 8 | {{- else -}} 9 | apiVersion: extensions/v1beta1 10 | {{- end }} 11 | kind: Ingress 12 | metadata: 13 | name: {{ $fullName }} 14 | labels: 15 | {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} 16 | {{- with .Values.ingress.annotations }} 17 | annotations: 18 | {{- toYaml . | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | {{- if .Values.ingress.tls }} 22 | tls: 23 | {{- range .Values.ingress.tls }} 24 | - hosts: 25 | {{- range .hosts }} 26 | - {{ . | quote }} 27 | {{- end }} 28 | secretName: {{ .secretName }} 29 | {{- end }} 30 | {{- end }} 31 | rules: 32 | {{- range .Values.ingress.hosts }} 33 | - host: {{ .host | quote }} 34 | http: 35 | paths: 36 | {{- range .paths }} 37 | - path: {{ . }} 38 | backend: 39 | serviceName: {{ $fullName }} 40 | servicePort: {{ $svcPort }} 41 | {{- end }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} 7 | data: 8 | ipmi.yaml: {{ toYaml .Values.config | b64enc }} 9 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/charts/ipmi-exporter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" . }} 6 | labels: 7 | {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | type: application 5 | name: k8s-node-image 6 | version: 0.2.0 7 | dependencies: 8 | - name: k8s-node-image-nginx-1-14 9 | version: 2.0.0 10 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 11 | - name: anaconda-nginx 12 | version: 2.0.0 13 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 14 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/README.md: -------------------------------------------------------------------------------- 1 | # K8S Node Image 2 | 3 | The k8s-node-image chart provides a a standalone image useful for installing 4 | bare metal nodes that can form a k8s cluster. 5 | 6 | This can be used in conjunction with pixiecore and dhcpd. 7 | 8 | ## Dependencies 9 | 10 | This chart requires nginx-ingress 0.22.0 or higher in the default config. To 11 | support older nginx-ingress, set ingress.regex=false. 12 | 13 | For other ingress controllers, you will need to annotate as needed to get 14 | rewriting to happen appropriately for your ingress controller. 15 | 16 | ## Install Chart 17 | 18 | To install the Chart into your Kubernetes cluster : 19 | 20 | ```bash 21 | helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image 22 | ``` 23 | 24 | After installation succeeds, you can get a status of Chart 25 | 26 | ```bash 27 | helm status 28 | ``` 29 | 30 | If you want to delete your Chart, use this command: 31 | 32 | ```bash 33 | helm delete --purge 34 | ``` 35 | 36 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $dot := . }} 2 | {{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} 3 | Contact information 4 | 5 | {{- range .Values.ingress.hosts }} 6 | {{- if . }} 7 | Repo: 8 | http://{{ . }}{{ $prefix }} 9 | Kernel: 10 | http://{{ . }}{{ $prefix }}/vmlinuz 11 | Initrd: 12 | http://{{ . }}{{ $prefix }}/initrd.img 13 | {{- else }} 14 | Repo: 15 | http://xx.xx.xx.xx{{ $prefix }} 16 | Kernel: 17 | http://xx.xx.xx.xx{{ $prefix }}/vmlinuz 18 | Initrd: 19 | http://xx.xx.xx.xx{{ $prefix }}/initrd.img 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/templates/anaconda-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if (gt (.Values.replicaCount | int) 1) }} 2 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: anaconda 8 | svc: anaconda 9 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} 15 | svc: anaconda 16 | minAvailable: {{ .Values.minAvailable }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/templates/anaconda-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: anaconda 8 | svc: anaconda 9 | spec: 10 | type: {{ .Values.anaconda.service.type }} 11 | ports: 12 | - port: {{ .Values.anaconda.service.port }} 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} 18 | svc: anaconda 19 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if (gt (.Values.replicaCount | int) 1) }} 2 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: k8s-node 8 | svc: k8s-node 9 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} 15 | svc: k8s-node 16 | minAvailable: {{ .Values.minAvailable }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/templates/k8s-node-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: k8s-node 8 | svc: k8s-node 9 | spec: 10 | type: {{ .Values.k8sNode.service.type }} 11 | ports: 12 | - port: {{ .Values.k8sNode.service.port }} 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} 18 | svc: k8s-node 19 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for k8s-node-image. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 2 6 | minAvailable: 1 7 | 8 | imagePullSecrets: [] 9 | nameOverride: "" 10 | fullnameOverride: "" 11 | 12 | anaconda: 13 | image: 14 | pullPolicy: IfNotPresent 15 | 16 | service: 17 | type: ClusterIP 18 | port: 80 19 | 20 | podAnnotations: {} 21 | 22 | k8sNode: 23 | prefix: "pnnlmiscscripts.k8s-node-image-nginx-1-14" 24 | image: 25 | pullPolicy: IfNotPresent 26 | 27 | service: 28 | type: ClusterIP 29 | port: 80 30 | 31 | podAnnotations: {} 32 | 33 | ingress: 34 | enabled: true 35 | enableVersionPrefix: true 36 | regex: true 37 | prefix: "" 38 | # className: "" 39 | annotations: {} 40 | # kubernetes.io/ingress.class: nginx 41 | # kubernetes.io/tls-acme: "true" 42 | hosts: [null] 43 | #- chart-example.local 44 | 45 | tls: [] 46 | # - secretName: chart-example-tls 47 | # hosts: 48 | # - chart-example.local 49 | 50 | resources: {} 51 | # We usually recommend not to specify default resources and to leave this as a conscious 52 | # choice for the user. This also increases chances charts run on environments with little 53 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 54 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 55 | # limits: 56 | # cpu: 100m 57 | # memory: 128Mi 58 | # requests: 59 | # cpu: 100m 60 | # memory: 128Mi 61 | 62 | nodeSelector: {} 63 | 64 | tolerations: [] 65 | 66 | affinity: {} 67 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | type: application 5 | name: k8s-node-image9 6 | version: 0.2.0 7 | dependencies: 8 | - name: k8s-node-image-nginx9-1-24 9 | version: 2.0.0 10 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 11 | - name: anaconda-nginx9 12 | version: 2.0.0 13 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 14 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/README.md: -------------------------------------------------------------------------------- 1 | # K8S Node Image 2 | 3 | The k8s-node-image chart provides a a standalone image useful for installing 4 | bare metal nodes that can form a k8s cluster. 5 | 6 | This can be used in conjunction with pixiecore and dhcpd. 7 | 8 | ## Dependencies 9 | 10 | This chart requires nginx-ingress 0.22.0 or higher in the default config. To 11 | support older nginx-ingress, set ingress.regex=false. 12 | 13 | For other ingress controllers, you will need to annotate as needed to get 14 | rewriting to happen appropriately for your ingress controller. 15 | 16 | ## Install Chart 17 | 18 | To install the Chart into your Kubernetes cluster : 19 | 20 | ```bash 21 | helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image 22 | ``` 23 | 24 | After installation succeeds, you can get a status of Chart 25 | 26 | ```bash 27 | helm status 28 | ``` 29 | 30 | If you want to delete your Chart, use this command: 31 | 32 | ```bash 33 | helm delete --purge 34 | ``` 35 | 36 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- $dot := . }} 2 | 3 | {{- if .Values.ingress.enabled }} 4 | {{- $ingressPrefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} 5 | Contact information 6 | 7 | {{- range .Values.ingress.hosts }} 8 | {{- if . }} 9 | Repo: 10 | http://{{ . }}{{ $ingressPrefix }} 11 | Kernel: 12 | http://{{ . }}{{ $ingressPrefix }}/vmlinuz 13 | Initrd: 14 | http://{{ . }}{{ $ingressPrefix }}/initrd.img 15 | {{- else }} 16 | Repo: 17 | http://xx.xx.xx.xx{{ $ingressPrefix }} 18 | Kernel: 19 | http://xx.xx.xx.xx{{ $ingressPrefix }}/vmlinuz 20 | Initrd: 21 | http://xx.xx.xx.xx{{ $ingressPrefix }}/initrd.img 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{- if .Values.httpRoute.enabled }} 27 | {{- $httpRoutePrefix := include "pnnlmiscscripts.k8s-node-image-full.httpRoute.prefix" . }} 28 | Contact information 29 | 30 | {{- range .Values.httpRoute.hostnames }} 31 | Repo: 32 | http://{{ . }}{{ $httpRoutePrefix }} 33 | Kernel: 34 | http://{{ . }}{{ $httpRoutePrefix }}/vmlinuz 35 | Initrd: 36 | http://{{ . }}{{ $httpRoutePrefix }}/initrd.img 37 | {{- else }} 38 | Repo: 39 | http://xx.xx.xx.xx{{ $httpRoutePrefix }} 40 | Kernel: 41 | http://xx.xx.xx.xx{{ $httpRoutePrefix }}/vmlinuz 42 | Initrd: 43 | http://xx.xx.xx.xx{{ $httpRoutePrefix }}/initrd.img 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if (gt (.Values.replicaCount | int) 1) }} 2 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: anaconda 8 | svc: anaconda 9 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} 15 | svc: anaconda 16 | minAvailable: {{ .Values.minAvailable }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/templates/anaconda-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: anaconda 8 | svc: anaconda 9 | spec: 10 | type: {{ .Values.anaconda.service.type }} 11 | ports: 12 | - port: {{ .Values.anaconda.service.port }} 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} 18 | svc: anaconda 19 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if (gt (.Values.replicaCount | int) 1) }} 2 | apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: k8s-node 8 | svc: k8s-node 9 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} 15 | svc: k8s-node 16 | minAvailable: {{ .Values.minAvailable }} 17 | {{- end }} -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/templates/k8s-node-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} 5 | labels: 6 | {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} 7 | app.kubernetes.io/component: k8s-node 8 | svc: k8s-node 9 | spec: 10 | type: {{ .Values.k8sNode.service.type }} 11 | ports: 12 | - port: {{ .Values.k8sNode.service.port }} 13 | targetPort: http 14 | protocol: TCP 15 | name: http 16 | selector: 17 | {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} 18 | svc: k8s-node 19 | -------------------------------------------------------------------------------- /charts/charts/k8s-node-image9/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for k8s-node-image. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 2 6 | minAvailable: 1 7 | 8 | imagePullSecrets: [] 9 | nameOverride: "" 10 | fullnameOverride: "" 11 | 12 | anaconda: 13 | image: 14 | pullPolicy: IfNotPresent 15 | 16 | service: 17 | type: ClusterIP 18 | port: 80 19 | 20 | podAnnotations: {} 21 | 22 | k8sNode: 23 | prefix: "pnnlmiscscripts.k8s-node-image-nginx9-1-24" 24 | image: 25 | pullPolicy: IfNotPresent 26 | 27 | service: 28 | type: ClusterIP 29 | port: 80 30 | 31 | podAnnotations: {} 32 | 33 | ingress: 34 | enabled: true 35 | enableVersionPrefix: true 36 | regex: true 37 | prefix: "" 38 | # className: "" 39 | annotations: {} 40 | # kubernetes.io/ingress.class: nginx 41 | # kubernetes.io/tls-acme: "true" 42 | hosts: [null] 43 | #- chart-example.local 44 | 45 | tls: [] 46 | # - secretName: chart-example-tls 47 | # hosts: 48 | # - chart-example.local 49 | 50 | httpRoute: 51 | enabled: false 52 | enableVersionPrefix: true 53 | prefix: "" 54 | annotations: {} 55 | 56 | parentRefs: [] 57 | #- name: gateway 58 | # sectionName: http 59 | 60 | hostnames: [] 61 | #- chart-example.local 62 | 63 | resources: {} 64 | # We usually recommend not to specify default resources and to leave this as a conscious 65 | # choice for the user. This also increases chances charts run on environments with little 66 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 67 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 68 | # limits: 69 | # cpu: 100m 70 | # memory: 128Mi 71 | # requests: 72 | # cpu: 100m 73 | # memory: 128Mi 74 | 75 | nodeSelector: {} 76 | 77 | tolerations: [] 78 | 79 | affinity: {} 80 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: kubeupdater 5 | version: 0.11.0 6 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/bin-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "kubeupdater.fullname" . }} 5 | labels: 6 | {{- include "kubeupdater.labels" . | nindent 4 }} 7 | data: 8 | kubeupdater: | 9 | #!/bin/bash 10 | 11 | {{- if eq .Values.mode "bootc" }} 12 | BINDIR=/var/kubeupdater 13 | {{- else }} 14 | BINDIR=/usr/bin 15 | {{- end }} 16 | MODE={{.Values.mode | quote}} 17 | CONFIGMAPNAME={{ include "kubeupdater.fullname-configmap" . }} 18 | 19 | function pre_upgrade { 20 | {{ .Values.extraPreUpgradeScript | indent 6 }} 21 | } 22 | 23 | function post_upgrade { 24 | {{ .Values.extraPostUpgradeScript | indent 6 }} 25 | } 26 | 27 | function finish_upgrade { 28 | {{ .Values.finishUpgradeScript | indent 6 }} 29 | } 30 | 31 | {{ .Files.Get "bin/kubeupdater" | indent 4 }} 32 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/node-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "kubeupdater.fullname" . }}-node 6 | namespace: kube-system 7 | labels: 8 | {{- include "kubeupdater.labels" . | nindent 4 }} 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - configmaps 14 | resourceNames: 15 | - {{ include "kubeupdater.fullname-configmap" . }} 16 | verbs: 17 | - get 18 | - watch 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/node-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "kubeupdater.fullname" . }}-node 6 | namespace: kube-system 7 | labels: 8 | {{- include "kubeupdater.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: {{ template "kubeupdater.fullname" . }}-node 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: Group 16 | name: system:nodes 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "kubeupdater.fullname" . }} 6 | labels: 7 | {{- include "kubeupdater.labels" . | nindent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: true 12 | allowPrivilegeEscalation: true 13 | allowedCapabilities: 14 | - '*' 15 | allowedHostPaths: 16 | - pathPrefix: '/usr/bin' 17 | readOnly: false 18 | volumes: 19 | - 'configMap' 20 | - 'hostPath' 21 | - 'secret' 22 | hostNetwork: true 23 | hostIPC: true 24 | hostPID: true 25 | runAsUser: 26 | rule: 'RunAsAny' 27 | seLinux: 28 | rule: 'RunAsAny' 29 | supplementalGroups: 30 | rule: 'RunAsAny' 31 | fsGroup: 32 | rule: 'RunAsAny' 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/repo-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "kubeupdater.fullname-configmap" . }} 5 | namespace: kube-system 6 | labels: 7 | {{- include "kubeupdater.labels" . | nindent 4 }} 8 | data: 9 | {{- if eq .Values.mode "bootc" }} 10 | image: {{ printf "%s:%s" .Values.bootc.image (.Values.bootc.tag | toString) | quote}} 11 | {{- else }} 12 | everything.repo: | 13 | {{- if hasKey .Values "rawConfig" }} 14 | {{ .Values.rawConfig | indent 4}} 15 | {{- else }} 16 | [everything] 17 | name=everything 18 | enabled=1 19 | baseurl={{ .Values.base }}{{ .Values.version }} 20 | gpgkey = file:///etc/pki/rpm-gpg/{{ .Values.localGPGFileName }} 21 | {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY 22 | gpgcheck = 1 23 | repo_gpgcheck = 1 24 | keepcache = 0 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "kubeupdater.fullname" . }} 6 | labels: 7 | {{- include "kubeupdater.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: ['policy'] 10 | resources: ['podsecuritypolicies'] 11 | verbs: ['use'] 12 | resourceNames: 13 | - {{ template "kubeupdater.fullname" . }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "kubeupdater.fullname" . }} 6 | labels: 7 | {{- include "kubeupdater.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ template "kubeupdater.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "kubeupdater.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "kubeupdater.serviceAccountName" . }} 6 | labels: 7 | {{- include "kubeupdater.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/charts/kubeupdater/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for kubeupdater. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | #rawConfig: | 6 | # [yourrepohere] 7 | # etcetc 8 | 9 | mode: yum 10 | 11 | # When mode=bootc 12 | bootc: 13 | image: "" 14 | tag: "" 15 | 16 | # When mode=yum 17 | base: https://changeme/ 18 | version: 1.16.8-nginx-2 19 | localGPGFileName: RPM-GPG-KEY-Rocky-9 20 | 21 | image: 22 | repository: alpine 23 | tag: 3.11 24 | pullPolicy: IfNotPresent 25 | 26 | imagePullSecrets: [] 27 | nameOverride: "" 28 | fullnameOverride: "" 29 | 30 | serviceAccount: 31 | # Specifies whether a service account should be created 32 | create: true 33 | # Annotations to add to the service account 34 | annotations: {} 35 | # The name of the service account to use. 36 | # If not set and create is true, a name is generated using the fullname template 37 | name: "" 38 | 39 | rbac: 40 | create: true 41 | 42 | podSecurityPolicy: 43 | enabled: true 44 | 45 | resources: {} 46 | # We usually recommend not to specify default resources and to leave this as a conscious 47 | # choice for the user. This also increases chances charts run on environments with little 48 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 49 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 50 | # limits: 51 | # cpu: 100m 52 | # memory: 128Mi 53 | # requests: 54 | # cpu: 100m 55 | # memory: 128Mi 56 | 57 | nodeSelector: {} 58 | 59 | tolerations: [] 60 | 61 | affinity: {} 62 | 63 | extraPreUpgradeScript: | 64 | echo "About to upgrade everything" 65 | extraPostUpgradeScript: | 66 | echo "Done upgrading" 67 | 68 | finishUpgradeScript: | 69 | reboot 70 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copied from helm stable repo. Maintainer switched. 2 | apiVersion: v1 3 | appVersion: 2.8.2 4 | description: Manage resources per namespace using Helm 5 | home: https://github.com/kubernetes/charts/tree/master/stable/magic-namespace 6 | maintainers: 7 | - email: kevin.fox@pnnl.gov 8 | name: kfox1111 9 | #- email: kent.rancourt@microsoft.com 10 | # name: krancour 11 | name: magic-namespace 12 | version: 0.5.4 13 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | The namespace "{{ .Release.Namespace }}" has been created if it didn't already exist. 3 | 4 | {{ if .Values.serviceAccounts -}} 5 | The following service accounts have been created in the namespace: 6 | {{- range .Values.serviceAccounts }} 7 | - {{ . }} 8 | {{- end }} 9 | {{ end }} 10 | {{ if .Values.roleBindings -}} 11 | The following role bindings have been created in the namespace: 12 | {{- range .Values.roleBindings }} 13 | - {{ .subject.kind }}[{{ .subject.name }}] --> {{ .role.kind }}[{{ .role.name }}] 14 | {{- end }} 15 | {{ end }} 16 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "magic-namespace.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "magic-namespace.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "magic-namespace.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey .Values "namespace" }} 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: {{ .Values.namespace }} 6 | {{- if hasKey .Values "namespaceAttributes" }} 7 | {{ toYaml .Values.namespaceAttributes | indent 2 }} 8 | {{ end -}} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/templates/rolebindings.yaml: -------------------------------------------------------------------------------- 1 | {{- $values := .Values }} 2 | {{- range .Values.roleBindings }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: RoleBinding 6 | metadata: 7 | name: {{ .name }} 8 | {{- if hasKey $values "namespace" }} 9 | namespace: {{ $values.namespace }} 10 | {{- end }} 11 | labels: 12 | chart: {{ template "magic-namespace.chart" $ }} 13 | release: {{ $.Release.Name }} 14 | heritage: {{ $.Release.Service }} 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: {{ .role.kind }} 18 | name: {{ .role.name }} 19 | subjects: 20 | - kind: {{ .subject.kind }} 21 | name: {{ .subject.name }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/templates/serviceaccounts.yaml: -------------------------------------------------------------------------------- 1 | {{- $values := .Values }} 2 | {{- range .Values.serviceAccounts }} 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: {{ . }} 8 | {{- if hasKey $values "namespace" }} 9 | namespace: {{ $values.namespace }} 10 | {{- end }} 11 | labels: 12 | chart: {{ template "magic-namespace.chart" $ }} 13 | release: {{ $.Release.Name }} 14 | heritage: {{ $.Release.Service }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/charts/magic-namespace/values.yaml: -------------------------------------------------------------------------------- 1 | ## Default values for magic-namespace 2 | 3 | # Uncomment and set to override the namespace that will be created. 4 | # namespace: default 5 | 6 | # Extra namespace attributes 7 | # namespaceAttributes: 8 | # Labels to be added to the namespace definition 9 | # labels: {} 10 | 11 | # Annotations to be added to the namespace definition 12 | # annotations: {} 13 | 14 | ## Optional additional ServiceAccounts 15 | serviceAccounts: [] 16 | # - some-service-account 17 | # - another-service-account 18 | 19 | ## Optional additional RoleBindings. It is a good idea to specify at least one 20 | ## to grant administrative permissions to a user or group. 21 | # roleBindings: 22 | # - name: admin-group-admin 23 | # role: 24 | # ## Valid values are "Role" or "ClusterRole" 25 | # kind: ClusterRole 26 | # name: admin 27 | # subject: 28 | # ## Valid values are "User", "Group", or "ServiceAccount" 29 | # kind: Group 30 | # name: 31 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | charts/ 23 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Simple Web service Chart 4 | name: nginx-app 5 | version: 0.1.2 6 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/DISCLAIMER: -------------------------------------------------------------------------------- 1 | This material was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the United States Department of Energy, nor Battelle, nor any of their employees, nor any jurisdiction or organization that has cooperated in the development of these materials, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness or any information, apparatus, product, software, or process disclosed, or represents that its use would not infringe privately owned rights. 2 | Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof, or Battelle Memorial Institute. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. 3 | PACIFIC NORTHWEST NATIONAL LABORATORY 4 | operated by 5 | BATTELLE 6 | for the 7 | UNITED STATES DEPARTMENT OF ENERGY 8 | under Contract DE-AC05-76RL01830 -------------------------------------------------------------------------------- /charts/charts/nginx-app/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright © 2019, Battelle Memorial Institute 2 | All rights reserved. 3 | 1. Battelle Memorial Institute (hereinafter Battelle) hereby grants permission to any person or entity lawfully obtaining a copy of this software and associated documentation files (hereinafter "the Software") to redistribute and use the Software in source and binary forms, with or without modification. Such person or entity may use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and may permit others to do so, subject to the following conditions: 4 | * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers. 5 | * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 6 | * Other than as used herein, neither the name Battelle Memorial Institute or Battelle may be used in any form whatsoever without the express written consent of Battelle. 7 | 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BATTELLE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 8 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/README.md: -------------------------------------------------------------------------------- 1 | # NGINX App chart 2 | 3 | This chart allows you to deploy a simple web application container running nginx, and provides a service and ingress to the application 4 | 5 | 6 | ## Install Chart 7 | 8 | To install the Chart into your Kubernetes cluster : 9 | 10 | ```bash 11 | helm install --name "mywebapp" pnnl-miscscripts/chronyd --set image.repository=nginx 12 | ``` 13 | 14 | After installation succeeds, you can get a status of Chart 15 | 16 | ```bash 17 | helm status "mywebapp" 18 | ``` 19 | 20 | If you want to delete your Chart, use this command: 21 | 22 | ```bash 23 | helm delete --purge "mywebapp" 24 | ``` 25 | 26 | 27 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nginx-app.fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get svc -w {{ template "nginx-app.fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nginx-app.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nginx-app.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pnnlmiscscripts.nginx-app.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pnnlmiscscripts.nginx-app.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pnnlmiscscripts.nginx-app.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} 5 | labels: 6 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 7 | chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | replicas: {{ .Values.replicaCount }} 12 | selector: 13 | matchLabels: 14 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 15 | release: {{ .Release.Name }} 16 | template: 17 | metadata: 18 | labels: 19 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 20 | release: {{ .Release.Name }} 21 | spec: 22 | containers: 23 | - name: {{ .Chart.Name }} 24 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 25 | imagePullPolicy: {{ .Values.image.pullPolicy }} 26 | ports: 27 | - name: http 28 | containerPort: 80 29 | protocol: TCP 30 | livenessProbe: 31 | httpGet: 32 | path: / 33 | port: http 34 | readinessProbe: 35 | httpGet: 36 | path: / 37 | port: http 38 | resources: 39 | {{ toYaml .Values.resources | indent 12 }} 40 | {{- with .Values.nodeSelector }} 41 | nodeSelector: 42 | {{ toYaml . | indent 8 }} 43 | {{- end }} 44 | {{- with .Values.affinity }} 45 | affinity: 46 | {{ toYaml . | indent 8 }} 47 | {{- end }} 48 | {{- with .Values.tolerations }} 49 | tolerations: 50 | {{ toYaml . | indent 8 }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "pnnlmiscscripts.nginx-app.fullname" . -}} 3 | {{- $ingressPath := .Values.ingress.path -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 10 | chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.ingress.annotations }} 14 | annotations: 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.ingress.tls }} 19 | tls: 20 | {{- range .Values.ingress.tls }} 21 | - hosts: 22 | {{- range .hosts }} 23 | - {{ . }} 24 | {{- end }} 25 | secretName: {{ .secretName }} 26 | {{- end }} 27 | {{- end }} 28 | rules: 29 | {{- range .Values.ingress.hosts }} 30 | - host: {{ . }} 31 | http: 32 | paths: 33 | - path: {{ $ingressPath }} 34 | backend: 35 | serviceName: {{ $fullName }} 36 | servicePort: http 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} 5 | labels: 6 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 7 | chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: {{ template "pnnlmiscscripts.nginx-app.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /charts/charts/nginx-app/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for nginx-app. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: nginx 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | service: 13 | type: ClusterIP 14 | port: 80 15 | 16 | ingress: 17 | enabled: true 18 | annotations: 19 | kubernetes.io/ingress.class: nginx 20 | path: / 21 | hosts: 22 | - nginx-app.example.com 23 | # tls: 24 | # - secretName: example-com-tls 25 | # hosts: 26 | # - nginx-app.example.com 27 | 28 | resources: {} 29 | # We usually recommend not to specify default resources and to leave this as a conscious 30 | # choice for the user. This also increases chances charts run on environments with little 31 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 32 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 33 | # limits: 34 | # cpu: 100m 35 | # memory: 128Mi 36 | # requests: 37 | # cpu: 100m 38 | # memory: 128Mi 39 | 40 | nodeSelector: {} 41 | 42 | tolerations: [] 43 | 44 | affinity: {} 45 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: Helm chart for simple config of pixiecore 4 | name: pixiecore-simpleconfig 5 | version: 0.6.0 6 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/README.md: -------------------------------------------------------------------------------- 1 | pixiecore-simpleconfig is a chart that lets you quickly setup a backend for pixiecore 2 | 3 | You can put the pixiecore json files directly into config, keyed by mac address. 4 | 5 | For example, to pxe boot 00:11:22:33, use values file: 6 | ```yaml 7 | config: 8 | "00:11:22:33": | 9 | { 10 | "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", 11 | "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], 12 | "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" 13 | } 14 | ``` 15 | 16 | Install like: 17 | ```console 18 | helm install pnnlmiscscripts/pixiecore-simpleconfig \ 19 | --name pixiecore-simpleconfig \ 20 | --namespace provision \ 21 | -f pixiecore-simpleconfig-values.yaml 22 | ``` 23 | 24 | Then point your pixiecore at the pixiecore-simpleconfig. 25 | 26 | The config value gets mapped directly to a configmap, so its possible to put other things in there such as kickstart files if that simplifies your setup. 27 | 28 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pnnlmiscscripts.pixiecore.simpleconfig.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pnnlmiscscripts.pixiecore.simpleconfig.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pnnlmiscscripts.pixiecore.simpleconfig.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} 5 | labels: 6 | app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} 7 | chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | data: 11 | {{- range $key, $value := .Values.config }} 12 | {{ $key | replace ":" "" | quote }}: | 13 | {{ $value | indent 4 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} 8 | helm.sh/chart: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | annotations: 12 | {{- toYaml .Values.ingress.annotations | nindent 4 }} 13 | spec: 14 | {{- if .Values.ingress.className }} 15 | ingressClassName: {{ .Values.ingress.className }} 16 | {{- end }} 17 | rules: 18 | - http: 19 | paths: 20 | - path: {{ .Values.ingress.path }} 21 | pathType: Prefix 22 | backend: 23 | service: 24 | name: {{ .Values.service.name }} 25 | port: 26 | name: http 27 | {{- if .Values.ingress.host }} 28 | host: {{ .Values.ingress.host | quote }} 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.service.name }} 5 | labels: 6 | app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} 7 | chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | externalIPs: 18 | {{ toYaml .Values.service.externalIPs | indent 4 }} 19 | selector: 20 | app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} 21 | release: {{ .Release.Name }} 22 | -------------------------------------------------------------------------------- /charts/charts/pixiecore-simpleconfig/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for pixiecore-simpleconfig. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: nginx 9 | tag: stable 10 | pullPolicy: IfNotPresent 11 | 12 | service: 13 | #externalIPs: [] 14 | type: ClusterIP 15 | name: pixiecore 16 | port: 80 17 | 18 | resources: {} 19 | # We usually recommend not to specify default resources and to leave this as a conscious 20 | # choice for the user. This also increases chances charts run on environments with little 21 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 22 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 23 | # limits: 24 | # cpu: 100m 25 | # memory: 128Mi 26 | # requests: 27 | # cpu: 100m 28 | # memory: 128Mi 29 | 30 | nodeSelector: {} 31 | 32 | tolerations: [] 33 | 34 | affinity: {} 35 | 36 | ingress: 37 | enabled: false 38 | #className: "" 39 | annotations: {} 40 | path: /v1/boot 41 | # host: example.com 42 | 43 | config: {} 44 | # "00:11:22:33": | 45 | # {pixiecore config here} 46 | # For example: 47 | # { 48 | # "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", 49 | # "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], 50 | # "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" 51 | # } 52 | 53 | -------------------------------------------------------------------------------- /charts/charts/pixiecore/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: pixiecore 2 | version: 0.3.0 3 | description: pixiecore 4 | maintainers: 5 | - name: Kevin Fox 6 | email: Kevin.Fox@pnnl.gov 7 | -------------------------------------------------------------------------------- /charts/charts/pixiecore/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: pixiecore 3 | version: 2.0.0 4 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 5 | -------------------------------------------------------------------------------- /charts/charts/pixiecore/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pnnlmiscscripts.pixiecore-full.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pnnlmiscscripts.pixiecore-full.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pnnlmiscscripts.pixiecore-full.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/pixiecore/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ template "pnnlmiscscripts.pixiecore-full.fullname" . }} 5 | labels: 6 | heritage: {{ .Release.Service | quote }} 7 | release: {{ .Release.Name | quote }} 8 | chart: {{ template "pnnlmiscscripts.pixiecore-full.chart" . }} 9 | app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} 10 | spec: 11 | selector: 12 | matchLabels: 13 | app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} 14 | updateStrategy: 15 | type: RollingUpdate 16 | template: 17 | metadata: 18 | labels: 19 | app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} 20 | spec: 21 | dnsPolicy: ClusterFirstWithHostNet 22 | hostNetwork: True 23 | nodeSelector: 24 | {{ toYaml .Values.nodeSelector | indent 8 }} 25 | containers: 26 | - name: main 27 | image: {{ dict "dot" . "section" .Values.pixiecore | include "pnnlmiscscripts.pixiecore.image" }} 28 | imagePullPolicy: {{ .Values.pixiecore.imagePullPolicy }} 29 | securityContext: 30 | capabilities: 31 | add: ["NET_ADMIN"] 32 | command: 33 | - /bin/sh 34 | - -ec 35 | - | 36 | {{- if .Values.listen.interface }} 37 | LISTENARG=-l; 38 | LISTENIP=$(ip a show dev {{ .Values.listen.interface }} | awk '{if($1 == "inet"){print $2}}' | sed 's@/.*@@'); 39 | {{- else if .Values.listen.ip }} 40 | LISTENARG=-l; 41 | LISTENIP={{ .Values.listen.ip }}; 42 | {{- else }} 43 | LISTENARG=""; 44 | LISTENIP=""; 45 | {{- end }} 46 | exec pixiecore api --dhcp-no-bind $LISTENARG $LISTENIP --port {{ .Values.port | quote }} {{ .Values.extraArgs | join " " }} {{ .Values.upstreamURL | quote }} 47 | resources: 48 | {{ toYaml .Values.resources | indent 10 }} 49 | -------------------------------------------------------------------------------- /charts/charts/pixiecore/values.yaml: -------------------------------------------------------------------------------- 1 | pixiecore: 2 | imagePullPolicy: IfNotPresent 3 | upstreamURL: http://pixiecore 4 | port: 9200 5 | nodeSelector: {} 6 | listen: 7 | interface: "" 8 | ip: "" 9 | extraArgs: [] 10 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "0.1.4" 3 | description: SmartCTL Exporter for Kubernetes 4 | name: smartctl-exporter 5 | version: 0.1.4 6 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/README.md: -------------------------------------------------------------------------------- 1 | # smartctl-exporter 2 | 3 | The smartctl-exporter chart launches smartctl-exporter on each node of the cluster. 4 | 5 | 6 | ## Install Chart 7 | 8 | To install the Chart into your Kubernetes cluster: 9 | 10 | ```bash 11 | kubectl create namespace smartctl-exporter 12 | helm upgrade --install --namespace "smartctl-exporter" smartctl-exporter pnnl-miscscripts/smartctl-exporter -f smartctl-exporter-values.yaml 13 | ``` 14 | 15 | After installation succeeds, you can get a status of Chart 16 | 17 | ```bash 18 | helm status "smartctl-exporter" 19 | ``` 20 | 21 | If you want to delete your Chart, use this command: 22 | 23 | ```bash 24 | helm delete "smartctl-exporter" 25 | ``` 26 | 27 | ### Chronyd configuration 28 | Set your smartctl-exporter config like: 29 | ```yaml 30 | config: 31 | devices: 32 | - /dev/sda 33 | - /dev/sdb 34 | ``` 35 | 36 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: smartctl-exporter 3 | version: 2.0.0 4 | repository: https://pnnl-miscscripts.github.io/image-library-charts/ 5 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/rules/rules.txt: -------------------------------------------------------------------------------- 1 | rules: 2 | - alert: SmartCTLDeviceMediaErrors 3 | expr: smartctl_device_media_errors != 0 4 | annotations: 5 | message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors 6 | for: 1m 7 | labels: 8 | severity: error 9 | - alert: SmartCTLDeviceCriticalWarning 10 | expr: smartctl_device_critical_warning != 0 11 | annotations: 12 | message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors 13 | for: 1m 14 | labels: 15 | severity: warning 16 | - alert: SmartCTLDeviceAvailableSpareUnderThreadhold 17 | expr: smartctl_device_available_spare_threshold > smartctl_device_available_spare 18 | annotations: 19 | message: Device {{ $labels.device }} on instance {{ $labels.instance }} is under available spare threashold. 20 | for: 1m 21 | labels: 22 | severity: warning 23 | - alert: SmartCTLDeviceStatus 24 | expr: smartctl_device_status != 1 25 | annotations: 26 | message: Device {{ $labels.device }} on instance {{ $labels.instance }} has a bad status 27 | for: 1m 28 | labels: 29 | severity: error 30 | - alert: SmartCTLDInterfaceSlow 31 | expr: smartctl_device_interface_speed{speed_type="current"} != on(device, instance, namespace, pod) smartctl_device_interface_speed{speed_type="max"} 32 | annotations: 33 | message: Device {{ $labels.device }} on instance {{ $labels.instance }} interface is slower then it should be 34 | for: 1m 35 | labels: 36 | severity: warning 37 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pnnlmiscscripts.smartctl-exporter.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pnnlmiscscripts.smartctl-exporter.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pnnlmiscscripts.smartctl-exporter.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey . "config" }} 2 | {{ toYaml .config }} 3 | {{- else }} 4 | 5 | {{- $global := . }} 6 | {{- $base := dict "config" .Values.config }} 7 | {{- $items := prepend .Values.extraInstances $base }} 8 | {{- range $idx, $item := $items }} 9 | {{- $config := mergeOverwrite $item.config $global.Values.common.config }} 10 | --- 11 | apiVersion: v1 12 | kind: ConfigMap 13 | metadata: 14 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} 15 | labels: 16 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} 17 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" $global }} 18 | release: {{ $global.Release.Name }} 19 | heritage: {{ $global.Release.Service }} 20 | idx: i{{ $idx }} 21 | data: 22 | smartctl_exporter.yaml: | 23 | smartctl_exporter: 24 | {{ toYaml $config | indent 6 }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheusRules.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }}.rules 6 | labels: 7 | app.kubernetes.io/name: {{ include "pnnlmiscscripts.smartctl-exporter.name" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- if ne (len .Values.prometheusRules.extraLabels) 0 }} 13 | {{ toYaml .Values.prometheusRules.extraLabels | indent 4 }} 14 | {{- end }} 15 | {{- if hasKey .Values.prometheusRules "namespace" }} 16 | namespace: {{ .Values.prometheusRules.namespace }} 17 | {{- end }} 18 | spec: 19 | groups: 20 | - name: smartctl-exporter.rules 21 | {{ .Files.Get "rules/rules.txt" | indent 4 }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} 6 | labels: 7 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 8 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ .Values.rbac.podSecurityPolicy }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} 5 | labels: 6 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 7 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: http 15 | protocol: TCP 16 | name: http 17 | externalIPs: 18 | {{ toYaml .Values.service.externalIPs | indent 4 }} 19 | selector: 20 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 21 | release: {{ .Release.Name }} 22 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} 6 | labels: 7 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 8 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} 6 | labels: 7 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 8 | chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- if ne (len .Values.serviceMonitor.extraLabels) 0 }} 12 | {{ toYaml .Values.serviceMonitor.extraLabels | indent 4 }} 13 | {{- end }} 14 | {{- if hasKey .Values.serviceMonitor "namespace" }} 15 | namespace: {{ .Values.serviceMonitor.namespace }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - interval: 60s 20 | path: /metrics 21 | port: http 22 | scheme: http 23 | scrapeTimeout: 30s 24 | namespaceSelector: 25 | matchNames: 26 | - {{ .Release.Namespace }} 27 | selector: 28 | matchLabels: 29 | app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} 30 | release: {{ .Release.Name }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/charts/smartctl-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | devices: 3 | - /dev/sda 4 | 5 | extraInstances: [] 6 | #- config: 7 | # devices: 8 | # - /dev/nvme0n1 9 | # nodeSelector: 10 | # type: other 11 | 12 | common: 13 | config: 14 | bind_to: "0.0.0.0:9633" 15 | url_path: "/metrics" 16 | smartctl_location: /usr/sbin/smartctl 17 | collect_not_more_than_period: 120s 18 | 19 | serviceMonitor: 20 | enabled: false 21 | # Specify namespace to load the monitor if not in the same namespace 22 | # namespace: prometheus-operator 23 | # Add Extra labels if needed. Prometeus operator may need them to find it. 24 | extraLabels: {} 25 | # release: prometheus-operator 26 | 27 | prometheusRules: 28 | enabled: false 29 | # Specify namespace to load the monitor if not in the same namespace 30 | # namespace: prometheus-operator 31 | # Add Extra labels if needed. Prometeus operator may need them to find it. 32 | extraLabels: {} 33 | # release: prometheus-operator 34 | 35 | image: 36 | pullPolicy: IfNotPresent 37 | 38 | rbac: 39 | create: true 40 | podSecurityPolicy: unrestricted-psp 41 | 42 | resources: {} 43 | # We usually recommend not to specify default resources and to leave this as a conscious 44 | # choice for the user. This also increases chances charts run on environments with little 45 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 46 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 47 | # limits: 48 | # cpu: 100m 49 | # memory: 128Mi 50 | # requests: 51 | # cpu: 100m 52 | # memory: 128Mi 53 | 54 | nodeSelector: {} 55 | 56 | tolerations: 57 | - key: CriticalAddonsOnly 58 | operator: Exists 59 | - operator: Exists 60 | - effect: NoSchedule 61 | key: node-role.kubernetes.io/master 62 | 63 | affinity: {} 64 | 65 | service: 66 | type: ClusterIP 67 | port: 80 68 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: tenant-namespace-operator 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.23 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 0.1.19-1 22 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "tenant-namespace-operator.fullname" . }}-fl 5 | labels: 6 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - miscscripts.pnnl.gov 10 | resources: 11 | - tenantnamespaceflavors 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - namespaces 20 | - resourcequotas 21 | - limitranges 22 | verbs: 23 | - "*" 24 | - apiGroups: 25 | - rbac.authorization.k8s.io 26 | resources: 27 | - rolebindings 28 | - clusterroles 29 | - clusterrolebindings 30 | verbs: 31 | - "*" 32 | - apiGroups: 33 | - networking.k8s.io 34 | resources: 35 | - networkpolicies 36 | verbs: 37 | - "*" 38 | - apiGroups: 39 | - extensions 40 | - "networking.k8s.io" # k8s 1.14+ 41 | resources: 42 | - ingresses/status 43 | verbs: 44 | - update 45 | - apiGroups: 46 | - networking.k8s.io 47 | resources: 48 | - ingressclasses 49 | verbs: 50 | - get 51 | - list 52 | - watch 53 | - apiGroups: 54 | - discovery.k8s.io 55 | resources: 56 | - endpointslices 57 | verbs: 58 | - get 59 | - list 60 | - watch 61 | - apiGroups: 62 | - operators.coreos.com 63 | resources: 64 | - operatorgroups 65 | - subscriptions 66 | verbs: 67 | - "*" 68 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "tenant-namespace-operator.fullname" . }}-fl 6 | labels: 7 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ include "tenant-namespace-operator.serviceAccountName" . }} 11 | namespace: {{ .Release.Namespace }} 12 | roleRef: 13 | kind: ClusterRole 14 | name: {{ include "tenant-namespace-operator.fullname" . }}-fl 15 | apiGroup: rbac.authorization.k8s.io 16 | 17 | --- 18 | #This is needed so that it can give out admin access to things it creates 19 | kind: ClusterRoleBinding 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | metadata: 22 | name: {{ include "tenant-namespace-operator.fullname" . }}-adm 23 | labels: 24 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 25 | subjects: 26 | - kind: ServiceAccount 27 | name: {{ include "tenant-namespace-operator.serviceAccountName" . }} 28 | namespace: {{ .Release.Namespace }} 29 | roleRef: 30 | kind: ClusterRole 31 | name: admin 32 | apiGroup: rbac.authorization.k8s.io 33 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: tenantnamespaceflavors-edit 6 | rules: 7 | - apiGroups: 8 | - miscscripts.pnnl.gov 9 | resources: 10 | - tenantnamespaceflavors 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "tenant-namespace-operator.fullname" . }}-ic 5 | labels: 6 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - networking.k8s.io 10 | resources: 11 | - ingressclasses 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingressClass.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: IngressClass 4 | metadata: 5 | name: {{ .Values.ingressClass.name }} 6 | labels: 7 | {{- include "tenant-namespace-operator.labels" . | nindent 4 }} 8 | spec: 9 | controller: k8s.io/ingress-nginx 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "tenant-namespace-operator.fullname" . }}-le 6 | labels: 7 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ include "tenant-namespace-operator.serviceAccountName" . }} 11 | namespace: {{ .Release.Namespace }} 12 | roleRef: 13 | kind: Role 14 | name: {{ include "tenant-namespace-operator.fullname" . }}-le 15 | apiGroup: rbac.authorization.k8s.io 16 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "tenant-namespace-operator.fullname" . }}-le 6 | labels: 7 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - coordination.k8s.io 11 | resources: 12 | - leases 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | {{- if eq .Values.mode "cluster" }} 3 | kind: ClusterRole 4 | {{- else if eq .Values.mode "cluster" }} 5 | kind: Role 6 | {{- end }} 7 | metadata: 8 | name: {{ include "tenant-namespace-operator.fullname" . }} 9 | labels: 10 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods 16 | - services 17 | - services/finalizers 18 | - endpoints 19 | - events 20 | - configmaps 21 | verbs: 22 | - create 23 | - delete 24 | - get 25 | - list 26 | - patch 27 | - update 28 | - watch 29 | - apiGroups: 30 | - apps 31 | resources: 32 | - deployments 33 | - replicasets 34 | verbs: 35 | - create 36 | - delete 37 | - get 38 | - list 39 | - patch 40 | - update 41 | - watch 42 | # needed for ingress leader election pre 1.24 43 | - apiGroups: 44 | - coordination.k8s.io 45 | resources: 46 | - leases 47 | verbs: 48 | - get 49 | - list 50 | - watch 51 | - create 52 | - update 53 | - patch 54 | - delete 55 | - apiGroups: 56 | - monitoring.coreos.com 57 | resources: 58 | - servicemonitors 59 | - prometheusrules 60 | verbs: 61 | - get 62 | - create 63 | - list 64 | - delete 65 | - patch 66 | - update 67 | - watch 68 | - apiGroups: 69 | - apps 70 | resourceNames: 71 | - tenant-namespace-operator 72 | resources: 73 | - deployments/finalizers 74 | verbs: 75 | - update 76 | - apiGroups: 77 | - "" 78 | resources: 79 | - pods 80 | verbs: 81 | - get 82 | - apiGroups: 83 | - apps 84 | resources: 85 | - replicasets 86 | - deployments 87 | verbs: 88 | - get 89 | - apiGroups: 90 | - miscscripts.pnnl.gov 91 | resources: 92 | - '*' 93 | verbs: 94 | - create 95 | - delete 96 | - get 97 | - list 98 | - patch 99 | - update 100 | - watch 101 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | {{- if eq .Values.mode "cluster" }} 3 | kind: ClusterRoleBinding 4 | {{- else if eq .Values.mode "cluster" }} 5 | kind: RoleBinding 6 | {{- end }} 7 | metadata: 8 | name: {{ include "tenant-namespace-operator.fullname" . }} 9 | labels: 10 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ include "tenant-namespace-operator.serviceAccountName" . }} 14 | {{- if eq .Values.mode "cluster" }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | roleRef: 18 | {{- if eq .Values.mode "cluster" }} 19 | kind: ClusterRole 20 | {{- else if eq .Values.mode "cluster" }} 21 | kind: Role 22 | {{- end}} 23 | name: {{ include "tenant-namespace-operator.fullname" . }} 24 | apiGroup: rbac.authorization.k8s.io 25 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: tenantnamespace-edit 5 | labels: 6 | {{- if .Values.rbac.aggregate }} 7 | # Add these permissions to the "admin" and "edit" default roles. 8 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 9 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 10 | {{- end }} 11 | rules: 12 | - apiGroups: 13 | - miscscripts.pnnl.gov 14 | resources: 15 | - tenantnamespaces 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - create 21 | - update 22 | - patch 23 | - delete 24 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "tenant-namespace-operator.serviceAccountName" . }} 6 | labels: 7 | {{ include "tenant-namespace-operator.labels" . | nindent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | type: application 3 | description: Chart for setting up a tenants namespace with all the goodies 4 | name: tenant-namespace 5 | version: 0.8.1 6 | appVersion: "1.0" 7 | dependencies: 8 | - name: magic-namespace 9 | alias: adminmagicnamespace 10 | version: "0.5.4" 11 | repository: "https://pnnl-miscscripts.github.io/charts" 12 | condition: adminmagicnamespace.enabled 13 | - name: magic-namespace 14 | alias: magicnamespace 15 | version: "0.5.4" 16 | repository: "https://pnnl-miscscripts.github.io/charts" 17 | - name: ingress-nginx 18 | alias: ingress 19 | version: "4.2.3" 20 | repository: "https://kubernetes.github.io/ingress-nginx" 21 | condition: ingress.nginx.enabled 22 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/README.md: -------------------------------------------------------------------------------- 1 | tenant-namespace is a chart that lets you quickly provision a namespace for a 2 | tenant 3 | 4 | TL;DR; 5 | 6 | First, put whatever cluster specific default values into 7 | mycluster-tenant-namespace-values.yaml 8 | 9 | ```console 10 | read -p 'Enter Tenant name: ' tenant 11 | helm install namespace --name $tenant --namespace ${tenant}-admin \ 12 | -f mycluster-tenant-namespace-values.yaml \ 13 | --set magicnamespace.namespace=$tenant \ 14 | --set ingress.controller.scope.namespace=$tenant 15 | ``` 16 | 17 | To get the ci secret to put into your ci system, you can do something like: 18 | ```console 19 | kubectl get secret -n $tenant $(kubectl get serviceaccount -n $tenant ci -o go-template='{{ (index .secrets 0).name }}') -o go-template='{{ .data.token | base64decode }}{{ printf "\n" }}' 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ $nks := lookup "v1" "Namespace" "" "kube-system" }} 2 | {{ if gt (len $nks) 0 }} 3 | {{ if $nks.metadata.labels }} 4 | {{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} 5 | {{ fail "You must first run: kubectl label namespace kube-system kubernetes.io/metadata.name=kube-system"}} 6 | {{ end }} 7 | {{ end }} 8 | {{ end }} 9 | 10 | {{ $nks := lookup "v1" "Namespace" "" .Values.magicnamespace.namespace }} 11 | {{ if gt (len $nks) 0 }} 12 | {{ if $nks.metadata.labels }} 13 | {{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} 14 | {{ fail (printf "You must first run: kubectl label namespace %s kubernetes.io/metadata.name=%s" .Values.magicnamespace.namespace .Values.magicnamespace.namespace) }} 15 | {{ end }} 16 | {{ end }} 17 | {{ end }} 18 | 19 | {{ if not .Values.ingress.clusterRole }} 20 | You need to ensure there is a ClusterRoleBinding that lets ingress-nginx read ingress classes globally bound to: 21 | ``` 22 | subjects: 23 | - kind: ServiceAccount 24 | name: {{ .Release.Name }}-ingress 25 | namespace: {{ .Release.Namespace }} 26 | ``` 27 | {{ end }} 28 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "namespace.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "namespace.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "namespace.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "namespace.labels" -}} 38 | helm.sh/chart: {{ include "namespace.chart" . }} 39 | {{ include "namespace.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end }} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "namespace.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "namespace.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.letsencrypt.enabled }} 2 | {{- $name := .Values.magicnamespace.namespace }} 3 | apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | name: default-tls 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{- include "namespace.labels" . | nindent 4 }} 10 | spec: 11 | secretName: default-tls 12 | dnsNames: 13 | - {{ $name }}.{{ .Values.subdomain }} 14 | - "*.{{ $name }}.{{ .Values.subdomain }}" 15 | issuerRef: 16 | name: letsencrypt-production 17 | kind: Issuer 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.gateway.enabled }} 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: Gateway 4 | metadata: 5 | name: {{ .Values.gateway.name }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | gatewayClassName: {{ .Values.gateway.className }} 11 | listeners: 12 | {{- if .Values.gateway.httpListener.enabled }} 13 | - allowedRoutes: 14 | namespaces: 15 | from: Selector 16 | selector: 17 | matchLabels: 18 | kubernetes.io/metadata.name: {{ .Values.magicnamespace.namespace }} 19 | name: http 20 | port: 80 21 | protocol: HTTP 22 | {{- end }} 23 | {{- if .Values.gateway.httpsListener.enabled }} 24 | - allowedRoutes: 25 | namespaces: 26 | from: Selector 27 | selector: 28 | matchLabels: 29 | kubernetes.io/metadata.name: {{ .Values.magicnamespace.namespace }} 30 | name: https 31 | port: 443 32 | protocol: HTTPS 33 | tls: 34 | mode: Terminate 35 | certificateRefs: 36 | {{- with .Values.gateway.httpsListener.certificateRefs }} 37 | {{- toYaml . | nindent 10 }} 38 | {{- end }} 39 | {{- end }} 40 | {{- with .Values.gateway.extraListeners }} 41 | {{- toYaml . | nindent 4 }} 42 | {{- end }} 43 | {{- with .Values.gateway.infrastructure }} 44 | infrastructure: 45 | {{- toYaml . | nindent 4 }} 46 | {{- end }} 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/gitlabrunner.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.gitlabRunner.enabled }} 2 | apiVersion: miscscripts.pnnl.gov/v1beta1 3 | kind: GitlabRunner 4 | metadata: 5 | name: {{ .Values.gitlabRunner.name }} 6 | namespace: {{ .Values.magicnamespace.namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | {{ toYaml .Values.gitlabRunner.spec | indent 2 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.nginx.clusterRole }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: pmstn-{{ .Values.magicnamespace.namespace }}-ic 6 | labels: 7 | {{- include "namespace.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ .Values.ingress.nginx.clusterRole }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ .Release.Name }}-ingress 15 | namespace: {{ .Release.Namespace | quote }} 16 | {{ end }} 17 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/issuer.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.letsencrypt.enabled }} 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: letsencrypt-production 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | acme: 11 | server: https://acme-v02.api.letsencrypt.org/directory 12 | email: {{ .Values.contact }} 13 | 14 | privateKeySecretRef: 15 | name: letsencrypt-production 16 | 17 | solvers: 18 | {{ toYaml .Values.letsencrypt.solvers | indent 6 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/limitrange.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.limitRange.enabled }} 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: {{ .Release.Name }} 6 | namespace: {{ .Values.magicnamespace.namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | limits: 11 | {{ toYaml .Values.limitRange.limits | indent 4 }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ template "namespace.fullname" . }} 5 | namespace: {{ .Values.magicnamespace.namespace }} 6 | labels: 7 | {{- include "namespace.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - namespaces 13 | verbs: 14 | - get 15 | - apiGroups: 16 | - "" 17 | resources: 18 | - configmaps 19 | - pods 20 | - secrets 21 | - endpoints 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | - apiGroups: 27 | - "" 28 | resources: 29 | - services 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - apiGroups: 35 | - "networking.k8s.io" # k8s 1.14+ 36 | resources: 37 | - ingresses 38 | verbs: 39 | - get 40 | - list 41 | - watch 42 | - apiGroups: 43 | - "networking.k8s.io" # k8s 1.14+ 44 | resources: 45 | - ingresses/status 46 | verbs: 47 | - update 48 | - apiGroups: 49 | - "networking.k8s.io" # k8s 1.14+ 50 | resources: 51 | - ingressclasses 52 | verbs: 53 | - get 54 | - list 55 | - watch 56 | - apiGroups: 57 | - "" 58 | resources: 59 | - events 60 | verbs: 61 | - create 62 | - patch 63 | - apiGroups: 64 | - discovery.k8s.io 65 | resources: 66 | - endpointslices 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "namespace.fullname" . }} 5 | namespace: {{ .Values.magicnamespace.namespace }} 6 | labels: 7 | {{- include "namespace.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ template "namespace.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ .Release.Name }}-ingress 15 | namespace: {{ .Release.Namespace | quote }} 16 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operatorGroup.enabled }} 2 | apiVersion: operators.coreos.com/v1 3 | kind: OperatorGroup 4 | metadata: 5 | name: {{ .Values.magicnamespace.namespace }} 6 | namespace: {{ .Values.magicnamespace.namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | targetNamespaces: 11 | - {{ .Values.magicnamespace.namespace }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: rbac-admin-group 5 | namespace: {{ .Values.magicnamespace.namespace }} 6 | labels: 7 | {{- include "namespace.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: admin 12 | subjects: 13 | - kind: Group 14 | name: {{ .Values.roleBindings.groupPrefix }}{{ .Values.magicnamespace.namespace }}.admin 15 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/resourcequota.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.quota.enabled }} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: {{ .Release.Name }} 6 | namespace: {{ .Values.magicnamespace.namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | hard: 11 | pods: {{ .Values.quota.pods }} 12 | requests.cpu: {{ .Values.quota.requests.cpu }} 13 | requests.memory: {{ .Values.quota.requests.memory }} 14 | limits.cpu: {{ .Values.quota.limits.cpu }} 15 | limits.memory: {{ .Values.quota.limits.memory }} 16 | {{- range $key, $val := .Values.quota.extraQuota }} 17 | {{ $key }}: {{ $val | quote }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.type "simple-restricted") }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.magicnamespace.namespace }} 7 | labels: 8 | {{- include "namespace.labels" . | nindent 4 }} 9 | spec: 10 | podSelector: {} 11 | policyTypes: 12 | - Ingress 13 | - Egress 14 | ingress: 15 | - from: 16 | # Allow non pod traffic 17 | {{- range .Values.networkPolicy.ingress.ipBlocks }} 18 | - ipBlock: 19 | {{ toYaml . | indent 8 }} 20 | {{- end }} 21 | # Allow admin namespace to access this namespace 22 | - namespaceSelector: 23 | matchLabels: 24 | kubernetes.io/metadata.name: {{ .Release.Namespace }} 25 | podSelector: {} 26 | # Allow access to the kube-system namespace for service discovery 27 | - namespaceSelector: 28 | matchLabels: 29 | kubernetes.io/metadata.name: kube-system 30 | podSelector: {} 31 | # Allow this namespace to access itself 32 | - podSelector: {} 33 | egress: 34 | - to: 35 | # Allow non pod traffic 36 | {{- range .Values.networkPolicy.ingress.ipBlocks }} 37 | - ipBlock: 38 | {{ toYaml . | indent 8 }} 39 | {{- end }} 40 | # Allow admin namespace to access this namespace 41 | - namespaceSelector: 42 | matchLabels: 43 | kubernetes.io/metadata.name: {{ .Release.Namespace }} 44 | podSelector: {} 45 | # Allow access to the kube-system namespace for service discovery 46 | - namespaceSelector: 47 | matchLabels: 48 | kubernetes.io/metadata.name: kube-system 49 | podSelector: {} 50 | # Allow this namespace to access itself 51 | - podSelector: {} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /charts/image-library-charts/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.8.18-1" 3 | description: A Helm chart for Kubernetes 4 | name: 5 | version: 1.0.0 6 | -------------------------------------------------------------------------------- /containers/anaconda-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:stable-alpine 2 | 3 | FROM pnnlmiscscripts/anaconda:latest 4 | COPY --from=0 / / 5 | RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf 6 | -------------------------------------------------------------------------------- /containers/anaconda-nginx/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=filecontent 2 | export AUTO_PREFIX_FILE=/data/CentOS_BuildTag 3 | export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' 4 | export DOCKER_REPO=pnnlmiscscripts/anaconda 5 | export DOCKER_TAG=latest-nginx 6 | -------------------------------------------------------------------------------- /containers/anaconda-nginx9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:stable-alpine 2 | 3 | FROM pnnlmiscscripts/anaconda9:latest 4 | COPY --from=0 / / 5 | RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf 6 | -------------------------------------------------------------------------------- /containers/anaconda-nginx9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=filecontent 2 | export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag 3 | export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' 4 | export DOCKER_REPO=pnnlmiscscripts/anaconda9 5 | export DOCKER_TAG=latest-nginx 6 | -------------------------------------------------------------------------------- /containers/anaconda/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7 2 | RUN \ 3 | mkdir -p /data/LiveOS && \ 4 | curl http://mirror.centos.org/centos-7/7/os/x86_64/CentOS_BuildTag -o /data/CentOS_BuildTag && \ 5 | curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/initrd.img -o /data/initrd.img && \ 6 | curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/vmlinuz -o /data/vmlinuz && \ 7 | curl http://mirror.centos.org/centos-7/7/os/x86_64/.treeinfo -o /data/.treeinfo && \ 8 | curl http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img -o /data/LiveOS/squashfs.img && \ 9 | cat /data/CentOS_BuildTag > /.extrafingerprints 10 | 11 | FROM scratch 12 | COPY --from=0 /data /data 13 | COPY --from=0 /.extrafingerprints /.extrafingerprints 14 | -------------------------------------------------------------------------------- /containers/anaconda/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=filecontent 2 | export AUTO_PREFIX_FILE=/data/CentOS_BuildTag 3 | -------------------------------------------------------------------------------- /containers/anaconda9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rockylinux:9 2 | 3 | RUN \ 4 | dnf install -y wget && \ 5 | mkdir -p /data/images/pxeboot/ && \ 6 | curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/.treeinfo > /data/.treeinfo && \ 7 | curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/vmlinuz -o /data/images/pxeboot/vmlinuz && \ 8 | curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/initrd.img -o /data/images/pxeboot/initrd.img && \ 9 | curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/efiboot.img -o /data/images/efiboot.img && \ 10 | wget https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/install.img -O /data/images/install.img && \ 11 | curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ 12 | sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ 13 | curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ 14 | cat /data/RockyLinux_BuildTag | tee /.extrafingerprints 15 | 16 | FROM scratch 17 | COPY --from=0 /data /data 18 | COPY --from=0 /.extrafingerprints /.extrafingerprints 19 | -------------------------------------------------------------------------------- /containers/anaconda9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=filecontent 2 | export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag 3 | -------------------------------------------------------------------------------- /containers/build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | CONTAINER="$1" 3 | [ "x$2" != "x" ] && export SUBBUILD="$2" 4 | pushd $(dirname "$0")/"$CONTAINER" 5 | 6 | [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools 7 | 8 | export DOCKER_REPO=pnnlmiscscripts/"$CONTAINER" 9 | export DOCKER_TAG=latest 10 | 11 | [ -f buildenv ] && . buildenv 12 | 13 | function cleanup () { 14 | if [ "x$CI" != "x" ]; then 15 | docker rmi "$DOCKER_REPO:$REVISION" 16 | docker rmi "$IMAGE_NAME" 17 | docker image prune -f 18 | fi 19 | } 20 | 21 | if [ "x$IMAGE_NAME" == "x" ]; then 22 | export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" 23 | fi 24 | 25 | if [ "x$GPGSIGN" != "x" ]; then 26 | [ ! -f rpm.pub ] && cp -a ../../rpm.pub . 27 | [ ! -f rpmmacros ] && cp -a ../rpmmacros . 28 | export GPGKEY=$(pwd)/../../rpm.priv 29 | fi 30 | 31 | #Workaround https://github.com/moby/moby/issues/39120 32 | if [ "x$DOCKER_BUILDKIT" != "x" ]; then 33 | sudo cat /etc/docker/daemon.json 34 | echo '{"mtu": 1460}' | sudo dd of=/etc/docker/daemon.json 35 | sudo systemctl restart docker 36 | docker ps -a 37 | fi 38 | 39 | hubbuildtools/hubhookhelpers/build 40 | RES=$? 41 | 42 | if [ "x$GPGSIGN" != "x" ]; then 43 | rm -f "$GPGKEY" || true 44 | fi 45 | 46 | if [ $RES -eq 42 ]; then 47 | echo Nothing changed. Skipping. 48 | cleanup 49 | exit 0 50 | fi 51 | if [ $RES != 0 ]; then 52 | echo Something went wrong. Failing. 53 | exit $RES 54 | fi 55 | 56 | REVISION=$(hubbuildtools/fetchlocalrevision.sh "$IMAGE_NAME") 57 | 58 | docker tag "$IMAGE_NAME" "$DOCKER_REPO:$REVISION" 59 | 60 | echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin 61 | 62 | docker push "$DOCKER_REPO:$REVISION" 63 | docker push "$IMAGE_NAME" 64 | 65 | cleanup 66 | 67 | popd 68 | -------------------------------------------------------------------------------- /containers/chronyd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | RUN \ 4 | apk add --no-cache --update chrony 5 | 6 | -------------------------------------------------------------------------------- /containers/chronyd/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=chrony 3 | -------------------------------------------------------------------------------- /containers/curl-jq/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.20 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update curl jq bash 6 | 7 | CMD [ "/bin/bash" ] 8 | -------------------------------------------------------------------------------- /containers/curl-jq/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=jq 3 | -------------------------------------------------------------------------------- /containers/debug-toolbox/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.19 2 | 3 | RUN \ 4 | apk add --no-cache \ 5 | iputils \ 6 | tcpdump \ 7 | strace \ 8 | iperf3 \ 9 | bind-tools \ 10 | git \ 11 | ltrace \ 12 | iptraf-ng \ 13 | wget \ 14 | curl \ 15 | netcat-openbsd \ 16 | openldap-clients \ 17 | nmap \ 18 | iftop \ 19 | bash \ 20 | iptables \ 21 | conntrack-tools \ 22 | procps \ 23 | iotop \ 24 | ipvsadm \ 25 | openssl \ 26 | nvme-cli \ 27 | smartmontools \ 28 | dmidecode 29 | -------------------------------------------------------------------------------- /containers/debug-toolbox/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=1.0.0 2 | -------------------------------------------------------------------------------- /containers/dhcpd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update dhcp 6 | -------------------------------------------------------------------------------- /containers/dhcpd/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=dhcp 3 | -------------------------------------------------------------------------------- /containers/git/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.13 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update ca-certificates openssl git && \ 6 | rm -f /etc/apk/repositories 7 | 8 | ENTRYPOINT ["git"] 9 | 10 | CMD ["--help"] 11 | -------------------------------------------------------------------------------- /containers/git/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=git 3 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/operator-framework/ansible-operator:v0.16.0 2 | 3 | USER 0 4 | 5 | COPY volume.patch /volume.patch 6 | COPY watches.yaml ${HOME}/watches.yaml 7 | COPY requirements.yml ${HOME}/requirements.yml 8 | COPY roles/ ${HOME}/roles/ 9 | 10 | RUN \ 11 | set -e && \ 12 | yum clean all && \ 13 | yum install -y git patch && \ 14 | yum clean all && \ 15 | curl -o /helm.tar.gz https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz && \ 16 | tar -zxvf /helm.tar.gz && \ 17 | mv /linux-amd64/helm /usr/bin/helm && \ 18 | rm -f /helm.tar.gz && \ 19 | ansible-galaxy collection install -r ${HOME}/requirements.yml && \ 20 | chmod -R ug+rwx ${HOME}/.ansible && \ 21 | helm plugin install https://github.com/databus23/helm-diff --version master && \ 22 | helm repo add gitlab https://charts.gitlab.io && \ 23 | helm repo update && \ 24 | helm pull gitlab/gitlab-runner --untar && \ 25 | cd gitlab-runner && \ 26 | awk -F: '{if($1 == "version"){print $2}}' Chart.yaml | sed 's/ //g' && \ 27 | echo Skipping volume.patch && \ 28 | echo patch -p1 /volume.patch && \ 29 | cd .. && \ 30 | yum remove -y patch git && \ 31 | cd ${HOME} && \ 32 | find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ 33 | echo 0.1.4 >> /.extrafingerprints && \ 34 | awk -F: '{if($1 == "version"){print $2}}' /gitlab-runner/Chart.yaml | sed 's/ //g' >> /.extrafingerprints && \ 35 | md5sum watches.yaml >> /.extrafingerprints 36 | 37 | USER 1001 38 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=0.1.3 2 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: clustergitlabrunnerflavors.miscscripts.pnnl.gov 6 | spec: 7 | group: miscscripts.pnnl.gov 8 | names: 9 | kind: ClusterGitlabRunnerFlavor 10 | listKind: ClusterGitlabRunnerFlavorList 11 | plural: clustergitlabrunnerflavors 12 | singular: clustergitlabrunnerflavor 13 | scope: Cluster 14 | preserveUnknownFields: false 15 | versions: 16 | - name: v1beta1 17 | schema: 18 | openAPIV3Schema: 19 | description: ClusterGitlabRunnerFlavor is the Schema for the clustergitlabrunnerflavors API 20 | properties: 21 | apiVersion: 22 | description: 'APIVersion defines the versioned schema of this representation 23 | of an object. Servers should convert recognized schemas to the latest 24 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 25 | type: string 26 | kind: 27 | description: 'Kind is a string value representing the REST resource this 28 | object represents. Servers may infer this from the endpoint the client 29 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: Spec defines the desired state of ClusterGitlabRunnerFlavor 35 | type: object 36 | x-kubernetes-preserve-unknown-fields: true 37 | status: 38 | description: Status defines the observed state of ClusterGitlabRunnerFlavor 39 | type: object 40 | x-kubernetes-preserve-unknown-fields: true 41 | type: object 42 | served: true 43 | storage: true 44 | subresources: 45 | status: {} 46 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: gitlabrunners.miscscripts.pnnl.gov 6 | spec: 7 | group: miscscripts.pnnl.gov 8 | names: 9 | kind: GitlabRunner 10 | listKind: GitlabRunnerList 11 | plural: gitlabrunners 12 | singular: gitlabrunner 13 | scope: Namespaced 14 | preserveUnknownFields: false 15 | versions: 16 | - name: v1beta1 17 | schema: 18 | openAPIV3Schema: 19 | description: GitlabRunner is the Schema for the gitlabrunners API 20 | properties: 21 | apiVersion: 22 | description: 'APIVersion defines the versioned schema of this representation 23 | of an object. Servers should convert recognized schemas to the latest 24 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 25 | type: string 26 | kind: 27 | description: 'Kind is a string value representing the REST resource this 28 | object represents. Servers may infer this from the endpoint the client 29 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: Spec defines the desired state of GitlabRunner 35 | type: object 36 | x-kubernetes-preserve-unknown-fields: true 37 | status: 38 | description: Status defines the observed state of GitlabRunner 39 | type: object 40 | x-kubernetes-preserve-unknown-fields: true 41 | type: object 42 | served: true 43 | storage: true 44 | subresources: 45 | status: {} 46 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: miscscripts.pnnl.gov/v1beta1 2 | kind: ClusterGitlabRunnerFlavor 3 | metadata: 4 | name: example 5 | spec: 6 | gitlabUrl: http://localhost:8080 7 | unregisterRunners: true 8 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: miscscripts.pnnl.gov/v1beta1 2 | kind: GitlabRunner 3 | metadata: 4 | name: example 5 | spec: 6 | flavorRef: 7 | name: example 8 | kind: ClusterGitlabRunnerFlavor 9 | group: miscscripts.pnnl.gov 10 | runners: 11 | tags: foo,bar 12 | secret: example 13 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/requirements.yml: -------------------------------------------------------------------------------- 1 | collections: 2 | - community.kubernetes 3 | - operator_sdk.util 4 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/roles/gitlabrunner/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | Apache 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for gitlabrunner 3 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for gitlabrunner 3 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for gitlabrunner 3 | -------------------------------------------------------------------------------- /containers/gitlab-runner-operator/watches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - version: v1beta1 3 | group: miscscripts.pnnl.gov 4 | kind: GitlabRunner 5 | role: /opt/ansible/roles/gitlabrunner 6 | -------------------------------------------------------------------------------- /containers/inotify-tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update inotify-tools 6 | -------------------------------------------------------------------------------- /containers/inotify-tools/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=inotify-tools 3 | -------------------------------------------------------------------------------- /containers/ipmi-exporter/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rockylinux:8 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | yum install -y freeipmi && \ 6 | curl -o ipmi_exporter.tgz https://github.com/soundcloud/ipmi_exporter/releases/download/v1.2.0/ipmi_exporter-v1.2.0.linux-amd64.tar.gz -L && \ 7 | tar -xvf ipmi_exporter.tgz && \ 8 | mv ipmi_exporter-v*/ipmi_exporter /usr/bin/ && \ 9 | rm -rf ipmi_exporter-v* && \ 10 | echo 1.2.0 >> /.extrafingerprints 11 | 12 | ENTRYPOINT ["ipmi_exporter"] 13 | 14 | CMD ["--help"] 15 | -------------------------------------------------------------------------------- /containers/ipmi-exporter/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=1.2.0 2 | -------------------------------------------------------------------------------- /containers/ipmitool/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | echo http://dl-cdn.alpinelinux.org/alpine/v3.9/community >> /etc/apk/repositories && \ 6 | apk add --no-cache --update ca-certificates openssl ipmitool && \ 7 | rm -f /etc/apk/repositories 8 | 9 | ENTRYPOINT ["ipmitool"] 10 | 11 | CMD ["--help"] 12 | -------------------------------------------------------------------------------- /containers/ipmitool/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=ipmitool 3 | -------------------------------------------------------------------------------- /containers/k8s-node-image-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG SUBBUILD=1.13 2 | FROM nginx:stable-alpine 3 | 4 | FROM pnnlmiscscripts/k8s-node-image:$SUBBUILD 5 | COPY --from=0 / / 6 | RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf 7 | -------------------------------------------------------------------------------- /containers/k8s-node-image-nginx/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' 4 | export DOCKER_REPO=pnnlmiscscripts/k8s-node-image 5 | export DOCKER_TAG="$SUBBUILD-nginx" 6 | -------------------------------------------------------------------------------- /containers/k8s-node-image-nginx9/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG SUBBUILD=1.13 2 | FROM nginx:stable-alpine 3 | 4 | FROM pnnlmiscscripts/k8s-node-image9:$SUBBUILD 5 | COPY --from=0 / / 6 | RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf 7 | 8 | -------------------------------------------------------------------------------- /containers/k8s-node-image-nginx9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' 4 | export DOCKER_REPO=pnnlmiscscripts/k8s-node-image9 5 | export DOCKER_TAG="$SUBBUILD-nginx" 6 | -------------------------------------------------------------------------------- /containers/k8s-node-image/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | ARG SUBBUILD=1.13 3 | FROM pnnlmiscscripts/rpms-node-base:latest as base 4 | FROM pnnlmiscscripts/rpms-containerd:latest as containerd 5 | FROM pnnlmiscscripts/rpms-openvswitch:latest as openvswitch 6 | FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD as kubernetes 7 | 8 | FROM centos:centos7 as repobuild 9 | COPY --from=base /data /rpmdata 10 | COPY --from=containerd /data /data/containerd 11 | COPY --from=openvswitch /data /data/openvswitch 12 | COPY --from=kubernetes /data /data/kubernetes 13 | ADD rpm.pub /root/rpm.pub 14 | RUN --mount=type=secret,id=gpg \ 15 | yum install -y createrepo yum-utils gnupg2 && \ 16 | mkdir -p /data/repodata && \ 17 | zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ 18 | cp -a /rpmdata/*.rpm /data && \ 19 | createrepo -g /data/repodata/comps.xml /data && \ 20 | gpg --import /run/secrets/gpg && \ 21 | gpg --import /root/rpm.pub && \ 22 | gpg --detach-sign --armor /data/repodata/repomd.xml && \ 23 | rm -rf ~/.gnupg && \ 24 | echo Done building repo. 25 | 26 | FROM pnnlmiscscripts/rpms-node-base:latest 27 | COPY --from=openvswitch /data /data/openvswitch 28 | COPY --from=containerd /data /data/containerd 29 | COPY --from=kubernetes /data /data/kubernetes 30 | COPY --from=repobuild /data/repodata /data/repodata 31 | 32 | -------------------------------------------------------------------------------- /containers/k8s-node-image/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export DOCKER_TAG=$SUBBUILD 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/k8s-node-image9/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | ARG SUBBUILD=1.13 3 | FROM pnnlmiscscripts/rpms-node-base9:latest as base 4 | FROM pnnlmiscscripts/rpms-containerd9:latest as containerd 5 | FROM pnnlmiscscripts/rpms-openvswitch9:latest as openvswitch 6 | FROM pnnlmiscscripts/rpms-kubernetes9:$SUBBUILD as kubernetes 7 | 8 | FROM rockylinux:9 as repobuild 9 | COPY --from=base /data /rpmdata 10 | COPY --from=containerd /data /data/containerd 11 | COPY --from=openvswitch /data /data/openvswitch 12 | COPY --from=kubernetes /data /data/kubernetes 13 | ADD rpm.pub /root/rpm.pub 14 | RUN --mount=type=secret,id=gpg \ 15 | yum install -y createrepo yum-utils gnupg2 && \ 16 | mkdir -p /data/repodata && \ 17 | zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ 18 | cp -a /rpmdata/*.rpm /data && \ 19 | createrepo -g /data/repodata/comps.xml /data && \ 20 | gpg --import /run/secrets/gpg && \ 21 | gpg --import /root/rpm.pub && \ 22 | gpg --detach-sign --armor /data/repodata/repomd.xml && \ 23 | rm -rf ~/.gnupg && \ 24 | echo Done building repo. 25 | 26 | FROM pnnlmiscscripts/rpms-node-base9:latest 27 | COPY --from=openvswitch /data /data/openvswitch 28 | COPY --from=containerd /data /data/containerd 29 | COPY --from=kubernetes /data /data/kubernetes 30 | COPY --from=repobuild /data/repodata /data/repodata 31 | 32 | -------------------------------------------------------------------------------- /containers/k8s-node-image9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export DOCKER_TAG=$SUBBUILD 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/pixiecore/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang 2 | 3 | RUN \ 4 | CGO_ENABLED=0 go install go.universe.tf/netboot/cmd/pixiecore@latest 5 | 6 | FROM alpine:3.15 7 | COPY --from=0 /go/bin/pixiecore /bin/pixiecore 8 | RUN echo 1.0.2 > /.extrafingerprints && cd / && wget http://boot.ipxe.org/ipxe.efi 9 | ENTRYPOINT ["/bin/pixiecore"] 10 | -------------------------------------------------------------------------------- /containers/pixiecore/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=1.0.1 2 | -------------------------------------------------------------------------------- /containers/py2lint/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update py2-pip && \ 6 | pip install pylint 7 | -------------------------------------------------------------------------------- /containers/py2lint/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=pip-version 2 | export AUTO_PREFIX_PACKAGE=pylint 3 | -------------------------------------------------------------------------------- /containers/rpmmacros: -------------------------------------------------------------------------------- 1 | %_signature gpg 2 | %_gpg_name MISCSCRIPTS Packages 3 | %_gpgbin /usr/bin/gpg 4 | -------------------------------------------------------------------------------- /containers/rpms-containerd/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | FROM centos:centos7 3 | 4 | ADD rpm.pub /root/rpm.pub 5 | ADD rpmmacros /root/.rpmmacros 6 | 7 | ADD docker-ce.repo /etc/yum.repos.d/ 8 | RUN --mount=type=secret,id=gpg \ 9 | cd / && \ 10 | set -e && \ 11 | yum install -y createrepo gnupg2 rpm-sign && \ 12 | mkdir -p rpms/ && \ 13 | yumdownloader --resolv --destdir rpms containerd.io && \ 14 | gpg --import /run/secrets/gpg && \ 15 | gpg --import /root/rpm.pub && \ 16 | rpm --addsign $(find rpms -type f -name '*.rpm') && \ 17 | createrepo rpms && \ 18 | gpg --detach-sign --armor rpms/repodata/repomd.xml && \ 19 | rm -rf ~/.gnupg && \ 20 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY 21 | 22 | FROM scratch 23 | COPY --from=0 /rpms /data 24 | -------------------------------------------------------------------------------- /containers/rpms-containerd/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=containerd.io 3 | export DOCKER_BUILDKIT=1 4 | export GPGSIGN=1 5 | -------------------------------------------------------------------------------- /containers/rpms-containerd/docker-ce.repo: -------------------------------------------------------------------------------- 1 | [docker-ce-stable] 2 | name=Docker CE Stable - $basearch 3 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable 4 | enabled=1 5 | gpgcheck=1 6 | gpgkey=https://download.docker.com/linux/centos/gpg 7 | -------------------------------------------------------------------------------- /containers/rpms-containerd9/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | 3 | FROM pnnlmiscscripts/rpms-node-base9:latest 4 | 5 | FROM rockylinux:9 6 | 7 | COPY --from=0 /data /rpms-base 8 | 9 | ADD rpm.pub /root/rpm.pub 10 | ADD rpmmacros /root/.rpmmacros 11 | 12 | ADD docker-ce.repo /etc/yum.repos.d/ 13 | RUN --mount=type=secret,id=gpg \ 14 | cd / && \ 15 | set -e && \ 16 | yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ 17 | mkdir -p rpms/ && \ 18 | cd /rpms && \ 19 | cp -a /rpms-base/*.rpm . && \ 20 | dnf download --resolve --destdir /rpms containerd.io && \ 21 | find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ 22 | gpg --import /run/secrets/gpg && \ 23 | gpg --import /root/rpm.pub && \ 24 | rpm --addsign $(find . -type f -name '*.rpm') && \ 25 | createrepo /rpms && \ 26 | gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ 27 | rm -rf ~/.gnupg && \ 28 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ 29 | ls -l /rpms 30 | 31 | FROM scratch 32 | COPY --from=1 /rpms /data 33 | -------------------------------------------------------------------------------- /containers/rpms-containerd9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=containerd.io 3 | export DOCKER_BUILDKIT=1 4 | export GPGSIGN=1 5 | -------------------------------------------------------------------------------- /containers/rpms-containerd9/docker-ce.repo: -------------------------------------------------------------------------------- 1 | [docker-ce-stable] 2 | name=Docker CE Stable - $basearch 3 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable 4 | enabled=1 5 | gpgcheck=1 6 | gpgkey=https://download.docker.com/linux/centos/gpg 7 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | FROM centos:centos7 3 | ARG BACK=1 4 | ARG SUBBUILD=1.13 5 | 6 | ADD rpm.pub /root/rpm.pub 7 | ADD rpmmacros /root/.rpmmacros 8 | 9 | ADD kubernetes.repo /etc/yum.repos.d/ 10 | RUN --mount=type=secret,id=gpg \ 11 | yum install -y createrepo gnupg2 rpm-sign && \ 12 | mkdir -p rpms/ && \ 13 | VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ 14 | VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ 15 | SUBVERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\."| awk -F. '{print $3}' | awk -F- '{print $1}' | sort -nu | tail -n 1) && \ 16 | REVISION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\.$SUBVERSION-" | awk -F- '{print $2}' | sort -nu | tail -n 1) && \ 17 | FULLVERSION="1.$VERSION.$SUBVERSION-$REVISION" && \ 18 | echo "Picked $FULLVERSION" && \ 19 | mkdir -p rpms/ && \ 20 | yumdownloader --resolv --destdir rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ 21 | gpg --import /run/secrets/gpg && \ 22 | gpg --import /root/rpm.pub && \ 23 | rpm --addsign $(find rpms -type f -name '*.rpm') && \ 24 | createrepo rpms && \ 25 | gpg --detach-sign --armor rpms/repodata/repomd.xml && \ 26 | rm -rf ~/.gnupg && \ 27 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY 28 | 29 | FROM scratch 30 | COPY --from=0 /rpms /data 31 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export DOCKER_TAG=$SUBBUILD 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes/kubernetes.repo: -------------------------------------------------------------------------------- 1 | [kubernetes] 2 | name=Kubernetes 3 | baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 4 | enabled=1 5 | gpgcheck=1 6 | # See issue https://github.com/kubernetes/release/issues/1982 7 | repo_gpgcheck=0 8 | gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg 9 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes9/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.2 2 | 3 | FROM pnnlmiscscripts/rpms-node-base9:latest 4 | 5 | FROM rockylinux:9 6 | ARG BACK=1 7 | ARG SUBBUILD=1.13 8 | 9 | COPY --from=0 /data /rpms-base 10 | 11 | ADD rpm.pub /root/rpm.pub 12 | ADD rpmmacros /root/.rpmmacros 13 | 14 | ADD kubernetes.repo /etc/yum.repos.d/ 15 | RUN --mount=type=secret,id=gpg \ 16 | sed -i "s/KUBE_VERSION/${SUBBUILD}/" /etc/yum.repos.d/kubernetes.repo && \ 17 | yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ 18 | mkdir -p rpms/ && \ 19 | mkdir -p rpms/ && \ 20 | cd /rpms && \ 21 | cp -a /rpms-base/*.rpm . && \ 22 | dnf install -y --downloadonly --destdir /rpms kubelet kubeadm kubectl && \ 23 | find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ 24 | gpg --import /run/secrets/gpg && \ 25 | gpg --import /root/rpm.pub && \ 26 | rpm --addsign $(find . -type f -name '*.rpm') && \ 27 | createrepo /rpms && \ 28 | gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ 29 | rm -rf ~/.gnupg && \ 30 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ 31 | ls -l /rpms/ 32 | 33 | FROM scratch 34 | COPY --from=1 /rpms /data 35 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=kubelet 3 | export DOCKER_TAG=$SUBBUILD 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/rpms-kubernetes9/kubernetes.repo: -------------------------------------------------------------------------------- 1 | [kubernetes] 2 | name=Kubernetes 3 | baseurl=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/ 4 | enabled=1 5 | gpgcheck=1 6 | gpgkey=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/repodata/repomd.xml.key 7 | -------------------------------------------------------------------------------- /containers/rpms-node-base/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | FROM centos:centos7 3 | MAINTAINER Kevin Fox 4 | 5 | ADD rpm.pub /root/rpm.pub 6 | ADD rpmmacros /root/.rpmmacros 7 | 8 | RUN --mount=type=secret,id=gpg \ 9 | cd / && \ 10 | set -e && \ 11 | yum install -y createrepo yum-utils gnupg2 rpm-sign && \ 12 | mkdir -p rpms/ && \ 13 | yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ 14 | --destdir rpms --setopt cachedir=/tmp/cache \ 15 | @Base @Core @anaconda-tools grub2-efi-x64 kernel grub2 docker e2fsprogs \ 16 | container-selinux nspr nss-util openssh-server openssh iptables-services \ 17 | nfs-utils authconfig psmisc libibverbs qemu-guest-agent && \ 18 | gpg --import /run/secrets/gpg && \ 19 | gpg --import /root/rpm.pub && \ 20 | rpm --addsign $(find rpms -type f -name '*.rpm') && \ 21 | reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ 22 | mkdir -p rpms/repodata && \ 23 | mv base/comps.xml rpms/repodata && \ 24 | createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ 25 | gpg --detach-sign --armor rpms/repodata/repomd.xml && \ 26 | rm -rf ~/.gnupg && \ 27 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY 28 | 29 | FROM scratch 30 | COPY --from=0 /rpms /data 31 | -------------------------------------------------------------------------------- /containers/rpms-node-base/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version-release 2 | export AUTO_PREFIX_PACKAGE=centos-release 3 | export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/rpms-node-base9/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.2 2 | FROM rockylinux:9 3 | MAINTAINER Kevin Fox 4 | 5 | ADD rpm.pub /root/rpm.pub 6 | ADD rpmmacros /root/.rpmmacros 7 | 8 | RUN --mount=type=secret,id=gpg \ 9 | cd / && \ 10 | set -e && \ 11 | yum install -y createrepo yum-utils gnupg2 rpm-sign && \ 12 | mkdir -p rpms/ && \ 13 | dnf install --installroot=/tmp/root --releasever=/ --downloadonly \ 14 | --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ 15 | openssh-server openssh iptables-services nfs-utils authconfig psmisc \ 16 | libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ 17 | langpacks-en mdadm shim-x64 glibc-minimal-langpack tar lvm2 fuse-overlayfs && \ 18 | gpg --import /run/secrets/gpg && \ 19 | gpg --import /root/rpm.pub && \ 20 | rpm --addsign $(find rpms -type f -name '*.rpm') && \ 21 | mkdir -p rpms/repodata && \ 22 | curl -o rpms/repodata/comps.xml $(reposync --gpgcheck --repoid=baseos --downloadcomps -u | grep -- -GROUPS.xml) && \ 23 | createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ 24 | gpg --detach-sign --armor rpms/repodata/repomd.xml && \ 25 | rm -rf ~/.gnupg && \ 26 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ 27 | ls -l /rpms 28 | 29 | FROM scratch 30 | COPY --from=0 /rpms /data 31 | -------------------------------------------------------------------------------- /containers/rpms-node-base9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version-release 2 | export AUTO_PREFIX_PACKAGE=rocky-release 3 | export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' 4 | export DOCKER_BUILDKIT=1 5 | export GPGSIGN=1 6 | -------------------------------------------------------------------------------- /containers/rpms-openvswitch/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | FROM centos:centos7 3 | MAINTAINER Kevin Fox 4 | 5 | ADD rpm.pub /root/rpm.pub 6 | ADD rpmmacros /root/.rpmmacros 7 | 8 | RUN --mount=type=secret,id=gpg \ 9 | cd / && \ 10 | set -e && \ 11 | yum install -y createrepo createrepo gnupg2 rpm-sign && \ 12 | mkdir -p rpms/ && \ 13 | yum install -y centos-release-openstack-train createrepo && \ 14 | yumdownloader --resolv --destdir rpms openvswitch && \ 15 | gpg --import /run/secrets/gpg && \ 16 | gpg --import /root/rpm.pub && \ 17 | rpm --addsign $(find rpms -type f -name '*.rpm') && \ 18 | createrepo rpms && \ 19 | gpg --detach-sign --armor rpms/repodata/repomd.xml && \ 20 | rm -rf ~/.gnupg && \ 21 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY 22 | 23 | FROM scratch 24 | COPY --from=0 /rpms /data 25 | -------------------------------------------------------------------------------- /containers/rpms-openvswitch/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=openvswitch 3 | export DOCKER_BUILDKIT=1 4 | export GPGSIGN=1 5 | -------------------------------------------------------------------------------- /containers/rpms-openvswitch9/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax = docker/dockerfile:1.0-experimental 2 | 3 | FROM pnnlmiscscripts/rpms-node-base9:latest 4 | 5 | FROM rockylinux:9 6 | MAINTAINER Kevin Fox 7 | 8 | COPY --from=0 /data /rpms-base 9 | 10 | ADD rpm.pub /root/rpm.pub 11 | ADD rpmmacros /root/.rpmmacros 12 | 13 | RUN --mount=type=secret,id=gpg \ 14 | cd / && \ 15 | set -e && \ 16 | dnf install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ 17 | dnf install -y centos-release-nfv-openvswitch && \ 18 | sed -i 's/common-$releasever/2-9-stream/g' /etc/yum.repos.d/CentOS-NFV-OpenvSwitch.repo && \ 19 | mkdir -p /rpms && \ 20 | cd /rpms && \ 21 | cp -a /rpms-base/*.rpm . && \ 22 | dnf download --resolve --destdir /rpms openvswitch2.17 NetworkManager-ovs && \ 23 | find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ 24 | gpg --import /run/secrets/gpg && \ 25 | gpg --import /root/rpm.pub && \ 26 | rpm --addsign $(find . -type f -name '*.rpm') && \ 27 | createrepo /rpms && \ 28 | gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ 29 | rm -rf ~/.gnupg && \ 30 | cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ 31 | ls -l /rpms 32 | 33 | FROM scratch 34 | COPY --from=1 /rpms /data 35 | -------------------------------------------------------------------------------- /containers/rpms-openvswitch9/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=rpmrepo-version 2 | export AUTO_PREFIX_PACKAGE=openvswitch2.17 3 | export DOCKER_BUILDKIT=1 4 | export GPGSIGN=1 5 | -------------------------------------------------------------------------------- /containers/smartctl-exporter/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | RUN \ 3 | wget -O exporter.tar.gz https://github.com/prometheus-community/smartctl_exporter/releases/download/v0.7.0/smartctl_exporter-0.7.0.linux-amd64.tar.gz && \ 4 | tar -zxvf exporter.tar.gz && \ 5 | mv smartctl_exporter*/smartctl_exporter /bin/ && \ 6 | rm -rf smartctl_exporter* && \ 7 | apk add --no-cache --update smartmontools 8 | 9 | COPY smartctl_exporter.yaml /etc/smartctl_exporter.yaml 10 | 11 | CMD ["/bin/smartctl_exporter"] 12 | -------------------------------------------------------------------------------- /containers/smartctl-exporter/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=0.7 2 | -------------------------------------------------------------------------------- /containers/smartctl-exporter/smartctl_exporter.yaml: -------------------------------------------------------------------------------- 1 | smartctl_exporter: 2 | bind_to: "localhost:9633" 3 | url_path: "/metrics" 4 | smartctl_location: /usr/sbin/smartctl 5 | collect_not_more_than_period: 120s 6 | devices: 7 | - /dev/vda 8 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # editor and IDE paraphernalia 11 | .idea 12 | *.swp 13 | *.swo 14 | *~ 15 | 16 | bundle/ 17 | bundle.Dockerfile 18 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/operator-framework/ansible-operator:v1.32.0 2 | 3 | ARG helm_version=v3.13.3 4 | USER 0 5 | RUN dnf clean all && \ 6 | dnf install -y git && \ 7 | dnf clean all && \ 8 | ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') && \ 9 | curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-${ARCH}.tar.gz && \ 10 | tar -zxvf helm.tar.gz && \ 11 | mv linux-${ARCH}/helm /usr/local/bin/helm && \ 12 | rm -f helm.tar.gz && \ 13 | rm -rf linux-${ARCH} && \ 14 | touch /.extrafingerprints && \ 15 | chown ${USER_UID}:0 /.extrafingerprints 16 | 17 | USER 1001 18 | WORKDIR ${HOME} 19 | 20 | COPY watches.yaml requirements.yml ${HOME}/ 21 | COPY roles/ ${HOME}/roles/ 22 | 23 | #FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. 24 | RUN ansible-galaxy install -r ${HOME}/requirements.yml && \ 25 | chmod -R ug+rwx ${HOME}/.ansible && \ 26 | helm plugin install https://github.com/databus23/helm-diff --version master && \ 27 | helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.15 --untar && \ 28 | cd tenant-namespace/charts/ingress-nginx/ && \ 29 | cd - && \ 30 | find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ 31 | echo 0.1.14 >> /.extrafingerprints && \ 32 | md5sum watches.yaml >> /.extrafingerprints 33 | 34 | ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--inject-owner-ref=false"] 35 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/PROJECT: -------------------------------------------------------------------------------- 1 | # Code generated by tool. DO NOT EDIT. 2 | # This file is used to track the info used to scaffold your project 3 | # and allow the plugins properly work. 4 | # More info: https://book.kubebuilder.io/reference/project-config.html 5 | domain: pnnl.gov 6 | layout: 7 | - ansible.sdk.operatorframework.io/v1 8 | plugins: 9 | manifests.sdk.operatorframework.io/v2: {} 10 | scorecard.sdk.operatorframework.io/v2: {} 11 | projectName: tenant-namespace-operator 12 | resources: 13 | - api: 14 | crdVersion: v1 15 | namespaced: false 16 | domain: pnnl.gov 17 | group: miscscripts 18 | kind: TenantNamespace 19 | version: v1beta1 20 | - api: 21 | crdVersion: v1 22 | namespaced: false 23 | domain: pnnl.gov 24 | group: miscscripts 25 | kind: TenantNamespaceFlavor 26 | version: v1beta1 27 | version: "3" 28 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/buildenv: -------------------------------------------------------------------------------- 1 | export PREFIX=0.1.19 2 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: tenantnamespaceflavors.miscscripts.pnnl.gov 6 | spec: 7 | group: miscscripts.pnnl.gov 8 | names: 9 | kind: TenantNamespaceFlavor 10 | listKind: TenantNamespaceFlavorList 11 | plural: tenantnamespaceflavors 12 | singular: tenantnamespaceflavor 13 | scope: Cluster 14 | preserveUnknownFields: false 15 | versions: 16 | - name: v1beta1 17 | schema: 18 | openAPIV3Schema: 19 | description: TenantNamespaceFlavor is the Schema for the tenantnamespaceflavors API 20 | properties: 21 | apiVersion: 22 | description: 'APIVersion defines the versioned schema of this representation 23 | of an object. Servers should convert recognized schemas to the latest 24 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 25 | type: string 26 | kind: 27 | description: 'Kind is a string value representing the REST resource this 28 | object represents. Servers may infer this from the endpoint the client 29 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: Spec defines the desired state of TenantNamespaceFlavor 35 | type: object 36 | x-kubernetes-preserve-unknown-fields: true 37 | status: 38 | description: Status defines the observed state of TenantNamespaceFlavor 39 | type: object 40 | x-kubernetes-preserve-unknown-fields: true 41 | type: object 42 | served: true 43 | storage: true 44 | subresources: 45 | status: {} 46 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: tenantnamespaces.miscscripts.pnnl.gov 6 | spec: 7 | group: miscscripts.pnnl.gov 8 | names: 9 | kind: TenantNamespace 10 | listKind: TenantNamespaceList 11 | plural: tenantnamespaces 12 | singular: tenantnamespace 13 | scope: Cluster 14 | preserveUnknownFields: false 15 | versions: 16 | - name: v1beta1 17 | schema: 18 | openAPIV3Schema: 19 | description: TenantNamespace is the Schema for the tenantnamespaces API 20 | properties: 21 | apiVersion: 22 | description: 'APIVersion defines the versioned schema of this representation 23 | of an object. Servers should convert recognized schemas to the latest 24 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 25 | type: string 26 | kind: 27 | description: 'Kind is a string value representing the REST resource this 28 | object represents. Servers may infer this from the endpoint the client 29 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: Spec defines the desired state of TenantNamespace 35 | type: object 36 | x-kubernetes-preserve-unknown-fields: true 37 | status: 38 | description: Status defines the observed state of TenantNamespace 39 | type: object 40 | x-kubernetes-preserve-unknown-fields: true 41 | type: object 42 | served: true 43 | storage: true 44 | subresources: 45 | status: {} 46 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/miscscripts.pnnl.gov_tenantnamespaces.yaml 6 | - bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml 7 | #+kubebuilder:scaffold:crdkustomizeresource 8 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: tenant-namespace-operator 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: tenant-namespace-operator- 10 | 11 | # Labels to add to all resources and selectors. 12 | #labels: 13 | #- includeSelectors: true 14 | # pairs: 15 | # someName: someValue 16 | 17 | resources: 18 | - ../crd 19 | - ../rbac 20 | - ../manager 21 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 22 | #- ../prometheus 23 | 24 | patchesStrategicMerge: 25 | # Protect the /metrics endpoint by putting it behind auth. 26 | # If you want your controller-manager to expose the /metrics 27 | # endpoint w/o any authn/z, please comment the following line. 28 | - manager_auth_proxy_patch.yaml 29 | 30 | 31 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | affinity: 12 | nodeAffinity: 13 | requiredDuringSchedulingIgnoredDuringExecution: 14 | nodeSelectorTerms: 15 | - matchExpressions: 16 | - key: kubernetes.io/arch 17 | operator: In 18 | values: 19 | - amd64 20 | - arm64 21 | - ppc64le 22 | - s390x 23 | - key: kubernetes.io/os 24 | operator: In 25 | values: 26 | - linux 27 | containers: 28 | - name: kube-rbac-proxy 29 | securityContext: 30 | allowPrivilegeEscalation: false 31 | capabilities: 32 | drop: 33 | - "ALL" 34 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 35 | args: 36 | - "--secure-listen-address=0.0.0.0:8443" 37 | - "--upstream=http://127.0.0.1:8080/" 38 | - "--logtostderr=true" 39 | - "--v=0" 40 | ports: 41 | - containerPort: 8443 42 | protocol: TCP 43 | name: https 44 | resources: 45 | limits: 46 | cpu: 500m 47 | memory: 128Mi 48 | requests: 49 | cpu: 5m 50 | memory: 64Mi 51 | - name: manager 52 | args: 53 | - "--health-probe-bind-address=:6789" 54 | - "--metrics-bind-address=127.0.0.1:8080" 55 | - "--leader-elect" 56 | - "--leader-election-id=tenant-namespace-operator" 57 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/tenant-namespace-operator.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | scheme: https 15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | selector: 19 | matchLabels: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit tenantnamespaces. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: tenantnamespace-editor-role 6 | rules: 7 | - apiGroups: 8 | - miscscripts.pnnl.gov 9 | resources: 10 | - tenantnamespaces 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - miscscripts.pnnl.gov 21 | resources: 22 | - tenantnamespaces/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view tenantnamespaces. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: tenantnamespace-viewer-role 6 | rules: 7 | - apiGroups: 8 | - miscscripts.pnnl.gov 9 | resources: 10 | - tenantnamespaces 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - miscscripts.pnnl.gov 17 | resources: 18 | - tenantnamespaces/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit tenantnamespaceflavors. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: tenantnamespaceflavor-editor-role 6 | rules: 7 | - apiGroups: 8 | - miscscripts.pnnl.gov 9 | resources: 10 | - tenantnamespaceflavors 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - miscscripts.pnnl.gov 21 | resources: 22 | - tenantnamespaceflavors/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view tenantnamespaceflavors. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: tenantnamespaceflavor-viewer-role 6 | rules: 7 | - apiGroups: 8 | - miscscripts.pnnl.gov 9 | resources: 10 | - tenantnamespaceflavors 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - miscscripts.pnnl.gov 17 | resources: 18 | - tenantnamespaceflavors/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples of your project ## 2 | resources: 3 | - miscscripts_v1beta1_tenantnamespace.yaml 4 | - miscscripts_v1beta1_tenantnamespaceflavor.yaml 5 | #+kubebuilder:scaffold:manifestskustomizesamples 6 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: miscscripts.pnnl.gov/v1beta1 2 | kind: TenantNamespace 3 | metadata: 4 | name: example 5 | spec: 6 | flavorRef: 7 | name: example 8 | kind: TenantNamespaceFlavor 9 | group: miscscripts.pnnl.gov 10 | # ingress: 11 | # nginx: 12 | # enabled: false 13 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: miscscripts.pnnl.gov/v1beta1 2 | kind: TenantNamespaceFlavor 3 | metadata: 4 | name: example 5 | spec: {} 6 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.32.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.32.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.32.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.32.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.32.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.32.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: operator_sdk.util 4 | version: "0.5.0" 5 | - name: kubernetes.core 6 | version: "2.4.0" 7 | - name: cloud.common 8 | version: "2.1.1" 9 | - name: community.docker 10 | version: "3.4.0" 11 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespace/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | Apache 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for TenantNamespace 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for TenantNamespace 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for TenantNamespace 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | Apache 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for tenantnamespace 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for gitlabrunner 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for tenantnamespace 3 | 4 | # Check to see release exists. If it doesnt continue on. If it does, delete it. 5 | - name: Delete the helm release 6 | kubernetes.core.helm: 7 | name: "{{ ansible_operator_meta.name }}" 8 | namespace: "{{ ansible_operator_meta.name }}-admin" 9 | state: absent 10 | register: _objs 11 | 12 | - name: Delete the k8s user namespace 13 | kubernetes.core.k8s: 14 | state: absent 15 | definition: 16 | apiVersion: v1 17 | kind: Namespace 18 | metadata: 19 | name: "{{ ansible_operator_meta.name }}" 20 | 21 | - name: Delete the k8s admin namespace 22 | kubernetes.core.k8s: 23 | state: absent 24 | definition: 25 | apiVersion: v1 26 | kind: Namespace 27 | metadata: 28 | name: "{{ ansible_operator_meta.name }}-admin" 29 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for tenantnamespace 3 | -------------------------------------------------------------------------------- /containers/tenant-namespace-operator/watches.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use the 'create api' subcommand to add watches to this file. 3 | - version: v1beta1 4 | group: miscscripts.pnnl.gov 5 | kind: TenantNamespace 6 | role: tenantnamespace 7 | reconcilePeriod: "1h" 8 | maxRunnerArtifacts: 3 9 | markUnsafe: true 10 | finalizer: 11 | name: finalizer.tenantnamespace.miscscripts.pnnl.gov 12 | role: tenantnamespacefin 13 | #+kubebuilder:scaffold:watch 14 | -------------------------------------------------------------------------------- /containers/xmlstarlet/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.20 2 | MAINTAINER Kevin Fox 3 | 4 | RUN \ 5 | apk add --no-cache --update xmlstarlet bash && \ 6 | echo 1 > /.extrafingerprints 7 | 8 | ENTRYPOINT [ "/usr/bin/xmlstarlet" ] 9 | -------------------------------------------------------------------------------- /containers/xmlstarlet/buildenv: -------------------------------------------------------------------------------- 1 | export AUTO_PREFIX=apk-version 2 | export AUTO_PREFIX_PACKAGE=xmlstarlet 3 | -------------------------------------------------------------------------------- /disclaimer.txt: -------------------------------------------------------------------------------- 1 | This material was prepared as an account of work sponsored by an agency of the 2 | United States Government. Neither the United States Government nor the United 3 | States Department of Energy, nor Battelle, nor any of their employees, nor any 4 | jurisdiction or organization that has cooperated in the development of these 5 | materials, makes any warranty, express or implied, or assumes any legal 6 | liability or responsibility for the accuracy, completeness, or usefulness or 7 | any information, apparatus, product, software, or process disclosed, or 8 | represents that its use would not infringe privately owned rights. 9 | 10 | Reference herein to any specific commercial product, process, or service by 11 | trade name, trademark, manufacturer, or otherwise does not necessarily 12 | constitute or imply its endorsement, recommendation, or favoring by the United 13 | States Government or any agency thereof, or Battelle Memorial Institute. The 14 | views and opinions of authors expressed herein do not necessarily state or 15 | reflect those of the United States Government or any agency thereof. 16 | 17 | PACIFIC NORTHWEST NATIONAL LABORATORY 18 | operated by 19 | BATTELLE 20 | for the 21 | UNITED STATES DEPARTMENT OF ENERGY 22 | under Contract DE-AC05-76RL01830 23 | -------------------------------------------------------------------------------- /license.txt: -------------------------------------------------------------------------------- 1 | Copyright 2017 Battelle Memorial Institute 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are met: 5 | 6 | 1. Redistributions of source code must retain the above copyright notice, this 7 | list of conditions and the following disclaimer. 8 | 9 | 2. Redistributions in binary form must reproduce the above copyright notice, 10 | this list of conditions and the following disclaimer in the documentation 11 | and/or other materials provided with the distribution. 12 | 13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 17 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 19 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 20 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 21 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | -------------------------------------------------------------------------------- /rpm.priv.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/588be08f788eff531cb16cb1f70e31fc1298aee2/rpm.priv.enc -------------------------------------------------------------------------------- /rpm.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQENBFynegoBCAC/rgmquYjaCh9KtQOP7CJu1jtr0VtH5CTZhK4WBrXviDbo4aTO 5 | Htxh7brq7NqyGEg1y+3j8y3kN9OsbEvj9hwj26MYWWfkgYKwil6VbNK5n/UpjI9/ 6 | Uit8xkdpjUqnTGCTxGdG5dQMpY0gWoLJiYSl2inO+Zd5koCqL7riwZbkgddXm09V 7 | 5t1sSYXpmTHFcc8Q5Ilz3WkmZ/YcoJsTbbdeYXlVzbN0MJAx0anuvQbLLgZELB8i 8 | hK0zouUg+lziFzaBdNbMVZbdpaqtgzATQlhhlA/i5p9omQFgg42hAeiq8TZ7Y2Ky 9 | M3hM6ivIgPviJ2fL7d3oyWsKD0GY8aDnmrQ3ABEBAAG0H01JU0NTQ1JJUFRTIFBh 10 | Y2thZ2VzIDxuYUBuYS5uYT6JAT8EEwECACkFAlynegoCGy8FCThkCQAHCwkIBwMC 11 | AQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCvvxWjAdnBTpJnB/0aR8StiOjTsd8uz1Tx 12 | pWH20YigZ9g7JBN4ZUj6UaBWN9CNjaUDfeefjL6GmNTIOq7YCnc9kVKNblpMkxZ7 13 | JnXiy3ITEs3JOUv4wLlsovqEHHJh2K7OSOnJFmgZ3Qs5A8pqZ5eBwHHwqDxT/JYD 14 | BWg3Ezuho02SKyyiYrkZxn5O3PN0ETwzEFBX5wBQg/BOFFgRELhf+TcZOcZcflYq 15 | X7ey1V1gtcaavnG2JAwPLI+/jlXs4qLf6IFhohabpDYjF1Yd0z1++HB90vb83xOd 16 | rJ8F9RaPU5bvAW2k8Lz17/j+Yys4K0NXJUBHVthaxrzCq9NdHrJqAXWjMkCza7pX 17 | aSlL 18 | =Ev+I 19 | -----END PGP PUBLIC KEY BLOCK----- 20 | --------------------------------------------------------------------------------