├── .github ├── PULL_REQUEST_TEMPLATE.md ├── actions │ └── setup-kind-cluster-for-helm-chart-testing │ │ └── action.yaml ├── dependabot.yaml ├── renovate-bump.sh └── workflows │ ├── conftest.yaml │ ├── install-integration-tests-operators-installer.yaml │ ├── install-unit-test.yaml │ ├── lint-test.yaml │ ├── precommit-validate.yml │ ├── release.yaml │ └── scorecard.yml ├── .gitignore ├── .gitleaks.toml ├── .pre-commit-config.yaml ├── LICENSE ├── README.md ├── _templates.gotmpl ├── _test ├── bats-support-clone.bash ├── conftest.sh ├── ct-config.yaml ├── helm-install-debug-logging.sh ├── kind-config.yaml ├── private-registry │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── ConfigMap_local-registry.yaml │ │ ├── Deployment_registry.yaml │ │ ├── Ingress.yaml │ │ ├── PersistentVolumeClaim.yaml │ │ ├── Secret_htpasswd.yaml │ │ ├── Service.yaml │ │ └── values.yaml │ └── values.yaml └── prow.sh ├── charts-we-like.md ├── charts ├── ansible-automation-platform │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── AnsibleAutomationController.yaml │ │ ├── admin-secret.yaml │ │ ├── cacertSecret.yaml │ │ ├── crd-reader.yaml │ │ ├── privileged-scc.yaml │ │ └── wait-for-crd.yaml │ └── values.yaml ├── argocd-operator │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── ArgoCD.yaml │ │ ├── ClusterRole.yaml │ │ ├── ClusterRoleBinding.yaml │ │ ├── OperatorGroup.yaml │ │ ├── PrometheusSubscription.yaml │ │ ├── RoleBinding.yaml │ │ ├── Secret.yaml │ │ ├── Subscription.yaml │ │ ├── anyuid-scc.yaml │ │ ├── crd-reader.yaml │ │ ├── helpers.tpl │ │ └── wait-for-crd.yaml │ └── values.yaml ├── bootstrap-project │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── bindings.yaml │ │ ├── namespace.yaml │ │ ├── operatorgroup.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── botpress │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE │ ├── README.md │ ├── botpress_fabicon.png │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── cert-manager-configs │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── AwsSecret.yaml │ │ ├── CABundle.yaml │ │ ├── Certificate.yaml │ │ ├── ClusterIssuer.yaml │ │ └── OpenshiftConfigs.yaml │ └── values.yaml ├── dev-ex-dashboard │ ├── .test.sh │ ├── Chart.yaml │ ├── templates │ │ ├── configmap.yaml │ │ ├── deploymentconfig.yaml │ │ ├── imagestream.yaml │ │ ├── route.yaml │ │ └── service.yaml │ └── values.yaml ├── etherpad │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── route.yaml │ │ └── service.yaml │ └── values.yaml ├── gitea │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deploymentconfig.yaml │ │ ├── imagestream.yaml │ │ ├── persistentvolumeclaim.yaml │ │ ├── postgresql-dc.yaml │ │ ├── postgresql-is.yaml │ │ ├── postgresql-pvc.yaml │ │ ├── postgresql-secret.yaml │ │ ├── postgresql-svc.yaml │ │ ├── route.yaml │ │ └── service.yaml │ └── values.yaml ├── gitops-operator │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── TEAM_DOCS.md │ ├── docs │ │ ├── controller-cluster-rbac-rules.yaml │ │ ├── images │ │ │ ├── cluster-argo-for-all.png │ │ │ ├── cluster-argo-per-team.png │ │ │ ├── cluster-argo.png │ │ │ ├── cluster-scoped-argocd.png │ │ │ ├── custom-role-bindings.png │ │ │ ├── namespaced-role-bindings.png │ │ │ ├── namespaced-team-argo.png │ │ │ ├── one-argo-to-rule-them-all.png │ │ │ ├── sre-cluster-argo-team-namespaced.png │ │ │ └── team-namespaced-argocd.png │ │ └── server-cluster-rbac-rules.yaml │ ├── templates │ │ ├── argocd-application-controller-clusterrole.yaml │ │ ├── argocd-application-controller-clusterrolebinding.yaml │ │ ├── argocd-cr.yaml │ │ ├── argocd-server-clusterrole.yaml │ │ ├── argocd-server-clusterrolebinding.yaml │ │ ├── crd-reader.yaml │ │ ├── secrets.yaml │ │ ├── subscription.yaml │ │ └── wait-for-crd.yaml │ └── values.yaml ├── helper-console-links │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── img │ │ └── screenshot.png │ ├── templates │ │ └── ConsoleLink.yaml │ └── values.yaml ├── helper-operator │ ├── Chart.yaml │ ├── LICENSE │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _helpers.tpl │ │ ├── jobs │ │ │ ├── enable_console_plugin-crb.yaml │ │ │ ├── enable_console_plugin-role.yaml │ │ │ ├── enable_console_plugin-sa.yaml │ │ │ └── enable_console_plugin.yaml │ │ ├── namespace.yaml │ │ └── operators │ │ │ ├── operatorgroup.yaml │ │ │ └── subscription.yaml │ └── values.yaml ├── helper-sealed-secrets │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ └── SealedSecret.yaml │ └── values.yaml ├── helper-status-checker │ ├── Chart.yaml │ ├── LICENSE │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _helpers.tpl │ │ ├── check_if_operator_is_ready.yaml │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── installplan-approver.yaml │ │ └── serviceAccount.yaml │ └── values.yaml ├── ipa │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── setup-users.sh │ ├── templates │ │ ├── _helpers.tpl │ │ ├── anyuid-scc.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configure-oauth-rbac.yaml │ │ ├── deployment.yaml │ │ ├── machineconfig.yaml │ │ ├── oauth-secret.yaml │ │ ├── pvc.yaml │ │ ├── route.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── setup-oauth-job.yaml │ └── values.yaml ├── jenkins │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── PersistentVolumeClaim.yaml │ │ ├── SealedSecret.yaml │ │ ├── buildconfigs.yaml │ │ ├── configuration-as-code-configmap.yaml │ │ ├── deployment.yaml │ │ ├── imagestreams.yaml │ │ ├── rolebinding.yaml │ │ ├── route.yaml │ │ ├── secret.yaml │ │ ├── serviceaccount.yaml │ │ └── services.yaml │ └── values.yaml ├── kopf │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── templates │ │ ├── clusterkopfpeering.yaml │ │ └── kopfpeering.yaml │ └── values.yaml ├── network-policy │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NetworkPolicy.yaml │ │ └── _helpers.tpl │ └── values.yaml ├── openshift-logforwarding-splunk │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── files │ │ ├── .gitkeep │ │ ├── default-openshift-logging-fluentd.crt │ │ └── default-openshift-logging-fluentd.key │ ├── templates │ │ ├── _helpers.tpl │ │ ├── log-forwarding-instance-tp.yaml │ │ ├── log-forwarding-instance.yaml │ │ ├── log-forwarding-serviceaccount.yaml │ │ ├── log-forwarding-splunk-certs-secret.yaml │ │ ├── log-forwarding-splunk-configmap.yaml │ │ ├── log-forwarding-splunk-secret.yaml │ │ ├── log-forwarding-splunk-service-headless.yaml │ │ ├── log-forwarding-splunk-service.yaml │ │ └── log-forwarding-splunk-statefulset.yaml │ └── values.yaml ├── operatorhub │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── install-modes-post-hook.yaml │ │ ├── operatorgroup.yaml │ │ └── subscription.yaml │ └── values.yaml ├── operators-installer │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── _integration-tests │ │ ├── test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml │ │ ├── test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml │ │ └── test-install-operator-with-approver-image-from-private-registry.yaml │ ├── _scripts │ │ ├── installplan-approver.py │ │ ├── installplan-incremental-approver.py │ │ ├── installplan-verifier.py │ │ └── installplan_utils.py │ ├── ci │ │ ├── test-install-multiple-operators-in-different-namespaces-approve-via-helm-hook-values.yaml │ │ ├── test-install-multiple-operators-in-same-namespace-approve-via-helm-hook-values.yaml │ │ ├── test-install-old-operator-approve-not-via-helm-hook-values.yaml │ │ ├── test-install-old-operator-approve-via-helm-hook-values.yaml │ │ ├── test-install-operator-first-time-with-automatic-intermediate-manual-upgrades-values.yaml │ │ ├── test-install-operator-subscription-with-config-values.yaml │ │ ├── test-install-operator-with-channel-number-values.yaml │ │ └── test-install-operator-with-long-name-values.yaml │ ├── templates │ │ ├── ConfigMap_operators-installer-approver-scripts.yaml │ │ ├── Job_installplan-approver.yaml │ │ ├── Job_installplan-complete-verifier.yaml │ │ ├── Namespace.yaml │ │ ├── OperatorGroup.yaml │ │ ├── RoleBinding_installplan-approvers.yaml │ │ ├── Role_installplan-approver.yaml │ │ ├── ServiceAccount_installplan-approver.yaml │ │ ├── Subscription.yaml │ │ └── _helpers.tpl │ └── values.yaml ├── owncloud │ ├── .helmignore │ ├── Chart.yaml │ ├── persistent-oauth-proxy.json │ ├── persistent.json │ ├── templates │ │ ├── _helpers.tpl │ │ ├── cronjob.yaml │ │ ├── mariadb-dc.yaml │ │ ├── mariadb-pvc.yaml │ │ ├── mariadb-svc.yaml │ │ ├── owncloud-dc.yaml │ │ ├── owncloud-is.yaml │ │ ├── owncloud-pvc.yaml │ │ ├── owncloud-svc.yaml │ │ ├── redis-dc.yaml │ │ ├── redis-pvc.yaml │ │ ├── redis-svc.yaml │ │ ├── route.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── pact-broker │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── templates │ │ ├── deploymentconfig.yaml │ │ ├── postgres-dc.yaml │ │ ├── postgres-service.yaml │ │ ├── pvc.yaml │ │ ├── route.yaml │ │ ├── secrets.yaml │ │ └── service.yaml │ └── values.yaml ├── ploigos │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── delete-tssc.sh │ ├── templates │ │ ├── _helpers.tpl │ │ ├── catalog-source.yaml │ │ ├── crd-reader.yaml │ │ ├── delete-csv-hook-rbac.yaml │ │ ├── delete-csv-hook.yaml │ │ ├── operatorgroup.yaml │ │ ├── subscription.yaml │ │ ├── tsscplatform-cr.yaml │ │ └── wait-for-crd.yaml │ └── values.yaml ├── quay │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── ns-quay-enterprise.yaml │ │ ├── quay-registry.yaml │ │ └── secret-quay-registry-config-bundle.yaml │ └── values.yaml ├── sonarqube │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── postgres-dc.yaml │ │ ├── postgres-pvc.yaml │ │ ├── postgres-secret.yaml │ │ ├── postgres-service.yaml │ │ ├── sonar-cm-config.yaml │ │ ├── sonar-cm-copy-plugins.yaml │ │ ├── sonar-cm-install-plugins.yaml │ │ ├── sonar-deployment.yaml │ │ ├── sonar-ingress.yaml │ │ ├── sonar-pvc.yaml │ │ ├── sonar-route.yaml │ │ ├── sonar-service.yaml │ │ ├── sonar-serviceaccount.yaml │ │ ├── sonarqube-admin-secret.yaml │ │ └── update-admin-pwd-hook.yaml │ └── values.yaml ├── sonatype-nexus │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── config-nexus.txt │ │ ├── configmap.yaml │ │ ├── deployment-statefulset.yaml │ │ ├── image-pull-secret.yaml │ │ ├── ingress.yaml │ │ ├── proxy-route.yaml │ │ ├── pv.yaml │ │ ├── pvc.yaml │ │ ├── route.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ └── setup-nexus-job.yaml │ └── values.yaml ├── stackrox │ ├── .gitignore │ ├── .helmignore │ ├── .test.sh │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configure-stackrox-job.yaml │ │ ├── configure-stackrox-rbac.yaml │ │ ├── namespace.yaml │ │ └── subscription.yaml │ └── values.yaml ├── static-site │ ├── Chart.yaml │ ├── README-zh.md │ ├── README.md │ ├── alpine-curl-git.Dockerfile │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── deployment.yaml │ │ └── service.yaml │ └── values.yaml ├── tekton-demo │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── assets │ │ ├── logo.png │ │ ├── pipeline-with-task-steps.png │ │ ├── pipeline.png │ │ └── routes.png │ ├── templates │ │ ├── _helpers.tpl │ │ ├── github │ │ │ ├── github-webhook-create.yaml │ │ │ ├── github-webhook-run.yaml │ │ │ ├── trigger-binding.yaml │ │ │ ├── trigger-eventlistener.yaml │ │ │ ├── trigger-sa-rbac.yaml │ │ │ ├── trigger-template.yaml │ │ │ └── trigger-webhook-rbac.yaml │ │ ├── pipelines │ │ │ └── nodejs.yaml │ │ ├── resources │ │ │ ├── nodejs-git.yaml │ │ │ ├── nodejs-images.yaml │ │ │ └── pvc.yaml │ │ ├── roles.yaml │ │ └── tasks │ │ │ ├── conditions.yaml │ │ │ ├── task-apply.yaml │ │ │ ├── task-build.yaml │ │ │ ├── task-deploy.yaml │ │ │ ├── task-docs.yaml │ │ │ ├── task-finally.yaml │ │ │ ├── task-git-clone.yaml │ │ │ ├── task-github-pull-request.yaml │ │ │ ├── task-github.yaml │ │ │ ├── task-helm.yaml │ │ │ ├── task-prepare.yaml │ │ │ ├── task-promote.yaml │ │ │ ├── task-standards.yaml │ │ │ ├── task-status.yaml │ │ │ ├── task-tag.yaml │ │ │ ├── task-test-integration.yaml │ │ │ └── task-test-performance.yaml │ └── values.yaml ├── tpl │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _job_sleeptimer.tpl │ │ ├── _labels.tpl │ │ ├── _nodeSelector.tpl │ │ ├── _resources.tpl │ │ ├── _serviceAccount.tpl │ │ ├── _tolerations.tpl │ │ └── test │ │ │ └── example.yaml │ ├── values-example.yaml │ └── values.yaml └── update-clusterversion │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ └── clusterversion.yaml │ └── values.yaml └── renovate.json /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | #### What is this PR About? 2 | Describe the contents of the PR 3 | 4 | #### How do we test this? 5 | Provide commands/steps to test this PR. 6 | 7 | cc: @redhat-cop/day-in-the-life 8 | -------------------------------------------------------------------------------- /.github/dependabot.yaml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | # Check for updates to GitHub Actions every weekday 8 | interval: "monthly" 9 | -------------------------------------------------------------------------------- /.github/renovate-bump.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | CHARTS_CHANGED=() 4 | changed=$(ct list-changed --target-branch main) 5 | for chart in ${changed}; do 6 | echo "Chart has changes: ${chart}" 7 | 8 | hasVersionBumped=$(git --no-pager diff "${chart}/Chart.yaml" | grep "+version" | wc -l) 9 | if [[ "${hasVersionBumped}" -eq 0 ]]; then 10 | echo "-> Version has not been bumped. Bumping to:" 11 | pybump bump --file "${chart}/Chart.yaml" --level patch 12 | 13 | CHARTS_CHANGED+=("${chart}/Chart.yaml") 14 | fi 15 | 16 | echo 17 | done 18 | 19 | echo "CHARTS=$(echo ${CHARTS_CHANGED[*]})" >> $GITHUB_OUTPUT 20 | -------------------------------------------------------------------------------- /.github/workflows/conftest.yaml: -------------------------------------------------------------------------------- 1 | name: Validate 2 | 3 | on: 4 | push: 5 | paths-ignore: 6 | - '.github/**' 7 | - 'README.md' 8 | pull_request: 9 | paths-ignore: 10 | - '.github/**' 11 | - 'README.md' 12 | 13 | concurrency: 14 | group: ${{ github.workflow }}-${{ github.ref }} 15 | cancel-in-progress: true 16 | 17 | jobs: 18 | conftest: 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Checkout 22 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 23 | 24 | - name: Conftest 25 | uses: redhat-cop/github-actions/confbatstest@561af5e610560aef3210ca7a08fe73b2add97648 # v4.5 26 | with: 27 | tests: _test/conftest.sh 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # General files for the project 2 | pkg/* 3 | *.pyc 4 | bin/* 5 | .project 6 | /.bin 7 | /_test/secrets/*.json 8 | 9 | # OSX leaves these everywhere on SMB shares 10 | ._* 11 | 12 | # OSX trash 13 | .DS_Store 14 | 15 | # Files generated by JetBrains IDEs, e.g. IntelliJ IDEA 16 | .idea/ 17 | *.iml 18 | 19 | # Vscode files 20 | .vscode 21 | 22 | # Emacs save files 23 | *~ 24 | \#*\# 25 | .\#* 26 | 27 | # Vim-related files 28 | [._]*.s[a-w][a-z] 29 | [._]s[a-w][a-z] 30 | *.un~ 31 | Session.vim 32 | .netrwhist 33 | 34 | # Chart dependencies 35 | **/charts/*.tgz 36 | Chart.lock 37 | 38 | .history 39 | 40 | *.tgz 41 | 42 | # Rego 43 | policy/ 44 | 45 | # BATS 46 | _test/test_helper/ 47 | -------------------------------------------------------------------------------- /.gitleaks.toml: -------------------------------------------------------------------------------- 1 | [allowlist] 2 | description = "Global Allowlist" 3 | 4 | # Ignore based on any subset of the file path 5 | paths = [ 6 | # Ignore all example certs 7 | 'renovate.json' 8 | ] 9 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/pre-commit/pre-commit-hooks 3 | rev: v5.0.0 4 | hooks: 5 | - id: check-case-conflict 6 | - id: check-shebang-scripts-are-executable 7 | - id: check-json 8 | - id: end-of-file-fixer 9 | - id: trailing-whitespace 10 | - repo: https://gitlab.cee.redhat.com/infosec-public/developer-workbench/tools.git 11 | rev: rh-pre-commit-2.3.2 12 | hooks: 13 | # If you have not run this hook on your system before, it may prompt you to 14 | # log in for patterns, and you will need to try again. 15 | # 16 | # Docs: https://source.redhat.com/departments/it/it-information-security/leaktk/leaktk_components/rh_pre_commit 17 | - id: rh-pre-commit 18 | - id: rh-pre-commit.commit-msg # Optional for commit-msg attestation 19 | -------------------------------------------------------------------------------- /_test/bats-support-clone.bash: -------------------------------------------------------------------------------- 1 | if [[ ! -d "_test/test_helper/bats-support" ]]; then 2 | # Download bats-support dynamically so it doesnt need to be added into source 3 | git clone https://github.com/ztombol/bats-support _test/test_helper/bats-support --depth 1 4 | fi 5 | 6 | if [[ ! -d "_test/test_helper/redhatcop-bats-library" ]]; then 7 | # Download redhat-cop/bats-library dynamically so it doesnt need to be added into source 8 | git clone https://github.com/redhat-cop/bats-library _test/test_helper/redhatcop-bats-library --depth 1 9 | fi 10 | -------------------------------------------------------------------------------- /_test/ct-config.yaml: -------------------------------------------------------------------------------- 1 | helm-extra-args: "--debug --timeout 20m0s" 2 | kubectl-timeout: "5m0s" 3 | skip-clean-up: false 4 | all: false 5 | 6 | # excluding all charts that on an intial test with ct install fail because they need some more massaging of "kind" to be able to work there (if even possible) because they have built in assumptions about OpenShift 7 | # included charts (can't use the included harts option with CT because then they will always run and will ignore the ct changed charts functionality) 8 | # - specific tests written 9 | # * operators-installer 10 | # - using defaults, no specific tests written 11 | # * argocd-operator 12 | # * bootstrap-project 13 | # * kopf 14 | # * network-policy 15 | excluded-charts: 16 | - ansible-automation-platform 17 | - cert-manager-configs 18 | - dev-ex-dashboard 19 | - etherpad 20 | - gitea 21 | - gitops-operator 22 | - helper-console-links 23 | - helper-sealed-secrets 24 | - ipa 25 | - jenkins 26 | - openshift-logforwarding-splunk 27 | - operatorhub 28 | - owncloud 29 | - pact-broker 30 | - ploigos 31 | - quay 32 | - sonarqube 33 | - sonatype-nexus 34 | - stackrox 35 | - static-site 36 | - update-clusterversion 37 | - tekton-demo 38 | -------------------------------------------------------------------------------- /_test/helm-install-debug-logging.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TEST_NAMESPACE=$1 4 | 5 | echo 6 | echo "### Get Pods ###" 7 | kubectl get pods --namespace ${TEST_NAMESPACE} 8 | 9 | echo 10 | echo "### Describe Pods ###" 11 | kubectl describe pods --namespace ${TEST_NAMESPACE} 12 | 13 | echo 14 | echo "### Dump Pods Logs for debugging ###" 15 | kubectl get pods --namespace ${TEST_NAMESPACE} --output name 2>&1 | tee pods.csv 16 | while read pod || [ -n "${pod}" ]; do 17 | kubectl logs ${pod} --namespace ${TEST_NAMESPACE} 18 | done < <(sort -u pods.csv) 19 | 20 | echo 21 | echo "### Get Jobs ###" 22 | kubectl get jobs --namespace ${TEST_NAMESPACE} 23 | 24 | echo 25 | echo "### Describe Jobs ###" 26 | kubectl describe jobs --namespace ${TEST_NAMESPACE} 27 | 28 | echo 29 | echo "### Dump Jobs Logs for debugging ###" 30 | kubectl get jobs --namespace ${TEST_NAMESPACE} --output name 2>&1 | tee jobs.csv 31 | while read job || [ -n "${job}" ]; do 32 | kubectl logs job/${pod} --namespace ${TEST_NAMESPACE} 33 | done < <(sort -u jobs.csv) 34 | -------------------------------------------------------------------------------- /_test/kind-config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | extraPortMappings: 6 | - containerPort: 5000 7 | hostPort: 5000 8 | protocol: TCP 9 | - containerPort: 80 10 | hostPort: 80 11 | protocol: TCP 12 | 13 | # SOURCE: https://kind.sigs.k8s.io/docs/user/local-registry/ 14 | containerdConfigPatches: 15 | - |- 16 | [plugins."io.containerd.grpc.v1.cri".registry] 17 | config_path = "/etc/containerd/certs.d" 18 | -------------------------------------------------------------------------------- /_test/private-registry/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: private-registry 3 | version: 0.0.2 4 | -------------------------------------------------------------------------------- /_test/private-registry/README.md: -------------------------------------------------------------------------------- 1 | # private-registry 2 | Creates a private local registry with basic auth. 3 | 4 | Ideally would just use the built in private registry with the 'kind' github action, but it does not currently (as of Jan 15, 2025) support configuring basic auth which is needed for some of our testing. 5 | -------------------------------------------------------------------------------- /_test/private-registry/templates/ConfigMap_local-registry.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SOURCE: https://kind.sigs.k8s.io/docs/user/local-registry/ 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: local-registry-hosting 7 | namespace: kube-public 8 | data: 9 | localRegistryHosting.v1: | 10 | host: "{{ .Values.registryIngressHost }}" 11 | help: "https://kind.sigs.k8s.io/docs/user/local-registry/" 12 | -------------------------------------------------------------------------------- /_test/private-registry/templates/Ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: registry 5 | namespace: registry 6 | spec: 7 | rules: 8 | - host: {{ .Values.registryIngressHost }} 9 | http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: registry 16 | port: 17 | number: 5000 18 | -------------------------------------------------------------------------------- /_test/private-registry/templates/PersistentVolumeClaim.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: registry 5 | namespace: registry 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 30Gi 12 | -------------------------------------------------------------------------------- /_test/private-registry/templates/Secret_htpasswd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | htpasswd: {{ htpasswd .Values.registryUser .Values.registryPassword | b64enc }} 4 | kind: Secret 5 | metadata: 6 | name: htpasswd 7 | namespace: registry 8 | -------------------------------------------------------------------------------- /_test/private-registry/templates/Service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: registry 6 | name: registry 7 | namespace: registry 8 | spec: 9 | ports: 10 | - name: http 11 | port: 5000 12 | protocol: TCP 13 | targetPort: 5000 14 | selector: 15 | app: registry 16 | sessionAffinity: None 17 | type: ClusterIP 18 | -------------------------------------------------------------------------------- /_test/private-registry/templates/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/_test/private-registry/templates/values.yaml -------------------------------------------------------------------------------- /_test/private-registry/values.yaml: -------------------------------------------------------------------------------- 1 | registryUser: 2 | registryPassword: 3 | registryIngressHost: registry.localhost 4 | -------------------------------------------------------------------------------- /_test/prow.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | run() { 4 | echo "Running helm for all..." 5 | 6 | for file in $(find . -name ".test.sh" -type f | sort | xargs); do 7 | pushd $(dirname $file) > /dev/null 8 | 9 | echo "" 10 | echo "## $(pwd)" 11 | echo "" 12 | 13 | ./.test.sh install || exit $? 14 | ./.test.sh test || exit $? 15 | ./.test.sh cleanup || exit $? 16 | 17 | popd > /dev/null 18 | done 19 | 20 | echo "Done testing all charts." 21 | } 22 | 23 | run 24 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: v2.0.2 3 | description: A Helm chart for customizing the deployment of the Ansible Automation 4 | Platform Operator 5 | name: ansible-automation-platform 6 | version: 0.0.9 7 | home: https://github.com/redhat-cop/helm-charts 8 | maintainers: 9 | - name: paulbarfuss 10 | - name: ecda909 11 | - name: jfilipcz 12 | dependencies: 13 | - name: operatorhub 14 | version: 0.0.12 15 | repository: https://redhat-cop.github.io/helm-charts 16 | condition: operatorhub.enabled 17 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/templates/admin-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.automationController.admin_password }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "ansible-automation-controller-custom-admin-password" 7 | namespace: {{ .Values.namespace }} 8 | labels: 9 | app.kubernetes.io/name: ansible-automation-controller 10 | app.kubernetes.io/part-of: ansible-automation-controller 11 | type: Opaque 12 | data: 13 | password: {{ .Values.automationController.admin_password | b64enc | quote }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/templates/cacertSecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.automationController.ldap_cacert }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: ldap-cacert 7 | namespace: {{ .Values.namespace }} 8 | labels: 9 | app.kubernetes.io/name: ansible-automation-controller 10 | app.kubernetes.io/part-of: ansible-automation-controller 11 | type: Opaque 12 | data: 13 | ldap-ca.crt: {{ .Values.automationController.ldap_cacert | b64enc | quote }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/templates/crd-reader.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: crd-reader 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-5" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | rules: 12 | - apiGroups: 13 | - apiextensions.k8s.io 14 | resources: 15 | - 'customresourcedefinitions' 16 | verbs: 17 | - get 18 | - list 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: crd-reader-binding 24 | annotations: 25 | "helm.sh/hook": post-install,post-upgrade 26 | "helm.sh/hook-weight": "-5" 27 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 28 | roleRef: 29 | apiGroup: rbac.authorization.k8s.io 30 | kind: ClusterRole 31 | name: crd-reader 32 | subjects: 33 | - kind: ServiceAccount 34 | name: default 35 | namespace: {{ .Values.namespace }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/templates/privileged-scc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.automationController.taskPrivileged }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ .Values.namespace }}-privileged-scc 7 | namespace: {{ .Values.namespace }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: system:openshift:scc:privileged 12 | subjects: 13 | - kind: ServiceAccount 14 | name: ansible-automation-platform 15 | namespace: {{ .Values.namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/ansible-automation-platform/templates/wait-for-crd.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: v1 4 | kind: Pod 5 | metadata: 6 | name: cluster-check 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-1" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | namespace: {{ .Values.namespace }} 12 | spec: 13 | containers: 14 | - name: crd-check 15 | image: quay.io/openshift/origin-cli:4.7 16 | imagePullPolicy: IfNotPresent 17 | command: ['sh', '-c', 'while [ true ]; do oc get crd automationcontrollers.automationcontroller.ansible.com; if [ $? -eq 0 ]; then break; fi ; sleep 5s; done'] 18 | restartPolicy: Never 19 | terminationGracePeriodSeconds: 0 20 | serviceAccount: default 21 | serviceAccountName: default 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/argocd-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/argocd-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: v2.1.5 3 | description: A Helm chart for customising the deployment of the ArgoCD Operator ⚓️ 4 | name: argocd-operator 5 | version: 1.2.2 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://cncf-branding.netlify.app/img/projects/argo/stacked/color/argo-stacked-color.png 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: eformat 12 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/ArgoCD.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ArgoCD 5 | metadata: 6 | name: {{ .Values.name }} 7 | labels: 8 | app: {{ .Values.name }} 9 | {{- if not .Values.ignoreHelmHooks }} 10 | annotations: 11 | "helm.sh/hook": post-install,post-upgrade 12 | "helm.sh/hook-weight": "25" 13 | {{- end }} 14 | namespace: {{ include "argocd-operator.ns" . }} 15 | spec: 16 | {{- if .Values.argocd_cr }} 17 | {{- .Values.argocd_cr | toYaml | trim | nindent 2 }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/ClusterRole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: application-controller 8 | app.kubernetes.io/name: {{ include "argocd-operator.ns" . }}-argocd-application-controller 9 | app.kubernetes.io/part-of: {{ include "argocd-operator.ns" . }} 10 | name: {{ include "argocd-operator.ns" . }}-argocd-application-controller 11 | rules: 12 | - apiGroups: 13 | - '*' 14 | resources: 15 | - '*' 16 | verbs: 17 | - '*' 18 | - nonResourceURLs: 19 | - '*' 20 | verbs: 21 | - '*' 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/ClusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: application-controller 8 | app.kubernetes.io/name: {{ include "argocd-operator.ns" . }}-argocd-application-controller 9 | app.kubernetes.io/part-of: {{ include "argocd-operator.ns" . }} 10 | name: {{ include "argocd-operator.ns" . }}-argocd-application-controller 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ include "argocd-operator.ns" . }}-argocd-application-controller 15 | {{- if not .Values.namespaceRoleBinding.enabled }} 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ .Values.name }}-argocd-application-controller 19 | namespace: {{ include "argocd-operator.ns" . }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/OperatorGroup.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | {{- if .Values.operator }} 3 | {{- if .Values.operator.operatorgroup }} 4 | --- 5 | apiVersion: operators.coreos.com/v1 6 | kind: OperatorGroup 7 | metadata: 8 | name: {{ include "argocd-operator.ns" . }} 9 | generateName: {{ include "argocd-operator.ns" . }}- 10 | namespace: {{ include "argocd-operator.ns" . }} 11 | spec: 12 | targetNamespaces: 13 | - {{ include "argocd-operator.ns" . }} 14 | {{- end }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/PrometheusSubscription.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.metrics.enabled }} 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: prometheus-operator 7 | namespace: {{ include "argocd-operator.ns" . }} 8 | spec: 9 | channel: beta 10 | installPlanApproval: Automatic 11 | name: prometheus 12 | source: community-operators 13 | sourceNamespace: openshift-marketplace 14 | startingCSV: {{ .Values.metrics.prometheus.version | quote }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaceRoleBinding.enabled }} 2 | {{- range $key := .Values.namespaceRoleBinding.namespaces }} 3 | {{ $ns:= printf "%s" .name }} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | labels: 9 | app.kubernetes.io/component: application-controller 10 | app.kubernetes.io/name: {{ $ns }}-argocd-application-controller 11 | app.kubernetes.io/part-of: {{ $ns | quote }} 12 | name: {{ $ns }}-argocd-application-controller 13 | namespace: {{ $ns | quote }} 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: {{ $ns }}-argocd-application-controller 18 | subjects: 19 | - kind: ServiceAccount 20 | name: {{ $ns }}-argocd-application-controller 21 | namespace: {{ $ns | quote }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/Secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets }} 2 | {{- range $key := .Values.secrets }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ .name }} 8 | namespace: {{ include "argocd-operator.ns" $ }} 9 | labels: 10 | app.kubernetes.io/name: argocd-secret 11 | app.kubernetes.io/part-of: argocd 12 | type: kubernetes.io/basic-auth 13 | stringData: 14 | password: {{ .password | quote }} 15 | username: {{ .username | quote }} 16 | sshPrivateKey: {{ .sshPrivateKey | quote }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/Subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | {{- if .Values.operator }} 3 | --- 4 | apiVersion: operators.coreos.com/v1alpha1 5 | kind: Subscription 6 | metadata: 7 | name: {{ .Values.operator.name }} 8 | namespace: {{ include "argocd-operator.ns" . }} 9 | spec: 10 | channel: {{ .Values.operator.channel }} 11 | installPlanApproval: {{ .Values.operator.installPlanApproval }} 12 | name: {{ .Values.operator.name }} 13 | source: community-operators 14 | sourceNamespace: openshift-marketplace 15 | startingCSV: {{ .Values.operator.version | quote }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/anyuid-scc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.argocd_cr.ha.enabled }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: argocd-redis-ha-anyuid-scc 7 | namespace: {{ include "argocd-operator.ns" . }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: system:openshift:scc:anyuid 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ .Values.name }}-argocd-redis-ha 15 | namespace: {{ include "argocd-operator.ns" . }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/crd-reader.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: crd-reader 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-5" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | rules: 12 | - apiGroups: 13 | - apiextensions.k8s.io 14 | resources: 15 | - 'customresourcedefinitions' 16 | verbs: 17 | - get 18 | - list 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: crd-reader-binding 24 | annotations: 25 | "helm.sh/hook": post-install,post-upgrade 26 | "helm.sh/hook-weight": "-5" 27 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 28 | roleRef: 29 | apiGroup: rbac.authorization.k8s.io 30 | kind: ClusterRole 31 | name: crd-reader 32 | subjects: 33 | - kind: ServiceAccount 34 | name: default 35 | namespace: {{ include "argocd-operator.ns" . }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Namespace from Values or Release Name 3 | */}} 4 | {{- define "argocd-operator.ns" -}} 5 | {{- if .Values.namespace }} 6 | {{- .Values.namespace | trunc 63 | trimSuffix "-" -}} 7 | {{- else -}} 8 | {{- .Release.Namespace | trunc 63 | trimSuffix "-" -}} 9 | {{- end -}} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/argocd-operator/templates/wait-for-crd.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: v1 4 | kind: Pod 5 | metadata: 6 | name: cluster-check 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-1" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | namespace: {{ include "argocd-operator.ns" . }} 12 | spec: 13 | containers: 14 | - name: crd-check 15 | image: quay.io/openshift/origin-cli:4.7 16 | imagePullPolicy: IfNotPresent 17 | command: ['sh', '-c', 'while [ true ]; do oc get crd argocds.argoproj.io applications.argoproj.io appprojects.argoproj.io argocdexports.argoproj.io; if [ $? -eq 0 ]; then break; fi ; sleep 5s; done'] 18 | restartPolicy: Never 19 | terminationGracePeriodSeconds: 0 20 | serviceAccount: default 21 | serviceAccountName: default 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/bootstrap-project/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "v0.0.1" 3 | description: A Helm chart for deploying and managing Openshift projects 🦆 4 | name: bootstrap-project 5 | version: 1.0.2 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://www.iconpacks.net/icons/1/free-rocket-icon-1206-thumb.png 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: eformat 12 | -------------------------------------------------------------------------------- /charts/bootstrap-project/templates/bindings.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaces }} 2 | {{- range $k :=.Values.namespaces }} 3 | {{ $ns:= printf "%s" $k.name}} 4 | {{- if $k.bindings }} 5 | --- 6 | apiVersion: v1 7 | kind: List 8 | metadata: 9 | name: {{ $ns }}-rb-list 10 | annotations: 11 | # This is what defines this resource as a hook. Without this line, the 12 | # job is considered part of the release. 13 | "helm.sh/hook": post-install 14 | items: 15 | {{- range $b := $k.bindings }} 16 | - apiVersion: rbac.authorization.k8s.io/v1 17 | kind: RoleBinding 18 | metadata: 19 | name: "{{ $b.name }}-{{ $b.role }}-role" 20 | namespace: {{ $ns }} 21 | roleRef: 22 | name: "{{ $b.role }}" 23 | apiGroup: rbac.authorization.k8s.io 24 | kind: ClusterRole 25 | subjects: 26 | - kind: "{{ $b.kind }}" 27 | name: "{{ $b.name }}" 28 | {{- if ne (lower $b.kind) "serviceaccount" }} 29 | apiGroup: "rbac.authorization.k8s.io" 30 | {{- end }} 31 | {{- if $b.namespace }} 32 | namespace: "{{ printf "%s" $b.namespace }}" 33 | {{- end }} 34 | {{- end }} 35 | {{- end }} 36 | {{- end }} 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/bootstrap-project/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaces }} 2 | {{- range $key := .Values.namespaces }} 3 | {{ $ns:= printf "%s" .name}} 4 | --- 5 | apiVersion: v1 6 | kind: Namespace 7 | metadata: 8 | name: {{ $ns | quote}} 9 | {{- if $key.labels }} 10 | labels: 11 | {{- range $k,$v := $key.labels }} 12 | {{ $k }}: {{ $v | quote }} 13 | {{- end }} 14 | {{- end }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/bootstrap-project/templates/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaces }} 2 | {{- range $key := .Values.namespaces }} 3 | {{- if .operatorgroup }} 4 | --- 5 | apiVersion: operators.coreos.com/v1 6 | kind: OperatorGroup 7 | metadata: 8 | name: {{ .name }}-og 9 | namespace: {{ .name | quote }} 10 | spec: 11 | targetNamespaces: 12 | - {{ .name }} 13 | {{- end }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/bootstrap-project/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceaccounts }} 2 | {{- range $key := .Values.serviceaccounts }} 3 | {{ $ns:= printf "%s" .namespace }} 4 | --- 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: {{ .name }} 9 | namespace: {{ $ns | quote }} 10 | {{- end }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/bootstrap-project/values.yaml: -------------------------------------------------------------------------------- 1 | ci_cd_namespace: &ci_cd "labs-ci-cd" 2 | dev_namespace: &dev "labs-dev" 3 | test_namespace: &test "labs-test" 4 | namespaces: 5 | - name: *ci_cd 6 | operatorgroup: false 7 | bindings: 8 | # this labs-devs is the GROUP NAME in IDM 9 | - name: labs-devs 10 | kind: Group 11 | role: edit 12 | # this labs-admins is the GROUP NAME in IDM 13 | - name: labs-admins 14 | kind: Group 15 | role: admin 16 | - name: dummy-sa 17 | kind: ServiceAccount 18 | role: admin 19 | namespace: *ci_cd 20 | - name: *dev 21 | operatorgroup: true 22 | bindings: 23 | - name: labs-devs 24 | kind: Group 25 | role: edit 26 | - name: labs-admins 27 | kind: Group 28 | role: admin 29 | - name: dummy-sa 30 | kind: ServiceAccount 31 | role: admin 32 | namespace: *ci_cd 33 | - name: *test 34 | operatorgroup: true 35 | bindings: 36 | - name: labs-devs 37 | kind: Group 38 | role: edit 39 | - name: labs-admins 40 | kind: Group 41 | role: admin 42 | - name: dummy-sa 43 | kind: ServiceAccount 44 | role: admin 45 | namespace: *ci_cd 46 | 47 | serviceaccounts: 48 | - name: dummy-sa 49 | namespace: *ci_cd 50 | -------------------------------------------------------------------------------- /charts/botpress/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/botpress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: botpress 3 | description: A Botpress Community Helm chart for OpenShift 4 | kubeVersion: ">=1.20.0" 5 | type: application 6 | version: 0.1.2 7 | sources: 8 | - https://github.com/maximilianoPizarro/botpress-helm-chart 9 | keywords: 10 | - botpress 11 | - nodejs 12 | appVersion: botpress-server-v12 13 | home: https://maximilianopizarro.github.io/botpress-helm-chart/ 14 | maintainers: 15 | - name: maximilianoPizarro 16 | email: maximiliano.pizarro.5@gmail.com 17 | url: http://www.linkedin.com/in/maximiliano-gregorio-pizarro-consultor-it 18 | icon: https://raw.githubusercontent.com/maximilianoPizarro/botpress-helm-chart/main/botpress_fabicon.png 19 | annotations: 20 | charts.openshift.io/name: Botpress Server v12 21 | -------------------------------------------------------------------------------- /charts/botpress/botpress_fabicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/botpress/botpress_fabicon.png -------------------------------------------------------------------------------- /charts/botpress/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "botpress.fullname" . }} 6 | labels: 7 | {{- include "botpress.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "botpress.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/botpress/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "botpress.fullname" . }} 6 | labels: 7 | {{- include "botpress.labels" . | nindent 4 }} 8 | spec: 9 | {{- if .Values.persistence.hostPath }} 10 | storageClassName: "" 11 | {{- end }} 12 | volumeMode: Filesystem 13 | accessModes: 14 | {{- if not (empty .Values.persistence.accessModes) }} 15 | {{- range .Values.persistence.accessModes }} 16 | - {{ . | quote }} 17 | {{- end }} 18 | {{- else }} 19 | - {{ .Values.persistence.accessMode | quote }} 20 | {{- end }} 21 | resources: 22 | requests: 23 | storage: {{ .Values.persistence.size | quote }} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/botpress/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "botpress.fullname" . }} 5 | labels: 6 | {{- include "botpress.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "botpress.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/botpress/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "botpress.serviceAccountName" . }} 6 | labels: 7 | {{- include "botpress.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/botpress/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "botpress.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "botpress.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "botpress.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cert-manager-configs 3 | version: v0.1.2 4 | appVersion: v0.1.1 5 | description: A Helm chart for installing customizations to the cert-manager deployment 6 | home: https://github.com/rht-labs/helm-charts 7 | icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png 8 | maintainers: 9 | - name: paulbarfuss 10 | email: pbarfuss@redhat.com 11 | - name: jfilipcz 12 | email: jfilipcz@redhat.com 13 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/templates/AwsSecret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.issuer.dns.enabled }} 2 | {{- if eq .Values.issuer.provider "route53" }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: "aws-secret-access-key-secret" 8 | namespace: {{ .Values.namespace }} 9 | type: Opaque 10 | data: 11 | aws-secret-access-key: {{ .Values.aws.secretAccessKey | b64enc | quote }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/templates/CABundle.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cluster.caBundle }} 2 | --- 3 | kind: ConfigMap 4 | apiVersion: v1 5 | metadata: 6 | name: letsencrypt-ca 7 | namespace: openshift-config 8 | data: 9 | ca-bundle.crt: {{ .Values.cluster.caBundle | toYaml | indent 2 }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/templates/Certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certificates }} 2 | {{- range $certificate := .Values.certificates }} 3 | --- 4 | apiVersion: cert-manager.io/v1 5 | kind: Certificate 6 | metadata: 7 | name: {{ $certificate.name }} 8 | namespace: {{ $certificate.namespace }} 9 | spec: 10 | secretName: {{ $certificate.name }} 11 | issuerRef: 12 | name: {{ $certificate.issuerRef }} 13 | kind: {{ $certificate.issuerKind }} 14 | {{- with $dnsName := .dnsNames }} 15 | dnsNames: {{ toYaml $dnsName | nindent 4 }} 16 | {{- end }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/cert-manager-configs/templates/OpenshiftConfigs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cluster.apiServer.enabled }} 2 | {{- if .Values.cluster.ingressController.enabled }} 3 | --- 4 | kind: APIServer 5 | apiVersion: config.openshift.io/v1 6 | metadata: 7 | name: cluster 8 | spec: 9 | servingCerts: 10 | namedCertificates: 11 | - names: 12 | - {{ .Values.cluster.apiServer.name }} 13 | servingCertificate: 14 | name: {{ .Values.cluster.apiServer.tlsSecret }} 15 | 16 | --- 17 | apiVersion: operator.openshift.io/v1 18 | kind: IngressController 19 | metadata: 20 | name: default 21 | namespace: openshift-ingress-operator 22 | spec: 23 | defaultCertificate: 24 | name: ingress-letsencrypt-cert 25 | 26 | --- 27 | apiVersion: config.openshift.io/v1 28 | kind: Proxy 29 | metadata: 30 | name: cluster 31 | spec: 32 | trustedCA: 33 | name: letsencrypt-ca 34 | {{- end }} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/dev-ex-dashboard/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: dev-ex-dashboard 3 | description: A Helm chart to deploy the Developer Experience Dashboard 4 | type: application 5 | # HelmChart Version 6 | version: 0.0.6 7 | # This is the version number of the application being deployed. This version number should be 8 | # incremented each time you make changes to the application. 9 | appVersion: v1.0 10 | home: https://github.com/redhat-cop/helm-charts 11 | icon: https://cdn.iconscout.com/icon/free/png-256/dashboard-1739866-1481441.png 12 | maintainers: 13 | - name: springdo 14 | - name: ckavili 15 | - name: eformat 16 | -------------------------------------------------------------------------------- /charts/dev-ex-dashboard/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: "{{ .Values.app_name }}-environment" 7 | annotations: 8 | argocd.argoproj.io/compare-options: IgnoreExtraneous 9 | argocd.argoproj.io/sync-options: Prune=false 10 | data: 11 | conf: | 12 | {{- .Values.config | toYaml | nindent 4 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/dev-ex-dashboard/templates/imagestream.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | creationTimestamp: null 6 | labels: 7 | app: {{ .Values.app_name }} 8 | name: {{ .Values.app_name }} 9 | spec: 10 | tags: 11 | - annotations: 12 | openshift.io/imported-from: rht-labs/dev-ex-dashboard 13 | from: 14 | kind: DockerImage 15 | name: {{ .Values.deployment.image.name }}:{{ .Values.deployment.image.tag }} 16 | importPolicy: {} 17 | name: latest 18 | -------------------------------------------------------------------------------- /charts/dev-ex-dashboard/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route }} 2 | --- 3 | apiVersion: route.openshift.io/v1 4 | kind: Route 5 | metadata: 6 | labels: 7 | app: {{ .Values.app_name }} 8 | app.kubernetes.io/component: {{ .Values.app_name }} 9 | app.kubernetes.io/instance: {{ .Values.app_name }} 10 | name: {{ .Values.app_name }} 11 | spec: 12 | port: 13 | targetPort: 8080-tcp 14 | to: 15 | kind: Service 16 | name: {{ .Values.app_name }} 17 | weight: 100 18 | wildcardPolicy: None 19 | tls: 20 | insecureEdgeTerminationPolicy: Redirect 21 | termination: edge 22 | status: 23 | ingress: 24 | - conditions: 25 | - status: 'True' 26 | type: Admitted 27 | {{ end }} 28 | -------------------------------------------------------------------------------- /charts/dev-ex-dashboard/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: {{ .Values.app_name }} 7 | app.kubernetes.io/component: {{ .Values.app_name }} 8 | app.kubernetes.io/instance: {{ .Values.app_name }} 9 | name: {{ .Values.app_name }} 10 | spec: 11 | ports: 12 | - name: 8080-tcp 13 | port: 8080 14 | protocol: TCP 15 | targetPort: 8080 16 | selector: 17 | deploymentconfig: {{ .Values.app_name }} 18 | sessionAffinity: None 19 | type: ClusterIP 20 | status: 21 | loadBalancer: {} 22 | -------------------------------------------------------------------------------- /charts/etherpad/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/etherpad/.test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | trap "exit 1" TERM 4 | export TOP_PID=$$ 5 | 6 | export project_name="etherpad-$(date +'%d%m%Y')" 7 | 8 | install() { 9 | echo "install - $(pwd)" 10 | 11 | oc new-project ${project_name} 12 | helm template etherpad --skip-tests . | oc apply -f - 13 | } 14 | 15 | test() { 16 | echo "test - $(pwd)" 17 | 18 | oc rollout status Deployment/etherpad -n ${project_name} --watch=true 19 | 20 | timeout 2m bash <<"EOT" 21 | run() { 22 | host=$(oc get route/etherpad -o jsonpath='{.spec.host}' -n ${project_name}) 23 | echo "Attempting $host" 24 | 25 | while [[ $(curl -L -k -s -o /dev/null -w '%{http_code}' https://${host}) != '200' ]]; do 26 | sleep 10 27 | done 28 | } 29 | 30 | run 31 | EOT 32 | 33 | if [[ $? != 0 ]]; then 34 | echo "CURL timed-out. Failing" 35 | 36 | host=$(oc get route/etherpad -o jsonpath='{.spec.host}' -n ${project_name}) 37 | curl -L -k -vvv "https://${host}" 38 | exit 1 39 | fi 40 | 41 | echo "Test complete" 42 | } 43 | 44 | cleanup() { 45 | echo "cleanup - $(pwd)" 46 | oc delete project/${project_name} 47 | } 48 | 49 | # Process arguments 50 | case $1 in 51 | install) 52 | install 53 | ;; 54 | test) 55 | test 56 | ;; 57 | cleanup) 58 | cleanup 59 | ;; 60 | *) 61 | echo "Not an option" 62 | exit 1 63 | esac 64 | -------------------------------------------------------------------------------- /charts/etherpad/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: etherpad 3 | description: A Helm chart for etherpad lite 4 | type: application 5 | version: 0.0.8 6 | appVersion: latest 7 | home: https://github.com/redhat-cop/helm-charts 8 | icon: https://pbs.twimg.com/profile_images/1336377123964145665/2gTadaDt_400x400.jpg 9 | maintainers: 10 | - name: eformat 11 | -------------------------------------------------------------------------------- /charts/etherpad/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "etherpad.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "etherpad.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/etherpad/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "etherpad.fullname" . }} 6 | labels: 7 | {{- include "etherpad.labels" . | nindent 4 }} 8 | {{ if .Values.persistence.annotations}} 9 | annotations: 10 | {{- range $key, $value := .Values.persistence.annotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- end }} 14 | spec: 15 | accessModes: 16 | - {{ .Values.persistence.accessMode | quote }} 17 | resources: 18 | requests: 19 | storage: {{ .Values.persistence.size | quote }} 20 | {{- if .Values.persistence.storageClass }} 21 | {{- if (eq "-" .Values.persistence.storageClass) }} 22 | storageClassName: "" 23 | {{- else }} 24 | storageClassName: "{{ .Values.persistence.storageClass }}" 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/etherpad/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route.enabled -}} 2 | {{- $fullName := include "etherpad.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | --- 5 | apiVersion: route.openshift.io/v1 6 | kind: Route 7 | metadata: 8 | annotations: 9 | openshift.io/host.generated: "true" 10 | name: {{ $fullName }} 11 | labels: 12 | {{- include "etherpad.labels" . | nindent 4 }} 13 | spec: 14 | host: {{ .Values.route.host | quote }} 15 | port: 16 | targetPort: {{ .Values.route.targetPort | default "8080-tcp" }} 17 | to: 18 | kind: Service 19 | name: {{ $fullName }} 20 | weight: 100 21 | tls: 22 | insecureEdgeTerminationPolicy: Redirect 23 | termination: edge 24 | status: 25 | ingress: 26 | - conditions: 27 | - status: 'True' 28 | type: Admitted 29 | {{ end }} 30 | -------------------------------------------------------------------------------- /charts/etherpad/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "etherpad.fullname" . }} 5 | labels: 6 | {{- include "etherpad.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "etherpad.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/gitea/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/gitea/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Default labels for resources associated with Gitea 5 | */}} 6 | {{- define "app.labels" }} 7 | labels: 8 | app: gitea 9 | app.kubernetes.io/component: gitea 10 | app.kubernetes.io/instance: gitea 11 | app.kubernetes.io/name: gitea 12 | app.kubernetes.io/part-of: gitea 13 | generator: helm 14 | {{- end }} 15 | 16 | {{/* 17 | Expand the name of the chart. 18 | */}} 19 | {{- define "app.name" }} 20 | {{- .Values.name | default "gitea" }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/gitea/templates/imagestream.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: image.openshift.io/v1 2 | kind: ImageStream 3 | metadata: 4 | {{ template "app.labels" }} 5 | name: {{ .Values.imagestream_name | default "gitea" | quote }} 6 | spec: 7 | lookupPolicy: 8 | local: false 9 | tags: 10 | - annotations: 11 | openshift.io/imported-from: {{ .Values.imagestream_from | default "quay.io/gpte-devops-automation/gitea:latest" | quote }} 12 | from: 13 | kind: DockerImage 14 | name: {{ .Values.imagestream_from | default "quay.io/gpte-devops-automation/gitea:latest" | quote }} 15 | generation: 2 16 | importPolicy: {} 17 | name: {{ .Values.imagestream_tag | default "latest" | quote }} 18 | referencePolicy: 19 | type: Local 20 | -------------------------------------------------------------------------------- /charts/gitea/templates/persistentvolumeclaim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | {{ template "app.labels" }} 5 | name: "{{ .Release.Name | default "gitea" }}-repositories" 6 | {{- if .Values.pvcPolicyKeep }} 7 | annotations: 8 | "helm.sh/resource-policy": keep 9 | {{- end }} 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: {{ .Values.repository_size | default "5Gi" | quote }} 16 | -------------------------------------------------------------------------------- /charts/gitea/templates/postgresql-is.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.db.imagestream_from }} 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | {{ template "app.labels" }} 6 | name: {{ .Values.db.imagestream_name | default "postgresql" | quote }} 7 | namespace: {{ .Values.db.imagestream_namespace | default "openshift" | quote }} 8 | spec: 9 | lookupPolicy: 10 | local: false 11 | tags: 12 | - annotations: 13 | openshift.io/imported-from: {{ .Values.db.imagestream_from | quote }} 14 | from: 15 | kind: DockerImage 16 | name: {{ .Values.db.imagestream_from | quote }} 17 | generation: 2 18 | importPolicy: {} 19 | name: {{ .Values.db.imagestream_tag | default "latest" | quote }} 20 | referencePolicy: 21 | type: Local 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/gitea/templates/postgresql-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | {{ template "app.labels" }} 5 | name: {{ .Values.db.name | default "gitea-db" | quote }} 6 | {{- if .Values.pvcPolicyKeep }} 7 | annotations: 8 | "helm.sh/resource-policy": keep 9 | {{- end }} 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: {{ .Values.db.size | default "1Gi" | quote }} 16 | -------------------------------------------------------------------------------- /charts/gitea/templates/postgresql-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | {{ template "app.labels" }} 5 | annotations: 6 | template.openshift.io/expose-database_name: '{.data[''database-name'']}' 7 | template.openshift.io/expose-password: '{.data[''database-password'']}' 8 | template.openshift.io/expose-username: '{.data[''database-user'']}' 9 | name: {{ .Values.db.name | default "gitea-db" | quote }} 10 | stringData: 11 | database-name: {{ .Values.db.name | default "gitea-db" | quote }} 12 | database-password: {{ required "You MUST set the PostgreSQL password" .Values.db.password | quote }} 13 | database-user: {{ .Values.db.user | default "gitea" | quote }} 14 | -------------------------------------------------------------------------------- /charts/gitea/templates/postgresql-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | {{ template "app.labels" }} 5 | annotations: 6 | template.openshift.io/expose-uri: >- 7 | postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port} 8 | name: {{ .Values.db.name | default "gitea-db" | quote }} 9 | spec: 10 | ports: 11 | - name: postgresql 12 | nodePort: 0 13 | port: 5432 14 | protocol: TCP 15 | targetPort: 5432 16 | selector: 17 | name: {{ .Values.db.name | default "gitea-db" | quote }} 18 | sessionAffinity: None 19 | type: ClusterIP 20 | -------------------------------------------------------------------------------- /charts/gitea/templates/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | annotations: 5 | description: Gitea's route 6 | {{ template "app.labels" }} 7 | name: {{ template "app.name" }} 8 | spec: 9 | host: {{ required "You MUST specify the external hostname to be used for the public-facing web page" .Values.hostname }} 10 | {{- if .Values.tlsRoute }} 11 | tls: 12 | termination: edge 13 | insecureEdgeTerminationPolicy: {{ .Values.insecureEdgeTerminationPolicy }} 14 | {{- end }} 15 | to: 16 | kind: Service 17 | name: {{ template "app.name" }} 18 | weight: 100 19 | wildcardPolicy: None 20 | -------------------------------------------------------------------------------- /charts/gitea/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | description: The Gitea server's http port 6 | {{ template "app.labels" }} 7 | name: {{ template "app.name" }} 8 | spec: 9 | ports: 10 | - name: 3000-tcp 11 | port: 3000 12 | protocol: TCP 13 | targetPort: 3000 14 | selector: 15 | app: {{ template "app.name" }} 16 | deploymentconfig: {{ template "app.name" }} 17 | sessionAffinity: None 18 | type: ClusterIP 19 | -------------------------------------------------------------------------------- /charts/gitops-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/gitops-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: v2.10.5 3 | description: A Helm chart for customising the deployment of the Red Hat GitOps Operator 🔫 4 | name: gitops-operator 5 | version: 0.10.6 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://raw.githubusercontent.com/eformat/openshift-gitops/main/rh-gitops.png 8 | maintainers: 9 | - name: eformat 10 | - name: springdo 11 | -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/cluster-argo-for-all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/cluster-argo-for-all.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/cluster-argo-per-team.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/cluster-argo-per-team.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/cluster-argo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/cluster-argo.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/cluster-scoped-argocd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/cluster-scoped-argocd.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/custom-role-bindings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/custom-role-bindings.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/namespaced-role-bindings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/namespaced-role-bindings.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/namespaced-team-argo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/namespaced-team-argo.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/one-argo-to-rule-them-all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/one-argo-to-rule-them-all.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/sre-cluster-argo-team-namespaced.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/sre-cluster-argo-team-namespaced.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/images/team-namespaced-argocd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/gitops-operator/docs/images/team-namespaced-argocd.png -------------------------------------------------------------------------------- /charts/gitops-operator/docs/server-cluster-rbac-rules.yaml: -------------------------------------------------------------------------------- 1 | rules: 2 | - verbs: 3 | - get 4 | - delete 5 | - patch 6 | apiGroups: 7 | - '*' 8 | resources: 9 | - '*' 10 | - verbs: 11 | - list 12 | apiGroups: 13 | - '' 14 | resources: 15 | - events 16 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/argocd-application-controller-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.namespaces) (.Values.teamInstancesAreClusterScoped) }} 2 | {{- $rules := .Values.clusterRoleRulesController }} 3 | {{- range $ns := .Values.namespaces }} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | labels: 9 | app.kubernetes.io/component: application-controller 10 | app.kubernetes.io/name: {{ $ns }}-argocd-application-controller 11 | app.kubernetes.io/part-of: {{ $ns }} 12 | name: {{ $ns }}-argocd-application-controller 13 | {{- if $rules }} 14 | {{- toYaml $rules | nindent 0 }} 15 | {{- else }} 16 | rules: 17 | - apiGroups: 18 | - '*' 19 | resources: 20 | - '*' 21 | verbs: 22 | - '*' 23 | - nonResourceURLs: 24 | - '*' 25 | verbs: 26 | - '*' 27 | {{- end }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/argocd-application-controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.namespaces) (.Values.teamInstancesAreClusterScoped) }} 2 | {{- range $ns := .Values.namespaces }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRoleBinding 6 | metadata: 7 | labels: 8 | app.kubernetes.io/component: application-controller 9 | app.kubernetes.io/name: {{ $ns }}-argocd-application-controller 10 | app.kubernetes.io/part-of: {{ $ns }} 11 | name: {{ $ns }}-argocd-application-controller 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ $ns }}-argocd-application-controller 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ $.Values.name }}-argocd-application-controller 19 | namespace: {{ $ns }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/argocd-cr.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaces }} 2 | {{- range $ns := .Values.namespaces }} 3 | --- 4 | apiVersion: argoproj.io/v1beta1 5 | kind: ArgoCD 6 | metadata: 7 | name: {{ $.Values.name }} 8 | labels: 9 | app: {{ $.Values.name }} 10 | {{- if not $.Values.ignoreHelmHooks }} 11 | annotations: 12 | "helm.sh/hook": post-install,post-upgrade 13 | "helm.sh/hook-weight": "25" 14 | {{- end }} 15 | namespace: {{ $ns }} 16 | spec: 17 | applicationInstanceLabelKey: rht-gitops.com/{{ $ns }} 18 | {{- if $.Values.argocd_cr }} 19 | {{- $.Values.argocd_cr | toYaml | trim | nindent 2 }} 20 | {{- end }} 21 | --- 22 | apiVersion: argoproj.io/v1alpha1 23 | kind: AppProject 24 | metadata: 25 | name: default 26 | {{- if not $.Values.ignoreHelmHooks }} 27 | annotations: 28 | "helm.sh/hook": post-install,post-upgrade 29 | "helm.sh/hook-weight": "25" 30 | {{- end }} 31 | namespace: {{ $ns }} 32 | spec: 33 | clusterResourceWhitelist: 34 | - group: '*' 35 | kind: '*' 36 | destinations: 37 | - namespace: '*' 38 | server: '*' 39 | sourceRepos: 40 | - '*' 41 | status: {} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/argocd-server-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.namespaces) (.Values.teamInstancesAreClusterScoped) }} 2 | {{- $rules := .Values.clusterRoleRulesServer }} 3 | {{- range $ns := .Values.namespaces }} 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | labels: 8 | app.kubernetes.io/component: argocd-server 9 | app.kubernetes.io/name: {{ $ns }}-gitops-argocd-server 10 | app.kubernetes.io/part-of: {{ $ns }} 11 | name: {{ $ns }}-gitops-argocd-server 12 | {{- if $rules }} 13 | {{- toYaml $rules | nindent 0 }} 14 | {{- else }} 15 | rules: 16 | - apiGroups: 17 | - '*' 18 | resources: 19 | - '*' 20 | verbs: 21 | - delete # supports deletion a live object in UI 22 | - get # supports viewing live object manifest in UI 23 | - patch # supports `argocd app patch` 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - events 28 | verbs: 29 | - list # supports listing events in UI 30 | - apiGroups: 31 | - "" 32 | resources: 33 | - pods 34 | - pods/log 35 | verbs: 36 | - get # supports viewing pod logs from UI 37 | {{- end }} 38 | {{- end }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/argocd-server-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.namespaces) (.Values.teamInstancesAreClusterScoped) }} 2 | {{- range $ns := .Values.namespaces }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRoleBinding 6 | metadata: 7 | labels: 8 | app.kubernetes.io/component: argocd-server 9 | app.kubernetes.io/name: {{ $ns }}-argocd-server 10 | app.kubernetes.io/part-of: {{ $ns }} 11 | name: {{ $ns }}-argocd-server 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ $ns }}-gitops-argocd-server 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ $.Values.name }}-argocd-server 19 | namespace: {{ $ns }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/crd-reader.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: crd-reader 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-5" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | rules: 12 | - apiGroups: 13 | - apiextensions.k8s.io 14 | resources: 15 | - 'customresourcedefinitions' 16 | verbs: 17 | - get 18 | - list 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: crd-reader-binding 24 | annotations: 25 | "helm.sh/hook": post-install,post-upgrade 26 | "helm.sh/hook-weight": "-5" 27 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 28 | roleRef: 29 | apiGroup: rbac.authorization.k8s.io 30 | kind: ClusterRole 31 | name: crd-reader 32 | subjects: 33 | - kind: ServiceAccount 34 | name: default 35 | namespace: {{ .Release.Namespace }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets }} 2 | {{- range $secret := .Values.secrets }} 3 | {{- range $ns := $.Values.namespaces }} 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: {{ $secret.name }} 9 | namespace: {{ $ns }} 10 | labels: 11 | app.kubernetes.io/name: argocd-secret 12 | app.kubernetes.io/part-of: argocd 13 | type: kubernetes.io/basic-auth 14 | stringData: 15 | password: {{ $secret.password | quote }} 16 | username: {{ $secret.username | quote }} 17 | sshPrivateKey: {{ $secret.sshPrivateKey | quote }} 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator }} 2 | --- 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: {{ .Values.operator.name }} 7 | namespace: {{ .Values.operator.namespace | default "openshift-operators" }} 8 | spec: 9 | channel: {{ .Values.operator.channel }} 10 | installPlanApproval: {{ .Values.operator.installPlanApproval }} 11 | name: {{ .Values.operator.name }} 12 | source: {{ .Values.operator.sourceName | default "redhat-operators" | quote }} 13 | sourceNamespace: {{ .Values.operator.sourceNamespace | default "openshift-marketplace" | quote }} 14 | {{- if .Values.operator.version }} 15 | startingCSV: {{ .Values.operator.version | quote }} 16 | {{- end }} 17 | config: 18 | env: 19 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 20 | value: {{ .Values.operator.disableDefaultArgoCD | quote }} 21 | {{- if and (.Values.namespaces) (.Values.teamInstancesAreClusterScoped) }} 22 | - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES 23 | value: {{ join "," .Values.namespaces | quote }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/gitops-operator/templates/wait-for-crd.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.ignoreHelmHooks }} 2 | --- 3 | apiVersion: v1 4 | kind: Pod 5 | metadata: 6 | name: cluster-check 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "-1" 10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 | namespace: {{ .Release.Namespace }} 12 | spec: 13 | containers: 14 | - name: crd-check 15 | image: quay.io/openshift/origin-cli:latest 16 | imagePullPolicy: IfNotPresent 17 | command: ['sh', '-c', 'while [ true ]; do oc get crd argocds.argoproj.io applications.argoproj.io appprojects.argoproj.io; if [ $? -eq 0 ]; then break; fi ; sleep 5s; done'] 18 | restartPolicy: Never 19 | terminationGracePeriodSeconds: 0 20 | serviceAccount: default 21 | serviceAccountName: default 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/helper-console-links/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: v1.6.1 3 | description: A Helm chart for customising the OpenShift web Console with Tool links 4 | name: helper-console-links 5 | version: 0.0.5 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://image.flaticon.com/icons/png/512/25/25284.png 8 | maintainers: 9 | - name: JuozasA 10 | - name: eformat 11 | -------------------------------------------------------------------------------- /charts/helper-console-links/README.md: -------------------------------------------------------------------------------- 1 | # Helper for Console Links 2 | 3 | This a reusable template to avoid code repetition in other charts. To use this chart add it as a dependency and supply the correct values you'd like to include. There are no default sensible values only examples of how to use this chart. 4 | 5 | The result is the Link in Application menu. This allows development teams, who do not have admin permissions (and cannot access certains namespaces to check the exact Route ) to quickly access the global tools (like argocd, gitlab, jenkins, grafana etc.) 6 | 7 | ![console link](img/screenshot.png) 8 | -------------------------------------------------------------------------------- /charts/helper-console-links/img/screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/helper-console-links/img/screenshot.png -------------------------------------------------------------------------------- /charts/helper-console-links/templates/ConsoleLink.yaml: -------------------------------------------------------------------------------- 1 | {{- range $section := .Values.section }} 2 | {{- range .urls }} 3 | --- 4 | apiVersion: console.openshift.io/v1 5 | kind: ConsoleLink 6 | metadata: 7 | name: {{ .name }} 8 | spec: 9 | applicationMenu: 10 | imageURL: >- 11 | {{ .image_url }} 12 | section: {{ $section.name | quote }} 13 | href: '{{ .url }}' 14 | location: ApplicationMenu 15 | text: {{ .text | quote }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/helper-console-links/values.yaml: -------------------------------------------------------------------------------- 1 | section: 2 | - name: CICD Tools 3 | urls: 4 | - name: argocd-server 5 | url: https://argocd-server-labs-ci-cd.apps.ocp.rht-labs.com 6 | image_url: https://argocd-server-labs-ci-cd.apps.ocp.rht-labs.com/assets/images/logo.png 7 | text: ArgoCD 8 | - name: nexus 9 | url: https://nexus-labs-ci-cd.apps.ocp.rht-labs.com 10 | image_url: https://nexus-labs-ci-cd.apps.ocp.rht-labs.com/static/rapture/resources/icons/x32/nexus-white.png 11 | text: Nexus 12 | -------------------------------------------------------------------------------- /charts/helper-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: helper-operator 3 | description: A helper Chart to reduce code repetition. This Chart should be called as a dependency by other charts in order to install Operators. 4 | version: 1.0.27 5 | home: https://github.com/redhat-cop/helm-charts 6 | maintainers: 7 | - name: tjungbauer 8 | email: tjungbau@redhat.com 9 | url: https://blog.stderr.at/ 10 | keywords: 11 | - helper 12 | - subchart 13 | - operator 14 | -------------------------------------------------------------------------------- /charts/helper-operator/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2022 Thomas Jungbauer 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /charts/helper-operator/templates/jobs/enable_console_plugin-crb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.console_plugins }} 2 | {{- if eq (.Values.console_plugins.enabled | toString) "true" }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRoleBinding 6 | metadata: 7 | name: {{ .Values.console_plugins.job_service_account_crb | default "enable-console-plugin-crb" }} 8 | annotations: 9 | argocd.argoproj.io/hook: Sync 10 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 11 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} 12 | labels: 13 | {{- include "common.labels" $ | nindent 4 }} 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: {{ .Values.console_plugins.job_service_account_role | default "enable-console-plugin-role" }} 18 | subjects: 19 | - kind: ServiceAccount 20 | name: {{ .Values.console_plugins.job_service_account | default "enable-console-plugin-sa" }} 21 | namespace: {{ .Values.console_plugins.job_namespace | default "openshift-gitops" }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/helper-operator/templates/jobs/enable_console_plugin-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.console_plugins }} 2 | {{- if eq (.Values.console_plugins.enabled | toString) "true" }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRole 6 | metadata: 7 | name: {{ .Values.console_plugins.job_service_account_role | default "enable-console-plugin-role" }} 8 | annotations: 9 | argocd.argoproj.io/hook: Sync 10 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 11 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} 12 | labels: 13 | {{- include "common.labels" $ | nindent 4 }} 14 | rules: 15 | - apiGroups: 16 | - operator.openshift.io 17 | resources: 18 | - consoles 19 | verbs: 20 | - get 21 | - list 22 | - update 23 | - patch 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/helper-operator/templates/jobs/enable_console_plugin-sa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.console_plugins }} 2 | {{- if eq (.Values.console_plugins.enabled | toString) "true" }} 3 | --- 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: {{ .Values.console_plugins.job_service_account | default "enable-console-plugin-sa" }} 8 | namespace: {{ .Values.console_plugins.job_namespace | default "openshift-gitops" }} 9 | annotations: 10 | argocd.argoproj.io/hook: Sync 11 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 12 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 5 | quote }} 13 | labels: 14 | {{- include "common.labels" $ | nindent 4 }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/helper-operator/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- range $key, $value := .Values.operators }} 3 | {{ if eq ($value.enabled | toString) "true" }} 4 | {{ if eq ($value.namespace.create | toString) "true" }} 5 | --- 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: {{ $value.namespace.name | quote }} 10 | labels: 11 | openshift.io/cluster-monitoring: "true" 12 | {{- include "common.labels" $ | nindent 4 }} 13 | {{- if or ($value.namespace.descr) ($value.namespace.displayname) }} 14 | annotations: 15 | {{- if $value.namespace.descr }} 16 | openshift.io/description: {{ $value.namespace.descr }} 17 | {{- end }} 18 | {{- if $value.namespace.displayname }} 19 | openshift.io/display-name: {{ $value.namespace.displayname }} 20 | {{- end }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/helper-operator/templates/operators/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $value := .Values.operators }} 2 | {{ if eq ($value.enabled | toString) "true" }} 3 | {{- if $value.operatorgroup.create }} 4 | --- 5 | apiVersion: operators.coreos.com/v1 6 | kind: OperatorGroup 7 | metadata: 8 | name: {{ $key | default "demo-operator-group" | quote }} 9 | namespace: {{ $value.namespace.name | quote }} 10 | labels: 11 | {{- include "common.labels" $ | nindent 4 }} 12 | annotations: 13 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 14 | argocd.argoproj.io/sync-wave: {{ $value.syncwave | default "0" | quote }} 15 | {{- /* Configure the operatorgroup for all Namespaces or for the "Home" namespace */ -}} 16 | {{- if $value.operatorgroup.notownnamespace }} 17 | spec: {} 18 | {{- else }} 19 | spec: 20 | targetNamespaces: 21 | - {{ $value.namespace.name }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/helper-sealed-secrets/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "v1" 3 | description: A Helm Chart for managing Sealed Secrets 🕵️‍♀️🔐 4 | name: helper-sealed-secrets 5 | version: 1.0.4 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://avatars.githubusercontent.com/u/34656521?s=400&v=4 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: eformat 12 | -------------------------------------------------------------------------------- /charts/helper-sealed-secrets/templates/SealedSecret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key := .Values.secrets }} 2 | --- 3 | apiVersion: bitnami.com/v1alpha1 4 | kind: SealedSecret 5 | metadata: 6 | name: {{ .name }} 7 | spec: 8 | encryptedData: 9 | {{- .data | toYaml | nindent 4 }} 10 | template: 11 | metadata: 12 | {{- if .annotations }} 13 | annotations: 14 | {{- .annotations | toYaml | nindent 8 }} 15 | {{- end}} 16 | {{- if .labels }} 17 | labels: 18 | {{- .labels | toYaml | nindent 8 }} 19 | {{- end}} 20 | name: {{ .name }} 21 | type: {{ .type | default "opaque" | quote }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/helper-sealed-secrets/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | # example for generic opaque secret data 3 | - name: example-opaque 4 | data: 5 | secret_stuff: your_sealed_secrets_encryptedData_value 6 | other_secret_stuff: your_sealed_secrets_encryptedData_value 7 | # example for dockercfg 8 | - name: example-dockercfg 9 | type: kubernetes.io/dockercfg 10 | data: 11 | .dockercfg: your_sealed_secrets_encryptedData_value 12 | # Basic auth for example bound to jenkins 13 | - name: example-basic-auth 14 | type: kubernetes.io/basic-auth 15 | labels: 16 | credential.sync.jenkins.openshift.io: "true" 17 | data: 18 | username: your_sealed_secrets_encryptedData_value 19 | password: your_sealed_secrets_encryptedData_value 20 | -------------------------------------------------------------------------------- /charts/helper-status-checker/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: helper-status-checker 3 | description: A helper Chart that creates a job to verify if the deployments of an operator are running. To do so it creates a service account with a role to read the status of the Deployments. 4 | version: 4.0.10 5 | home: https://github.com/redhat-cop/helm-charts 6 | maintainers: 7 | - name: tjungbauer 8 | email: tjungbau@redhat.com 9 | url: https://blog.stderr.at/ 10 | keywords: 11 | - helper 12 | - subchart 13 | -------------------------------------------------------------------------------- /charts/helper-status-checker/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2022 Thomas Jungbauer 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /charts/helper-status-checker/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values }} 2 | {{ if eq ( .enabled | toString) "true" }} 3 | {{- range .checks }} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | annotations: 9 | argocd.argoproj.io/hook: Sync 10 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 11 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} 12 | name: {{ .serviceAccount.name }}-{{ .namespace.name }} 13 | namespace: {{ .namespace.name | quote }} 14 | labels: 15 | {{- include "common.labels" $ | nindent 4 }} 16 | rules: 17 | - apiGroups: 18 | - operators.coreos.com 19 | resources: 20 | - clusterserviceversions 21 | - installplans 22 | - subscription 23 | - subscriptions 24 | verbs: 25 | - get 26 | - list 27 | - patch 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/helper-status-checker/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values }} 2 | {{ if eq ( .enabled | toString) "true" }} 3 | {{- range .checks }} 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: {{ .serviceAccount.name }}-{{ .namespace.name }} 9 | namespace: {{ .namespace.name | quote }} 10 | labels: 11 | {{- include "common.labels" $ | nindent 4 }} 12 | annotations: 13 | argocd.argoproj.io/hook: Sync 14 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 15 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: {{ .serviceAccount.name }}-{{ .namespace.name }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ .serviceAccount.name | quote }} 23 | namespace: {{ .namespace.name | quote }} 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/helper-status-checker/templates/serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values }} 2 | {{ if eq ( .enabled | toString) "true" }} 3 | {{- range .checks }} 4 | --- 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: {{ .serviceAccount.name | quote }} 9 | namespace: {{ .namespace.name | quote }} 10 | labels: 11 | {{- include "common.labels" $ | nindent 4 }} 12 | annotations: 13 | argocd.argoproj.io/hook: Sync 14 | argocd.argoproj.io/hook-delete-policy: HookSucceeded 15 | argocd.argoproj.io/sync-wave: {{ .syncwave | default 0 | quote }} 16 | {{- end }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/ipa/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/ipa/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ipa 3 | description: A Helm chart to install FreeIPA 4 | version: 1.3.9 5 | appVersion: 1.16.0 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://www.freeipa.org/images/freeipa/freeipa-logo-small.png 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: eformat 12 | dependencies: 13 | - name: cronjob-ldap-group-sync 14 | version: 0.0.2 15 | repository: https://redhat-cop.github.io/openshift-management 16 | condition: ldap_group_sync 17 | -------------------------------------------------------------------------------- /charts/ipa/templates/anyuid-scc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "ipa.fullname" . }}-anyuid 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: system:openshift:scc:anyuid 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "ipa.fullname" . }}-user 15 | namespace: {{ include "ipa.namespace" . }} 16 | -------------------------------------------------------------------------------- /charts/ipa/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ldap_group_sync }} 2 | {{- range $key, $val := .Values.group_role_bindings }} 3 | --- 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | kind: ClusterRoleBinding 6 | metadata: 7 | name: {{ $key }}-{{ $val }}-clusterrolebinding 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ $key }} 12 | subjects: 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: Group 15 | name: {{ $val }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/ipa/templates/machineconfig.yaml: -------------------------------------------------------------------------------- 1 | # https://access.redhat.com/solutions/4910611 2 | {{- if .Values.machineconfig.enabled }} 3 | --- 4 | apiVersion: machineconfiguration.openshift.io/v1 5 | kind: MachineConfig 6 | metadata: 7 | labels: 8 | {{- if .Values.runOnInfra }} 9 | machineconfiguration.openshift.io/role: infra 10 | {{- else }} 11 | machineconfiguration.openshift.io/role: worker 12 | {{- end }} 13 | name: 01-sebool 14 | spec: 15 | config: 16 | ignition: 17 | version: {{ .Values.machineconfig.ignition_version }} 18 | systemd: 19 | units: 20 | - contents: | 21 | [Unit] 22 | Description=Enable container_manage_cgroup on worker nodes 23 | Before=kubelet.service 24 | [Service] 25 | ExecStart=/usr/sbin/setsebool container_manage_cgroup 1 26 | [Install] 27 | WantedBy=multi-user.target 28 | enabled: true 29 | name: sebool.service 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/ipa/templates/oauth-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ocp_auth.enabled }} 2 | --- 3 | kind: Secret 4 | apiVersion: v1 5 | metadata: 6 | name: {{ include "ipa.fullname" . }}-bind-password 7 | namespace: openshift-config 8 | labels: 9 | {{- include "ipa.labels" . | nindent 4 }} 10 | stringData: 11 | bindPassword: {{ .Values.ocp_auth.bind_password }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/ipa/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "ipa.fullname" . }} 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: {{ .Values.volume }} 14 | -------------------------------------------------------------------------------- /charts/ipa/templates/route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: {{ include "ipa.fullname" . }} 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | annotations: 9 | description: Route for FreeIPA server's HTTPS 10 | spec: 11 | host: {{ include "ipa.fullname" . }}-{{ include "ipa.namespace" . }}.{{ .Values.app_domain }} 12 | to: 13 | kind: Service 14 | name: {{ include "ipa.fullname" . }} 15 | port: 16 | targetPort: https 17 | tls: 18 | termination: passthrough 19 | -------------------------------------------------------------------------------- /charts/ipa/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "ipa.fullname" . }}-password 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | stringData: 9 | admin.password: {{ .Values.admin_password }} 10 | -------------------------------------------------------------------------------- /charts/ipa/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Service 3 | apiVersion: v1 4 | metadata: 5 | name: {{ include "ipa.fullname" . }} 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | spec: 9 | ports: 10 | - name: dns-tcp 11 | protocol: TCP 12 | port: 53 13 | targetPort: 53 14 | - name: dns-udp 15 | protocol: UDP 16 | port: 53 17 | targetPort: 53 18 | - name: http 19 | protocol: TCP 20 | port: 80 21 | targetPort: 80 22 | - name: kerberos-tcp 23 | protocol: TCP 24 | port: 88 25 | targetPort: 88 26 | - name: kerberos-udp 27 | protocol: UDP 28 | port: 88 29 | targetPort: 88 30 | - name: ntp 31 | protocol: UDP 32 | port: 123 33 | targetPort: 123 34 | - name: ldap 35 | protocol: TCP 36 | port: 389 37 | targetPort: 389 38 | - name: https 39 | protocol: TCP 40 | port: 443 41 | targetPort: 443 42 | - name: kpasswd-tcp 43 | protocol: TCP 44 | port: 464 45 | targetPort: 464 46 | - name: kpasswd-udp 47 | protocol: UDP 48 | port: 464 49 | targetPort: 464 50 | - name: ldaps 51 | protocol: TCP 52 | port: 636 53 | targetPort: 636 54 | clusterIP: "" 55 | selector: 56 | app: {{ include "ipa.fullname" . }} 57 | -------------------------------------------------------------------------------- /charts/ipa/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ipa.fullname" . }}-user 6 | labels: 7 | {{- include "ipa.labels" . | nindent 4 }} 8 | -------------------------------------------------------------------------------- /charts/jenkins/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/jenkins/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "v2.222.1" 3 | description: A Helm chart for deploying Jenkins on OpenShift with some additional build agents and plugins 4 | name: jenkins 5 | version: 1.0.14 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://www.jenkins.io/images/logos/jenkins/256.png 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: eformat 12 | -------------------------------------------------------------------------------- /charts/jenkins/templates/PersistentVolumeClaim.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence }} 2 | --- 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: {{ .Values.appName }} 7 | spec: 8 | accessModes: 9 | - {{ .Values.persistence.accessModes }} 10 | resources: 11 | requests: 12 | storage: {{ .Values.persistence.volumeSize }} 13 | {{ end }} 14 | -------------------------------------------------------------------------------- /charts/jenkins/templates/SealedSecret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key := .Values.sealed_secrets }} 2 | --- 3 | apiVersion: bitnami.com/v1alpha1 4 | kind: SealedSecret 5 | metadata: 6 | name: {{ .name }} 7 | spec: 8 | encryptedData: 9 | password: {{ .password }} 10 | username: {{ .username }} 11 | template: 12 | metadata: 13 | labels: 14 | credential.sync.jenkins.openshift.io: "true" 15 | name: {{ .name }} 16 | type: {{ .type | default "kubernetes.io/basic-auth" | quote }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/jenkins/templates/configuration-as-code-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configAsCode }} 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: {{ .Values.configAsCode.configMap }} 6 | data: 7 | JCasC.yaml: | 8 | {{- .Values.configAsCode.body | nindent 4 }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/jenkins/templates/imagestreams.yaml: -------------------------------------------------------------------------------- 1 | {{- $label := .Values.role }} 2 | {{- range $key := .Values.buildconfigs }} 3 | --- 4 | kind: ImageStream 5 | apiVersion: image.openshift.io/v1 6 | metadata: 7 | name: {{ .name }} 8 | {{- if or (.name | regexFind ".*slave") (.name | regexFind ".*agent") }} 9 | labels: 10 | build: {{ .name }} 11 | role: {{ $label | default "jenkins-slave" }} 12 | {{- end }} 13 | annotations: 14 | description: Keeps track of changes in the application image 15 | {{- if .external }} 16 | spec: 17 | tags: 18 | - name: {{ .external.builder_imagetag | quote }} 19 | annotations: null 20 | from: 21 | kind: DockerImage 22 | name: {{ .external.builder_registry }}/{{ .external.builder_repo }}/{{ .external.builder_image }}:{{ .external.builder_imagetag }} 23 | importPolicy: {} 24 | referencePolicy: 25 | type: Source 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/jenkins/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ .Values.appName }}-edit 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: edit 10 | subjects: 11 | - kind: ServiceAccount 12 | name: {{ .Values.appName }} 13 | -------------------------------------------------------------------------------- /charts/jenkins/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route }} 2 | --- 3 | apiVersion: route.openshift.io/v1 4 | kind: Route 5 | metadata: 6 | annotations: 7 | haproxy.router.openshift.io/timeout: 4m 8 | openshift.io/host.generated: "true" 9 | name: {{ .Values.appName }} 10 | spec: 11 | host: null 12 | tls: 13 | insecureEdgeTerminationPolicy: Redirect 14 | termination: edge 15 | to: 16 | kind: Service 17 | name: {{ .Values.appName }} 18 | status: 19 | ingress: 20 | - conditions: 21 | - status: 'True' 22 | type: Admitted 23 | {{ end }} 24 | -------------------------------------------------------------------------------- /charts/jenkins/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key := .Values.source_secrets }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ .name }} 7 | labels: 8 | credential.sync.jenkins.openshift.io: "true" 9 | {{- if .annotations }} 10 | annotations: 11 | {{- toYaml .annotations | nindent 4 }} 12 | {{- end}} 13 | type: {{ .type | default "kubernetes.io/basic-auth" | quote }} 14 | stringData: 15 | {{- if .token }} 16 | token: {{ .token | quote }} 17 | {{- else }} 18 | password: {{ .password | quote }} 19 | username: {{ .username | quote }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/jenkins/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | annotations: 6 | serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"{{ .Values.appName }}"}}' 7 | name: {{ .Values.appName }} 8 | -------------------------------------------------------------------------------- /charts/jenkins/templates/services.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key := .Values.services }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | {{- if .annotations }} 7 | annotations: 8 | service.alpha.openshift.io/dependencies: '[{"name": "jenkins-jnlp", "namespace":"", "kind": "Service"}]' {{ end }} 9 | name: {{ .name }} 10 | spec: 11 | ports: 12 | - name: {{ .port_name }} 13 | nodePort: 0 14 | port: {{ .port }} 15 | protocol: TCP 16 | targetPort: {{ .target_port }} 17 | selector: 18 | app.kubernetes.io/name: {{ .selector }} 19 | sessionAffinity: None 20 | type: ClusterIP 21 | {{ end }} 22 | -------------------------------------------------------------------------------- /charts/kopf/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/kopf/.test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | trap "exit 1" TERM 4 | export TOP_PID=$$ 5 | 6 | export project_name="kopf-$(date +'%d%m%Y')" 7 | 8 | install() { 9 | echo "install - $(pwd)" 10 | 11 | oc new-project ${project_name} 12 | helm install kopf . 13 | } 14 | 15 | test() { 16 | echo "test - $(pwd)" 17 | 18 | 19 | for i in clusterkopfpeerings.kopf.dev kopfpeerings.kopf.dev; do 20 | oc get crd $i 21 | if [[ $? != 0 ]]; then 22 | echo "CRD: $i not present" 23 | exit 1 24 | fi 25 | done 26 | 27 | echo "Test complete" 28 | } 29 | 30 | cleanup() { 31 | echo "cleanup - $(pwd)" 32 | helm uninstall kopf 33 | oc delete project/${project_name} 34 | } 35 | 36 | # Process arguments 37 | case $1 in 38 | install) 39 | install 40 | ;; 41 | test) 42 | test 43 | ;; 44 | cleanup) 45 | cleanup 46 | ;; 47 | *) 48 | echo "Not an option" 49 | exit 1 50 | esac 51 | -------------------------------------------------------------------------------- /charts/kopf/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: kopf 3 | description: A Helm chart to deploy CustomResourceDefinitions required for the Kopf framework 4 | type: application 5 | version: 0.1.1 6 | appVersion: "1.29.2" 7 | home: https://github.com/redhat-cop/helm-charts 8 | maintainers: 9 | - name: tylerauerbeck 10 | - name: jkupferer 11 | -------------------------------------------------------------------------------- /charts/kopf/templates/clusterkopfpeering.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterkopf -}} 2 | 3 | --- 4 | apiVersion: apiextensions.k8s.io/v1 5 | kind: CustomResourceDefinition 6 | metadata: 7 | name: clusterkopfpeerings.kopf.dev 8 | spec: 9 | scope: Cluster 10 | group: kopf.dev 11 | names: 12 | kind: ClusterKopfPeering 13 | plural: clusterkopfpeerings 14 | singular: clusterkopfpeering 15 | versions: 16 | - name: v1 17 | served: true 18 | storage: true 19 | schema: 20 | openAPIV3Schema: 21 | type: object 22 | properties: 23 | status: 24 | type: object 25 | x-kubernetes-preserve-unknown-fields: true 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /charts/kopf/templates/kopfpeering.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kopf -}} 2 | --- 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: kopfpeerings.kopf.dev 7 | spec: 8 | scope: Namespaced 9 | group: kopf.dev 10 | names: 11 | kind: KopfPeering 12 | plural: kopfpeerings 13 | singular: kopfpeering 14 | versions: 15 | - name: v1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | properties: 22 | status: 23 | type: object 24 | x-kubernetes-preserve-unknown-fields: true 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /charts/kopf/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kopf: true 3 | clusterkopf: true 4 | -------------------------------------------------------------------------------- /charts/network-policy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/network-policy/.test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | trap "exit 1" TERM 4 | export TOP_PID=$$ 5 | 6 | export project_name="network-policy-$(date +'%d%m%Y')" 7 | 8 | install() { 9 | echo "install - $(pwd)" 10 | 11 | oc new-project ${project_name} 12 | helm template network-policy --skip-tests . | oc apply -f - 13 | } 14 | 15 | test() { 16 | echo "test - $(pwd)" 17 | 18 | timeout 2m bash <<"EOT" 19 | run() { 20 | echo "Attempting oc get networkpolicy/deny-all-by-default -n ${project_name}" 21 | 22 | while [[ $(oc get networkpolicy/deny-all-by-default -o name -n ${project_name}) != "networkpolicy.networking.k8s.io/deny-all-by-default" ]]; do 23 | sleep 10 24 | done 25 | } 26 | 27 | run 28 | EOT 29 | 30 | if [[ $? != 0 ]]; then 31 | echo "OC timed-out. Failing" 32 | 33 | oc get networkpolicy -n ${project_name} 34 | exit 1 35 | fi 36 | 37 | echo "Test complete" 38 | } 39 | 40 | cleanup() { 41 | echo "cleanup - $(pwd)" 42 | oc delete project/${project_name} 43 | } 44 | 45 | # Process arguments 46 | case $1 in 47 | install) 48 | install 49 | ;; 50 | test) 51 | test 52 | ;; 53 | cleanup) 54 | cleanup 55 | ;; 56 | *) 57 | echo "Not an option" 58 | exit 1 59 | esac 60 | -------------------------------------------------------------------------------- /charts/network-policy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: network-policy 3 | description: A Helm chart for Kubernetes that manages Network policies 4 | version: 1.0.3 5 | appVersion: v1 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://www.openshift.com/hubfs/images/icons/red-circle_lock.svg 8 | maintainers: 9 | - name: springdo 10 | - name: ckavili 11 | - name: rh-jpoole 12 | -------------------------------------------------------------------------------- /charts/network-policy/templates/NetworkPolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enabled }} 2 | {{ $labels := include "network-policy.labels" . }} 3 | {{ $all_policies := .Values.policies }} 4 | {{ if ne 0 (len .Values.multitenant_policies) }} 5 | {{ $all_policies = concat .Values.policies .Values.multitenant_policies }} 6 | {{ end }} 7 | {{- range $all_policies }} 8 | {{- if . }} 9 | --- 10 | kind: NetworkPolicy 11 | apiVersion: networking.k8s.io/v1 12 | metadata: 13 | labels: 14 | {{- $labels | nindent 4 }} 15 | name: {{ .name }} 16 | spec: 17 | {{ toYaml .spec | indent 2 }} 18 | {{ end }} 19 | {{ end }} 20 | {{ end }} 21 | -------------------------------------------------------------------------------- /charts/network-policy/values.yaml: -------------------------------------------------------------------------------- 1 | # Network policies to define in Openshift. Please use descriptive names. 2 | # See https://docs.openshift.com/container-platform/4.5/networking/network_policy/about-network-policy.html for more details. 3 | enabled: true 4 | multitenant_policies: 5 | # start with the deny everything approach 6 | # then enable specific rule selectors 7 | - name: deny-all-by-default 8 | spec: 9 | ingress: [] 10 | podSelector: {} 11 | - name: allow-all-internal-same-namespace 12 | spec: 13 | ingress: 14 | - from: 15 | - podSelector: {} 16 | podSelector: {} 17 | policyTypes: 18 | - Ingress 19 | - name: allow-from-openshift-ingress 20 | spec: 21 | ingress: 22 | - from: 23 | - namespaceSelector: 24 | matchLabels: 25 | network.openshift.io/policy-group: ingress 26 | podSelector: {} 27 | policyTypes: 28 | - Ingress 29 | 30 | policies: 31 | - name: allow-from-openshift-monitoring 32 | spec: 33 | ingress: 34 | - from: 35 | - namespaceSelector: 36 | matchLabels: 37 | network.openshift.io/policy-group: monitoring 38 | podSelector: {} 39 | policyTypes: 40 | - Ingress 41 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: openshift-logforwarding-splunk 3 | description: Log Forwarding from OpenShift to Splunk 4 | version: 0.0.6 5 | maintainers: 6 | - email: andy.block@gmail.com 7 | name: sabre1041 8 | home: https://github.com/redhat-cop/helm-charts 9 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/openshift-logforwarding-splunk/files/.gitkeep -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/templates/log-forwarding-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | name: {{ template "openshift-logforwarding-splunk.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app.kubernetes.io/component: fluentd 8 | {{ include "openshift-logforwarding-splunk.labels" . | indent 4 }} 9 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/templates/log-forwarding-splunk-certs-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.forwarding.splunk.insecure) .Values.forwarding.splunk.ca_bundle -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "openshift-logforwarding-splunk.fullname" . }}-splunk 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app.kubernetes.io/component: splunk 9 | {{ include "openshift-logforwarding-splunk.labels" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | splunk-ca.crt: {{ .Values.forwarding.splunk.ca_bundle | b64enc }} 13 | {{ end }} 14 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/templates/log-forwarding-splunk-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $logForwardingCertificateName := include "openshift-logforwarding-splunk.certificateName" . -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "openshift-logforwarding-splunk.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app.kubernetes.io/component: fluentd 9 | {{ include "openshift-logforwarding-splunk.labels" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | shared_key: {{ .Values.forwarding.fluentd.sharedkey | b64enc | quote }} 13 | hec-token: {{ required "Splunk HEC Token must be specified" .Values.forwarding.splunk.token | b64enc | quote }} 14 | {{- if .Values.forwarding.fluentd.ssl }} 15 | fluentd-ssl-passsphrase: {{ .Values.forwarding.fluentd.passphrase | b64enc | quote }} 16 | {{- $fluentdCaFile := .Files.Get .Values.forwarding.fluentd.caFile }} 17 | {{- $fluentdKeyFile := .Files.Get .Values.forwarding.fluentd.keyFile }} 18 | {{ $logForwardingCertificateName }}.crt: {{ $fluentdCaFile | b64enc }} 19 | {{ $logForwardingCertificateName }}.key: {{ $fluentdKeyFile | b64enc }} 20 | ca-bundle.crt: {{ $fluentdCaFile | b64enc }} 21 | {{ end }} 22 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/templates/log-forwarding-splunk-service-headless.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: {{ template "openshift-logforwarding-splunk.fullname" . }}-headless 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app.kubernetes.io/component: fluentd 8 | {{ include "openshift-logforwarding-splunk.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - name: 24224-tcp 12 | protocol: TCP 13 | port: 24224 14 | targetPort: 24224 15 | selector: 16 | app: {{ template "openshift-logforwarding-splunk.fullname" . }} 17 | clusterIP: None 18 | sessionAffinity: None 19 | -------------------------------------------------------------------------------- /charts/openshift-logforwarding-splunk/templates/log-forwarding-splunk-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: {{ template "openshift-logforwarding-splunk.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app.kubernetes.io/component: fluentd 8 | {{ include "openshift-logforwarding-splunk.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - name: 24224-tcp 12 | protocol: TCP 13 | port: 24224 14 | targetPort: 24224 15 | selector: 16 | app: {{ template "openshift-logforwarding-splunk.fullname" . }} 17 | type: ClusterIP 18 | sessionAffinity: None 19 | -------------------------------------------------------------------------------- /charts/operatorhub/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/operatorhub/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: operatorhub 3 | description: A Helm chart to create OperatorHub subscriptions 4 | type: application 5 | version: 0.0.12 6 | appVersion: 1.0.0 7 | home: https://github.com/redhat-cop/helm-charts 8 | icon: https://avatars3.githubusercontent.com/u/38202270?s=280&v=4 9 | maintainers: 10 | - name: tylerauerbeck 11 | - name: springdo 12 | - name: ckavili 13 | - name: mabulgu 14 | -------------------------------------------------------------------------------- /charts/operatorhub/templates/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | {{ $namespace := .Values.namespace }} 2 | {{- if .Values.operators }} 3 | {{- range $op := .Values.operators }} 4 | {{- if $op.operatorgroup }} 5 | {{- if $op.operatorgroup.create }} 6 | {{- $og := $op.operatorgroup }} 7 | --- 8 | apiVersion: operators.coreos.com/v1 9 | kind: OperatorGroup 10 | metadata: 11 | name: {{ $op.name | quote }} 12 | namespace: {{ $namespace | quote }} 13 | spec: 14 | {{- if $og.namespaceSelector }} 15 | selector: 16 | matchLabels: 17 | {{ $og.namespaceSelector }} 18 | {{ else }} 19 | targetNamespaces: 20 | - {{ $namespace }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/operatorhub/templates/subscription.yaml: -------------------------------------------------------------------------------- 1 | {{ $namespace := .Values.namespace }} 2 | {{- if .Values.operators }} 3 | {{- range $op := .Values.operators }} 4 | {{- $sub := $op.subscription }} 5 | --- 6 | apiVersion: operators.coreos.com/v1alpha1 7 | kind: Subscription 8 | metadata: 9 | name: {{ $op.name | quote }} 10 | namespace: {{ $namespace | quote }} 11 | spec: 12 | channel: {{ $sub.channel | quote }} 13 | installPlanApproval: {{ $sub.approval | default "Automatic" | quote }} 14 | name: {{ $sub.operatorName | quote }} 15 | source: {{ $sub.sourceName | default "redhat-operators" | quote }} 16 | sourceNamespace: {{ $sub.sourceNamespace | default "openshift-marketplace" | quote }} 17 | {{- if $sub.csv }} 18 | startingCSV: {{ $sub.csv | quote }} 19 | {{- end }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/operatorhub/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for operatorhub. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | namespace: operator-namespace 6 | operators: 7 | - name: subscription-name 8 | subscription: 9 | channel: operator-channel 10 | approval: approval-type 11 | operatorName: operator-name 12 | sourceName: catalog-source 13 | sourceNamespace: catalog-source-namespace 14 | operatorgroup: 15 | create: true 16 | -------------------------------------------------------------------------------- /charts/operators-installer/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/operators-installer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: operators-installer 3 | description: Installs a given list of operators either using Automatic or Manual InstallPlans. 4 | If Manual then version of operator can be controlled declarativly. 5 | 6 | # A chart can be either an 'application' or a 'library' chart. 7 | # 8 | # Application charts are a collection of templates that can be packaged into versioned archives 9 | # to be deployed. 10 | # 11 | # Library charts provide useful utilities or functions for the chart developer. They're included as 12 | # a dependency of application charts to inject those utilities and functions into the rendering 13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 14 | type: application 15 | 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 3.2.4 20 | 21 | home: https://github.com/redhat-cop/helm-charts 22 | 23 | icon: https://raw.githubusercontent.com/operator-framework/olm-docs/ea9cd734aa7a6bf2d24f273322ed9aec3ffcb02a/content/en/images/logo-sm.svg 24 | 25 | keywords: 26 | - olm 27 | - operators 28 | 29 | maintainers: 30 | - name: itewk 31 | -------------------------------------------------------------------------------- /charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: argocd-operator 7 | createNamespace: true 8 | targetOwnNamespace: false 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - name: argocd-operator 13 | channel: alpha 14 | csv: argocd-operator.v0.8.0 15 | installPlanApproval: Manual 16 | source: operatorhubio-catalog 17 | sourceNamespace: olm 18 | namespace: argocd-operator 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | automaticIntermediateManualUpgrades: true 21 | config: 22 | env: 23 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 24 | value: "true" 25 | -------------------------------------------------------------------------------- /charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: argocd-operator 7 | createNamespace: true 8 | targetOwnNamespace: false 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - name: argocd-operator 13 | channel: alpha 14 | csv: argocd-operator.v0.10.1 15 | installPlanApproval: Manual 16 | source: operatorhubio-catalog 17 | sourceNamespace: olm 18 | namespace: argocd-operator 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | automaticIntermediateManualUpgrades: true 21 | config: 22 | env: 23 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 24 | value: "true" 25 | -------------------------------------------------------------------------------- /charts/operators-installer/_integration-tests/test-install-operator-with-approver-image-from-private-registry.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | # use pull secret to pull image from local private registry 4 | installPlanApproverAndVerifyJobsImage: registry.localhost/origin-cli:4.15 5 | installPlanApproverAndVerifyJobsImagePullSecret: local-registry-pullsecret 6 | 7 | operatorGroups: 8 | - name: external-secrets-operator 9 | createNamespace: false 10 | targetOwnNamespace: false 11 | otherTargetNamespaces: 12 | 13 | operators: 14 | - channel: stable 15 | installPlanApproval: Manual 16 | name: external-secrets-operator 17 | source: operatorhubio-catalog 18 | sourceNamespace: olm 19 | csv: external-secrets-operator.v0.8.1 20 | namespace: external-secrets-operator 21 | installPlanVerifierActiveDeadlineSeconds: 1200 22 | commonLabels: 23 | test-label: xyz123 24 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-multiple-operators-in-different-namespaces-approve-via-helm-hook-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: external-secrets-operator-3 7 | createNamespace: true 8 | targetOwnNamespace: false 9 | otherTargetNamespaces: 10 | - name: argocd-operator 11 | createNamespace: true 12 | targetOwnNamespace: true 13 | otherTargetNamespaces: 14 | 15 | operators: 16 | - name: external-secrets-operator 17 | channel: stable 18 | csv: external-secrets-operator.v0.8.1 19 | installPlanApproval: Manual 20 | source: operatorhubio-catalog 21 | sourceNamespace: olm 22 | namespace: external-secrets-operator-3 23 | installPlanVerifierActiveDeadlineSeconds: 1200 24 | - name: argocd-operator 25 | channel: alpha 26 | csv: argocd-operator.v0.6.0 27 | installPlanApproval: Manual 28 | source: operatorhubio-catalog 29 | sourceNamespace: olm 30 | namespace: argocd-operator 31 | installPlanVerifierActiveDeadlineSeconds: 1200 32 | commonLabels: 33 | test-label: xyz123 34 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-multiple-operators-in-same-namespace-approve-via-helm-hook-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | community: 7 | name: community-operators 8 | createNamespace: true 9 | targetOwnNamespace: true 10 | otherTargetNamespaces: 11 | 12 | operators: 13 | eso: 14 | channel: stable 15 | installPlanApproval: Manual 16 | name: external-secrets-operator 17 | source: operatorhubio-catalog 18 | sourceNamespace: olm 19 | csv: external-secrets-operator.v0.8.1 20 | namespace: community-operators 21 | installPlanVerifierActiveDeadlineSeconds: 1200 22 | argocd: 23 | channel: alpha 24 | installPlanApproval: Manual 25 | name: argocd-operator 26 | source: operatorhubio-catalog 27 | sourceNamespace: olm 28 | csv: argocd-operator.v0.6.0 29 | namespace: community-operators 30 | installPlanVerifierActiveDeadlineSeconds: 1200 31 | commonLabels: 32 | test-label: xyz123 33 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-old-operator-approve-not-via-helm-hook-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: false 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: external-secrets-operator 7 | createNamespace: true 8 | targetOwnNamespace: false 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - channel: stable 13 | installPlanApproval: Manual 14 | name: external-secrets-operator 15 | source: operatorhubio-catalog 16 | sourceNamespace: olm 17 | csv: external-secrets-operator.v0.8.1 18 | namespace: external-secrets-operator 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | commonLabels: 21 | test-label: xyz123 22 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-old-operator-approve-via-helm-hook-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: external-secrets-operator-1 7 | createNamespace: true 8 | targetOwnNamespace: false 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - channel: stable 13 | installPlanApproval: Manual 14 | name: external-secrets-operator 15 | source: operatorhubio-catalog 16 | sourceNamespace: olm 17 | csv: external-secrets-operator.v0.8.1 18 | namespace: external-secrets-operator-1 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | commonLabels: 21 | test-label: xyz123 22 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-operator-first-time-with-automatic-intermediate-manual-upgrades-values.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: 2 | # this doesn't REALLY do a hard core test of the `automaticIntermediateManualUpgrades` option 3 | # because the operator is not already installed, but it does at least test some of the code path 4 | 5 | approveManualInstallPlanViaHook: true 6 | 7 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 8 | 9 | operatorGroups: 10 | - name: argocd-operator-1 11 | createNamespace: true 12 | targetOwnNamespace: true 13 | otherTargetNamespaces: 14 | 15 | operators: 16 | - name: argocd-operator 17 | channel: alpha 18 | csv: argocd-operator.v0.6.0 19 | installPlanApproval: Manual 20 | source: operatorhubio-catalog 21 | sourceNamespace: olm 22 | namespace: argocd-operator-1 23 | installPlanVerifierActiveDeadlineSeconds: 1200 24 | automaticIntermediateManualUpgrades: true 25 | config: 26 | env: 27 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 28 | value: "true" 29 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-operator-subscription-with-config-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: argocd-operator-2 7 | createNamespace: true 8 | targetOwnNamespace: true 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - name: argocd-operator 13 | channel: alpha 14 | csv: argocd-operator.v0.6.0 15 | installPlanApproval: Manual 16 | source: operatorhubio-catalog 17 | sourceNamespace: olm 18 | namespace: argocd-operator-2 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | config: 21 | env: 22 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 23 | value: "true" 24 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-operator-with-channel-number-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: true 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | - name: aqua-operator 7 | createNamespace: true 8 | targetOwnNamespace: true 9 | otherTargetNamespaces: 10 | 11 | operators: 12 | - name: aqua 13 | channel: 2022.4.0 14 | csv: aqua-operator.2022.4.14 15 | installPlanApproval: Manual 16 | source: operatorhubio-catalog 17 | sourceNamespace: olm 18 | namespace: aqua-operator 19 | installPlanVerifierActiveDeadlineSeconds: 1200 20 | -------------------------------------------------------------------------------- /charts/operators-installer/ci/test-install-operator-with-long-name-values.yaml: -------------------------------------------------------------------------------- 1 | approveManualInstallPlanViaHook: false 2 | 3 | installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15 4 | 5 | operatorGroups: 6 | cmo: 7 | name: costmanagement-metrics-operator 8 | createNamespace: true 9 | targetOwnNamespace: false 10 | otherTargetNamespaces: 11 | 12 | operators: 13 | cmo: 14 | name: costmanagement-metrics-operator 15 | channel: stable 16 | csv: costmanagement-metrics-operator.2.0.0 17 | installPlanApproval: Manual 18 | source: operatorhubio-catalog 19 | sourceNamespace: olm 20 | namespace: costmanagement-metrics-operator 21 | installPlanVerifierActiveDeadlineSeconds: 1200 22 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/ConfigMap_operators-installer-approver-scripts.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.operators }} 2 | {{- if eq .installPlanApproval "Manual" }} 3 | --- 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "operators-installer.scriptsName" . }} 8 | namespace: {{ .namespace | default $.Release.Namespace }} 9 | labels: 10 | {{- include "operators-installer.labels" $ | nindent 4 }} 11 | annotations: 12 | {{- if $.Values.approveManualInstallPlanViaHook }} 13 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 14 | "helm.sh/hook-weight": "10" 15 | {{- else }} 16 | argocd.argoproj.io/sync-wave: "-30" 17 | {{- end }} 18 | data: 19 | installplan_utils.py: |- 20 | {{ tpl ( $.Files.Get "_scripts/installplan_utils.py" ) $ | indent 4 }} 21 | installplan-approver.py: |- 22 | {{ tpl ( $.Files.Get "_scripts/installplan-approver.py" ) $ | indent 4 }} 23 | installplan-incremental-approver.py: |- 24 | {{ tpl ( $.Files.Get "_scripts/installplan-incremental-approver.py" ) $ | indent 4 }} 25 | installplan-verifier.py: |- 26 | {{ tpl ( $.Files.Get "_scripts/installplan-verifier.py" ) $ | indent 4 }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/Namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- range $operatorGroup := .Values.operatorGroups }} 2 | {{- if $operatorGroup.createNamespace }} 3 | --- 4 | apiVersion: v1 5 | kind: Namespace 6 | metadata: 7 | name: {{ .name | default $.Release.Namespace }} 8 | labels: 9 | {{- include "operators-installer.labels" $ | nindent 4 }} 10 | annotations: 11 | argocd.argoproj.io/sync-wave: "-60" 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/OperatorGroup.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- range .Values.operatorGroups }} 3 | --- 4 | apiVersion: operators.coreos.com/v1 5 | kind: OperatorGroup 6 | metadata: 7 | name: {{ .name | default $.Release.Namespace }} 8 | namespace: {{ .name | default $.Release.Namespace }} 9 | labels: 10 | {{- include "operators-installer.labels" $ | nindent 4 }} 11 | annotations: 12 | argocd.argoproj.io/sync-wave: "-50" 13 | {{- if or .targetOwnNamespace .otherTargetNamespaces }} 14 | spec: 15 | targetNamespaces: 16 | {{- if .targetOwnNamespace }} 17 | - {{ .name | default $.Release.Namespace }} 18 | {{- end }} 19 | {{- range $otherTargetNamespace := .otherTargetNamespaces }} 20 | - {{ $otherTargetNamespace }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/RoleBinding_installplan-approvers.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Create one RoleBinding per operator that needs to be approved. 3 | NOTE: used to do this one per namespace, but that has issues if using this chart as dependency in multiple parent charts that are all 4 | installing into the same namespace. So while this creates more resources, it allows for more robust use. 5 | */}} 6 | {{- range .Values.operators }} 7 | {{- if eq .installPlanApproval "Manual" }} 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: RoleBinding 11 | metadata: 12 | name: {{ include "operators-installer.approverName" . }} 13 | namespace: {{ .namespace | default $.Release.Namespace }} 14 | labels: 15 | {{- include "operators-installer.labels" $ | nindent 4 }} 16 | annotations: 17 | {{- if $.Values.approveManualInstallPlanViaHook }} 18 | "helm.sh/hook": post-install,post-upgrade 19 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 20 | "helm.sh/hook-weight": "10" 21 | {{- else }} 22 | argocd.argoproj.io/sync-wave: "-30" 23 | {{- end }} 24 | roleRef: 25 | apiGroup: rbac.authorization.k8s.io 26 | kind: Role 27 | name: {{ include "operators-installer.approverName" . }} 28 | subjects: 29 | - kind: ServiceAccount 30 | name: {{ include "operators-installer.approverName" . }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/Role_installplan-approver.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Create one Role per operator that needs to be approved. 3 | NOTE: used to do this one per namespace, but that has issues if using this chart as dependency in multiple parent charts that are all 4 | installing into the same namespace. So while this creates more resources, it allows for more robust use. 5 | */}} 6 | {{- range .Values.operators }} 7 | {{- if eq .installPlanApproval "Manual" }} 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: {{ include "operators-installer.approverName" . }} 13 | namespace: {{ .namespace | default $.Release.Namespace }} 14 | labels: 15 | {{- include "operators-installer.labels" $ | nindent 4 }} 16 | annotations: 17 | {{- if $.Values.approveManualInstallPlanViaHook }} 18 | "helm.sh/hook": post-install,post-upgrade 19 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 20 | "helm.sh/hook-weight": "10" 21 | {{- else }} 22 | argocd.argoproj.io/sync-wave: "-30" 23 | {{- end }} 24 | rules: 25 | - apiGroups: 26 | - operators.coreos.com 27 | resources: 28 | - installplans 29 | - subscriptions 30 | - clusterserviceversions 31 | verbs: 32 | - get 33 | - list 34 | - patch 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/ServiceAccount_installplan-approver.yaml: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Create one SA per operator that needs to be approved. 3 | NOTE: used to do this one per namespace, but that has issues if using this chart as dependency in multiple parent charts that are all 4 | installing into the same namespace. So while this creates more resources, it allows for more robust use. 5 | */}} 6 | {{- range .Values.operators }} 7 | {{- if eq .installPlanApproval "Manual" }} 8 | --- 9 | apiVersion: v1 10 | kind: ServiceAccount 11 | metadata: 12 | name: {{ include "operators-installer.approverName" . }} 13 | namespace: {{ .namespace | default $.Release.Namespace }} 14 | labels: 15 | {{- include "operators-installer.labels" $ | nindent 4 }} 16 | annotations: 17 | {{- if $.Values.approveManualInstallPlanViaHook }} 18 | "helm.sh/hook": post-install,post-upgrade 19 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 20 | "helm.sh/hook-weight": "10" 21 | {{- else }} 22 | argocd.argoproj.io/sync-wave: "-30" 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/operators-installer/templates/Subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.operators }} 2 | --- 3 | # create one Subscription per operator 4 | apiVersion: operators.coreos.com/v1alpha1 5 | kind: Subscription 6 | metadata: 7 | name: {{ .name }} 8 | namespace: {{ .namespace | default $.Release.Namespace }} 9 | labels: 10 | {{- include "operators-installer.labels" $ | nindent 4 }} 11 | annotations: 12 | argocd.argoproj.io/sync-wave: "-40" 13 | spec: 14 | channel: "{{ .channel }}" 15 | {{- if .config }} 16 | config: 17 | {{ .config | toYaml | indent 4 | trim }} 18 | {{- end }} 19 | installPlanApproval: "{{ .installPlanApproval }}" 20 | name: "{{ .name }}" 21 | source: "{{ .source }}" 22 | sourceNamespace: "{{ .sourceNamespace }}" 23 | startingCSV: "{{ .csv }}" 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/owncloud/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/owncloud/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: owncloud 3 | description: A Helm chart for Owncloud 4 | type: application 5 | version: 0.0.23 6 | appVersion: latest 7 | home: https://github.com/redhat-cop/helm-charts 8 | icon: https://alternative.me/media/256/owncloud-icon-ge0uksoxjjfyflu8-c.png 9 | maintainers: 10 | - name: eformat 11 | -------------------------------------------------------------------------------- /charts/owncloud/templates/cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: {{ include "owncloud.fullname" . }} 5 | labels: 6 | {{- include "owncloud.labels" . | nindent 4 }} 7 | spec: 8 | concurrencyPolicy: Allow 9 | failedJobsHistoryLimit: 5 10 | jobTemplate: 11 | metadata: 12 | creationTimestamp: null 13 | spec: 14 | template: 15 | metadata: 16 | creationTimestamp: null 17 | spec: 18 | containers: 19 | - args: 20 | - curl 21 | - http://{{ include "owncloud.fullname" . }}:8080/cron.php 22 | image: {{ .Values.image.owncloud.repository }}:{{ .Chart.AppVersion }} 23 | imagePullPolicy: Always 24 | name: webcron 25 | resources: {} 26 | terminationMessagePath: /dev/termination-log 27 | terminationMessagePolicy: File 28 | dnsPolicy: ClusterFirst 29 | restartPolicy: OnFailure 30 | schedulerName: default-scheduler 31 | securityContext: {} 32 | terminationGracePeriodSeconds: 30 33 | schedule: '*/15 * * * *' 34 | successfulJobsHistoryLimit: 0 35 | suspend: false 36 | -------------------------------------------------------------------------------- /charts/owncloud/templates/mariadb-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "mariadb.fullname" . }} 6 | labels: 7 | {{- include "mariadb.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistent.mariadb.accessMode | default " ReadWriteOnce" }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistent.mariadb.volume.size | default " 10Gi" }} 14 | -------------------------------------------------------------------------------- /charts/owncloud/templates/mariadb-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "mariadb.fullname" . }} 6 | labels: 7 | {{- include "mariadb.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.service.mariadb.type }} 10 | ports: 11 | - port: {{ .Values.service.mariadb.port }} 12 | targetPort: mariadb 13 | protocol: TCP 14 | name: mariadb 15 | selector: 16 | {{- include "mariadb.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/owncloud/templates/owncloud-is.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.openshift.io/v1 3 | kind: ImageStream 4 | metadata: 5 | name: {{ include "owncloud.fullname" . }} 6 | labels: 7 | {{- include "owncloud.labels" . | nindent 4 }} 8 | spec: 9 | tags: 10 | - annotations: 11 | openshift.io/imported-from: owncloud 12 | from: 13 | kind: DockerImage 14 | name: {{ .Values.image.owncloud.repository }}:{{ .Chart.AppVersion }} 15 | importPolicy: {} 16 | name: {{ .Chart.AppVersion }} 17 | -------------------------------------------------------------------------------- /charts/owncloud/templates/owncloud-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "owncloud.fullname" . }} 6 | labels: 7 | {{- include "owncloud.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistent.owncloud.accessMode | default " ReadWriteOnce" }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistent.owncloud.volume.size | default " 100Gi" }} 14 | -------------------------------------------------------------------------------- /charts/owncloud/templates/owncloud-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "owncloud.fullname" . }} 6 | labels: 7 | {{- include "owncloud.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.service.owncloud.type }} 10 | ports: 11 | - port: {{ .Values.service.owncloud.port }} 12 | targetPort: http 13 | protocol: TCP 14 | name: http 15 | selector: 16 | {{- include "owncloud.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/owncloud/templates/redis-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ include "redis.fullname" . }} 6 | labels: 7 | {{- include "redis.labels" . | nindent 4 }} 8 | spec: 9 | accessModes: 10 | - {{ .Values.persistent.redis.accessMode | default " ReadWriteOnce" }} 11 | resources: 12 | requests: 13 | storage: {{ .Values.persistent.redis.volume.size | default " 1Gi" }} 14 | -------------------------------------------------------------------------------- /charts/owncloud/templates/redis-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "redis.fullname" . }} 6 | labels: 7 | {{- include "redis.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.service.redis.type }} 10 | ports: 11 | - port: {{ .Values.service.redis.port }} 12 | targetPort: redis 13 | protocol: TCP 14 | name: redis 15 | selector: 16 | {{- include "redis.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/owncloud/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route }} 2 | --- 3 | apiVersion: route.openshift.io/v1 4 | kind: Route 5 | metadata: 6 | name: {{ include "owncloud.fullname" . }} 7 | labels: 8 | {{- include "owncloud.labels" . | nindent 4 }} 9 | spec: 10 | host: {{ .Values.hostname | quote }} 11 | port: 12 | targetPort: http 13 | to: 14 | kind: Service 15 | name: {{ include "owncloud.fullname" . }} 16 | weight: 100 17 | wildcardPolicy: None 18 | tls: 19 | insecureEdgeTerminationPolicy: Redirect 20 | termination: edge 21 | status: 22 | ingress: 23 | - conditions: 24 | - status: 'True' 25 | type: Admitted 26 | {{ end }} 27 | -------------------------------------------------------------------------------- /charts/owncloud/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "owncloud.serviceAccountName" . }} 6 | labels: 7 | {{- include "owncloud.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/pact-broker/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/pact-broker/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "latest" 3 | description: A Helm chart for deploying Pact Broker on OpenShift 🔗 4 | name: pact-broker 5 | version: 0.0.10 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://img.stackshare.io/service/11305/pact.png 8 | maintainers: 9 | - name: mvmaestri 10 | - name: gsampaio 11 | - name: springdo 12 | -------------------------------------------------------------------------------- /charts/pact-broker/templates/postgres-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: postgresql-{{ .Values.appName }} 6 | labels: 7 | app: {{ .Values.appName }} 8 | spec: 9 | ports: 10 | - name: postgresql 11 | port: {{ .Values.postgresql.service.port | default "5432" }} 12 | protocol: TCP 13 | targetPort: {{ .Values.postgresql.service.port | default "5432" }} 14 | selector: 15 | app: {{ .Values.appName }} 16 | deploymentconfig: postgresql-{{ .Values.appName }} 17 | sessionAffinity: None 18 | type: {{ .Values.postgresql.service.type | default "ClusterIP" }} 19 | -------------------------------------------------------------------------------- /charts/pact-broker/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.postgresql }} 2 | --- 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | labels: 7 | app: {{ .Values.appName }} 8 | deploymentconfig: postgresql-{{ .Values.appName }} 9 | name: postgresql-{{ .Values.appName }}-data 10 | spec: 11 | accessModes: 12 | - {{ .Values.postgresql.persistent.accessMode | default " ReadWriteOnce" }} 13 | resources: 14 | requests: 15 | storage: {{ .Values.postgresql.persistent.volume.size | default " 5Gi" }} 16 | {{ end }} 17 | -------------------------------------------------------------------------------- /charts/pact-broker/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route }} 2 | --- 3 | apiVersion: route.openshift.io/v1 4 | kind: Route 5 | metadata: 6 | annotations: 7 | openshift.io/host.generated: "true" 8 | name: {{ .Values.appName }} 9 | labels: 10 | app: {{ .Values.appName }} 11 | spec: 12 | host: {{ .Values.route.host | quote }} 13 | port: 14 | targetPort: {{ .Values.route.targetPort | default "8080" }}-tcp 15 | to: 16 | kind: Service 17 | name: {{ .Values.appName }} 18 | weight: 100 19 | status: 20 | ingress: 21 | - conditions: 22 | - status: 'True' 23 | type: Admitted 24 | {{ end }} 25 | -------------------------------------------------------------------------------- /charts/pact-broker/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ .Values.appName }}-secrets 7 | labels: 8 | app: {{ .Values.appName }} 9 | credential.sync.jenkins.openshift.io: "true" 10 | stringData: 11 | pact_broker_database_username: {{ .Values.secrets.values.pactBrokerDatabaseUsername }} 12 | pact_broker_database_password: {{ .Values.secrets.values.pactBrokerDatabasePassword }} 13 | pact_broker_admin: {{ .Values.secrets.values.pactBrokerBasicAuthUsername}} 14 | pact_broker_admin_password: {{ .Values.secrets.values.pactBrokerBasicAuthPassword }} 15 | pact_broker_user: {{ .Values.secrets.values.pactBrokerBasicAuthUsername }} 16 | pact_broker_user_password: {{ .Values.secrets.values.pactBrokerBasicAuthPassword }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/pact-broker/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ .Values.appName }} 7 | labels: 8 | app: {{ .Values.appName }} 9 | spec: 10 | ports: 11 | - name: {{ .Values.service.port | default "8080" }}-tcp 12 | port: {{ .Values.service.port | default "8080" }} 13 | protocol: TCP 14 | targetPort: {{ .Values.service.port | default "8080" }} 15 | selector: 16 | deploymentconfig: {{ .Values.appName }} 17 | sessionAffinity: None 18 | type: {{ .Values.service.type | default "ClusterIP" }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/ploigos/.test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | trap "exit 1" TERM 4 | export TOP_PID=$$ 5 | 6 | export project_name="ploigos1-$(date +'%d%m%Y')" 7 | 8 | install() { 9 | echo "install - $(pwd)" 10 | 11 | oc new-project ${project_name} 12 | helm upgrade --install ploigos -f values.yaml --set-string operator.namespaces[0].name=${project_name} . --namespace ${project_name} 13 | } 14 | 15 | test() { 16 | echo "test - $(pwd)" 17 | 18 | timeout 2m bash <<"EOT" 19 | run() { 20 | echo "Attempting oc get deployment/tssc-operator-controller-manager" 21 | 22 | while [[ $(oc get deployment/tssc-operator-controller-manager -o name -n ${project_name}) != 'deployment.apps/tssc-operator-controller-manager' ]]; do 23 | sleep 10 24 | done 25 | } 26 | 27 | run 28 | EOT 29 | 30 | oc rollout status Deployment/tssc-operator-controller-manager -n ${project_name} --watch=true 31 | } 32 | 33 | cleanup() { 34 | echo "cleanup - $(pwd)" 35 | oc delete tsscplatforms/tsscplatform --wait -n ${project_name} 36 | helm uninstall ploigos --namespace ${project_name} 37 | oc delete all --all -n ${project_name} 38 | oc delete project/${project_name} 39 | } 40 | 41 | # Process arguments 42 | case $1 in 43 | install) 44 | install 45 | ;; 46 | test) 47 | test 48 | ;; 49 | cleanup) 50 | cleanup 51 | ;; 52 | *) 53 | echo "Not an option" 54 | exit 1 55 | esac 56 | -------------------------------------------------------------------------------- /charts/ploigos/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ploigos 3 | description: A Helm chart for Ploigos - Trusted Software Supply Chain 4 | type: application 5 | version: 0.0.9 6 | appVersion: 0.2.7 7 | home: https://github.com/redhat-cop/helm-charts 8 | maintainers: 9 | - name: eformat 10 | -------------------------------------------------------------------------------- /charts/ploigos/README.md: -------------------------------------------------------------------------------- 1 | # Ploigos 2 | 3 | A Wrapper Helm Chart to deploy the [ploigos platform](https://github.com/ploigos) - check there for the full ploigos documentation. In particular [the operator repository.](https://github.com/ploigos/ploigos-software-factory-operator) 4 | 5 | Plogios is an opinionated trusted software supply chain utilizing this toolchain: 6 | 7 | - Tekton 8 | - Jenkins 9 | - Quay 10 | - Keycloak 11 | - ArgoCD 12 | - Gitea 13 | - Sonarqube 14 | - Code Ready Workspaces 15 | - Mattermost 16 | - Nexus 17 | - Selenium Grid 18 | 19 | The pipeline steps are implemented in python using this [step-runner-library](https://github.com/ploigos/ploigos-step-runner). 20 | 21 | Once you have installed the platform you can use the `TsscPipeline CRD` 22 | 23 | ## Installation 24 | 25 | Add the chart repo 26 | ```bash 27 | helm repo add redhat-cop https://redhat-cop.github.io/helm-charts 28 | helm repo update 29 | ``` 30 | 31 | Once to TSSC CRD has been installed in the cluster, install the operator and platform into the `devsecops` namespace 32 | ```bash 33 | helm upgrade --install ploigos redhat-cop/ploigos --namespace devsecops --create-namespace 34 | ``` 35 | ## Deleting 36 | 37 | To delete the installation run 38 | ```bash 39 | ./delete-tssc.sh 40 | ``` 41 | -------------------------------------------------------------------------------- /charts/ploigos/delete-tssc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | oc delete tsscplatforms tsscplatform --wait 4 | helm uninstall ploigos --namespace devsecops 5 | oc delete all --all -n devsecops 6 | oc delete project devsecops 7 | -------------------------------------------------------------------------------- /charts/ploigos/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | -------------------------------------------------------------------------------- /charts/ploigos/templates/catalog-source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: CatalogSource 4 | metadata: 5 | name: redhatgov-operators 6 | namespace: openshift-marketplace 7 | spec: 8 | sourceType: grpc 9 | image: quay.io/redhatgov/operator-catalog:latest 10 | displayName: Red Hat NAPS Community Operators 11 | publisher: RedHatGov 12 | -------------------------------------------------------------------------------- /charts/ploigos/templates/crd-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: crd-reader 6 | annotations: 7 | "helm.sh/hook": post-install,post-upgrade 8 | "helm.sh/hook-weight": "-5" 9 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 10 | rules: 11 | - apiGroups: 12 | - apiextensions.k8s.io 13 | resources: 14 | - 'customresourcedefinitions' 15 | verbs: 16 | - get 17 | - list 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: crd-reader-binding 23 | annotations: 24 | "helm.sh/hook": post-install,post-upgrade 25 | "helm.sh/hook-weight": "-5" 26 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 27 | roleRef: 28 | apiGroup: rbac.authorization.k8s.io 29 | kind: ClusterRole 30 | name: crd-reader 31 | subjects: 32 | - kind: ServiceAccount 33 | name: default 34 | namespace: {{ .Release.Namespace }} 35 | -------------------------------------------------------------------------------- /charts/ploigos/templates/delete-csv-hook-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: csv-deleter 6 | annotations: 7 | "helm.sh/hook": post-delete 8 | "helm.sh/hook-weight": "1" 9 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 10 | rules: 11 | - apiGroups: 12 | - operators.coreos.com 13 | resources: 14 | - clusterserviceversions 15 | verbs: 16 | - delete 17 | - list 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: csv-deleters 23 | annotations: 24 | "helm.sh/hook": post-delete 25 | "helm.sh/hook-weight": "1" 26 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 27 | roleRef: 28 | apiGroup: rbac.authorization.k8s.io 29 | kind: Role 30 | name: csv-deleter 31 | subjects: 32 | - kind: ServiceAccount 33 | name: delete-csv-job 34 | --- 35 | apiVersion: v1 36 | kind: ServiceAccount 37 | metadata: 38 | name: delete-csv-job 39 | annotations: 40 | "helm.sh/hook": post-delete 41 | "helm.sh/hook-weight": "1" 42 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 43 | -------------------------------------------------------------------------------- /charts/ploigos/templates/delete-csv-hook.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: delete-csv 6 | annotations: 7 | "helm.sh/hook": post-delete 8 | "helm.sh/hook-weight": "2" 9 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 10 | spec: 11 | template: 12 | spec: 13 | containers: 14 | - image: quay.io/openshift/origin-cli:latest 15 | command: 16 | - /bin/bash 17 | - -c 18 | - | 19 | oc delete $(oc get subscription -o name) & oc delete $(oc get csv -l 'olm.copiedFrom notin (openshift-operators)' -o name) 20 | imagePullPolicy: Always 21 | name: installplan-approver 22 | dnsPolicy: ClusterFirst 23 | restartPolicy: OnFailure 24 | serviceAccount: delete-csv-job 25 | serviceAccountName: delete-csv-job 26 | terminationGracePeriodSeconds: 10 27 | -------------------------------------------------------------------------------- /charts/ploigos/templates/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.namespaces }} 2 | {{- range $op := .Values.operator.namespaces }} 3 | {{- if $op.operatorgroup }} 4 | {{- if $op.operatorgroup.create }} 5 | {{- $og := $op.operatorgroup }} 6 | --- 7 | apiVersion: operators.coreos.com/v1 8 | kind: OperatorGroup 9 | metadata: 10 | annotations: 11 | olm.providedAPIs: "" 12 | name: {{ $op.name }}-operatorgroup 13 | namespace: {{ $op.name }} 14 | spec: 15 | targetNamespaces: 16 | - {{ $op.name }} 17 | {{- end }} 18 | {{- end }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/ploigos/templates/subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.namespaces }} 2 | {{- range $key := .Values.operator.namespaces }} 3 | {{ $ns:= printf "%s" .name}} 4 | --- 5 | apiVersion: operators.coreos.com/v1alpha1 6 | kind: Subscription 7 | metadata: 8 | labels: 9 | operators.coreos.com/ploigos-software-factory-operator.{{ $ns }}: "" 10 | name: {{ $key.operatorname }} 11 | namespace: {{ $ns }} 12 | spec: 13 | channel: {{ $key.channel }} 14 | installPlanApproval: Automatic 15 | name: {{ $key.operatorname }} 16 | source: redhatgov-operators 17 | sourceNamespace: openshift-marketplace 18 | startingCSV: {{ $key.version }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/ploigos/templates/tsscplatform-cr.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.operator.namespaces }} 2 | {{- range $key := .Values.operator.namespaces }} 3 | --- 4 | apiVersion: redhatgov.io/v1alpha1 5 | kind: TsscPlatform 6 | metadata: 7 | annotations: 8 | "helm.sh/hook": post-install,post-upgrade 9 | "helm.sh/hook-weight": "25" 10 | namespace: {{ $key.name }} 11 | name: tsscplatform 12 | spec: 13 | tsscPlatform: 14 | pullSecret: 15 | name: installation-pull-secrets 16 | namespace: openshift-image-registry 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/ploigos/templates/wait-for-crd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: cluster-check 6 | annotations: 7 | "helm.sh/hook": post-install,post-upgrade 8 | "helm.sh/hook-weight": "-1" 9 | "helm.sh/hook-delete-policy": hook-succeeded,hook-failed 10 | spec: 11 | containers: 12 | - name: crd-check 13 | image: quay.io/openshift/origin-cli:4.6 14 | imagePullPolicy: IfNotPresent 15 | command: ['sh', '-c', 'while [ true ]; do oc get crd tsscplatforms.redhatgov.io; if [ $? -eq 0 ]; then break; fi ; sleep 5s; done'] 16 | restartPolicy: Never 17 | terminationGracePeriodSeconds: 0 18 | serviceAccount: default 19 | serviceAccountName: default 20 | -------------------------------------------------------------------------------- /charts/ploigos/values.yaml: -------------------------------------------------------------------------------- 1 | # deploy a tssc platform to these namespaces 2 | operator: 3 | namespaces: 4 | - name: devsecops 5 | version: ploigos-software-factory-operator.v0.2.7 6 | channel: alpha 7 | operatorname: ploigos-software-factory-operator 8 | operatorgroup: 9 | create: true 10 | -------------------------------------------------------------------------------- /charts/quay/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: quay 3 | description: Create quay registry 4 | type: application 5 | version: 0.0.2 6 | icon: https://avatars1.githubusercontent.com/u/68044996?s=200&v=4 7 | maintainers: 8 | - name: willsparker 9 | - name: ckavili 10 | -------------------------------------------------------------------------------- /charts/quay/templates/ns-quay-enterprise.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: quay-enterprise 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "-1" 9 | {{- if .Values.infra_nodes }} 10 | openshift.io/node-selector: node-role.kubernetes.io/infra= 11 | scheduler.alpha.kubernetes.io/defaultTolerations: >- 12 | [{"operator": "Exists", "effect": "NoSchedule", "key": 13 | "node-role.kubernetes.io/infra"}] 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/quay/templates/quay-registry.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: quay.redhat.com/v1 3 | kind: QuayRegistry 4 | metadata: 5 | name: quay-registry 6 | namespace: quay-enterprise 7 | spec: 8 | {{- if .Values.registry_components }} 9 | components: 10 | {{- .Values.registry_components | toYaml | trim | nindent 4 }} 11 | {{- end }} 12 | configBundleSecret: quay-registry-config-bundle 13 | -------------------------------------------------------------------------------- /charts/quay/templates/secret-quay-registry-config-bundle.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.quay_registry_config_bundle }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: quay-registry-config-bundle 7 | namespace: quay-enterprise 8 | type: Opaque 9 | data: 10 | config.yaml: | 11 | {{- .Values.quay_registry_config_bundle | toYaml | trim | nindent 4 }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/quay/values.yaml: -------------------------------------------------------------------------------- 1 | infra_nodes: false 2 | 3 | quay_registry_config_bundle: 4 | # REGISTRY_TITLE: My Awesome Quay 5 | # add your configuration fields here 6 | 7 | registry_components: 8 | - kind: clair 9 | managed: true 10 | - kind: postgres 11 | managed: true 12 | - kind: objectstorage 13 | managed: true 14 | - kind: redis 15 | managed: true 16 | - kind: horizontalpodautoscaler 17 | managed: true 18 | - kind: route 19 | managed: true 20 | - kind: mirror 21 | managed: true 22 | - kind: monitoring 23 | managed: true 24 | - kind: tls 25 | managed: true 26 | - kind: quay 27 | managed: true 28 | - kind: clairpostgres 29 | managed: true 30 | -------------------------------------------------------------------------------- /charts/sonarqube/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: sonarqube 3 | description: SonarQube is an open sourced code quality scanning tool 4 | version: 0.1.13 5 | appVersion: 9.9.1-community 6 | home: https://github.com/redhat-cop/helm-charts 7 | keywords: 8 | - coverage 9 | - security 10 | - code 11 | - quality 12 | icon: https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg 13 | maintainers: 14 | - name: eformat 15 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/postgres-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.postgresql.enabled }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "postgresql.name" . }} 7 | labels: 8 | app: {{ template "sonarqube.name" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | {{ if .Values.postgresql.annotations}} 13 | annotations: 14 | {{- range $key, $value := .Values.postgresql.annotations }} 15 | {{ $key }}: {{ $value | quote }} 16 | {{- end }} 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | - {{ .Values.postgresql.accessMode | quote }} 21 | resources: 22 | requests: 23 | storage: {{ .Values.postgresql.size | quote }} 24 | {{- if .Values.postgresql.storageClass }} 25 | {{- if (eq "-" .Values.postgresql.storageClass) }} 26 | storageClassName: "" 27 | {{- else }} 28 | storageClassName: "{{ .Values.postgresql.storageClass }}" 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/postgres-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if eq .Values.postgresql.enabled true }} 3 | {{- if not .Values.postgresql.existingSecret }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ template "postgresql.name" . }} 8 | labels: 9 | app: {{ template "sonarqube.name" . }} 10 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | type: Opaque 14 | data: 15 | postgresqlUsername: {{ .Values.postgresql.postgresqlUsername | b64enc | quote }} 16 | postgresqlPassword: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }} 17 | postgresqlDatabase: {{ .Values.postgresql.postgresqlDatabase | b64enc | quote }} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/postgres-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if eq .Values.postgresql.enabled true }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ template "postgresql.name" . }} 7 | labels: 8 | app: {{ .Values.appName }} 9 | spec: 10 | ports: 11 | - name: postgresql 12 | port: {{ .Values.postgresql.service.port | default "5432" }} 13 | protocol: TCP 14 | targetPort: {{ .Values.postgresql.service.port | default "5432" }} 15 | selector: 16 | app: {{ .Values.appName }} 17 | deploymentconfig: {{ template "postgresql.name" . }} 18 | sessionAffinity: None 19 | type: {{ .Values.postgresql.service.type | default "ClusterIP" }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-cm-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "sonarqube.fullname" . }}-config 6 | labels: 7 | app: {{ template "sonarqube.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | data: 12 | {{- if and .Values.sonarSecretKey (not .Values.sonarProperties) (not .Values.elasticsearch.bootstrapChecks) }} 13 | sonar.properties: sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt 14 | {{- end }} 15 | {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} 16 | sonar.properties: 17 | {{ range $key, $val := .Values.sonarProperties }} 18 | {{ $key }}={{ $val }} 19 | {{ end }} 20 | {{- if not .Values.elasticsearch.bootstrapChecks }} 21 | sonar.es.bootstrap.checks.disable=true 22 | {{- end }} 23 | {{- end }} 24 | {{- if and .Values.sonarSecretKey .Values.sonarProperties }} 25 | sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-cm-install-plugins.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "sonarqube.fullname" . }}-install-plugins 6 | labels: 7 | app: {{ template "sonarqube.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | data: 12 | install_plugins.sh: |- 13 | cd {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp 14 | {{- if .Values.plugins.httpProxy }} 15 | export http_proxy={{ .Values.plugins.httpProxy }} 16 | {{- end }} 17 | {{- if .Values.plugins.httpsProxy }} 18 | export https_proxy={{ .Values.plugins.httpsProxy }} 19 | {{- end }} 20 | {{- if .Values.plugins.install }} 21 | {{ range $index, $val := .Values.plugins.install }}echo {{ $val | quote }} >> plugins.txt 22 | {{ end }} 23 | cat plugins.txt | xargs -n 1 -P 8 wget --no-check-certificate 24 | rm plugins.txt 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "sonarqube.fullname" . }} 7 | labels: 8 | app: {{ template "sonarqube.name" . }} 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | release: "{{ .Release.Name }}" 11 | heritage: "{{ .Release.Service }}" 12 | {{ if .Values.persistence.annotations}} 13 | annotations: 14 | {{- range $key, $value := .Values.persistence.annotations }} 15 | {{ $key }}: {{ $value | quote }} 16 | {{- end }} 17 | {{- end }} 18 | spec: 19 | accessModes: 20 | - {{ .Values.persistence.accessMode | quote }} 21 | resources: 22 | requests: 23 | storage: {{ .Values.persistence.size | quote }} 24 | {{- if .Values.persistence.storageClass }} 25 | {{- if (eq "-" .Values.persistence.storageClass) }} 26 | storageClassName: "" 27 | {{- else }} 28 | storageClassName: "{{ .Values.persistence.storageClass }}" 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-route.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.route.enabled }} 3 | apiVersion: route.openshift.io/v1 4 | kind: Route 5 | metadata: 6 | annotations: 7 | openshift.io/host.generated: "true" 8 | name: {{ .Values.appName }} 9 | labels: 10 | app: {{ .Values.appName }} 11 | spec: 12 | host: {{ .Values.route.host | quote }} 13 | tls: 14 | insecureEdgeTerminationPolicy: Redirect 15 | termination: edge 16 | port: 17 | targetPort: {{ .Values.route.targetPort | default "8080-tcp" }} 18 | to: 19 | kind: Service 20 | name: {{ template "sonarqube.fullname" . }} 21 | weight: 100 22 | status: 23 | ingress: 24 | - conditions: 25 | - status: 'True' 26 | type: Admitted 27 | {{ end }} 28 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "sonarqube.fullname" . }} 6 | labels: 7 | app: {{ template "sonarqube.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- range $key, $value := .Values.service.labels }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{ if .Values.service.annotations}} 15 | annotations: 16 | {{- range $key, $value := .Values.service.annotations }} 17 | {{ $key }}: {{ $value | quote }} 18 | {{- end }} 19 | {{- end }} 20 | spec: 21 | type: {{ .Values.service.type | default "ClusterIP" }} 22 | ports: 23 | - port: {{ .Values.service.externalPort }} 24 | targetPort: http 25 | protocol: TCP 26 | name: http 27 | selector: 28 | app: {{ template "sonarqube.name" . }} 29 | release: {{ .Release.Name }} 30 | {{- if eq .Values.service.type "LoadBalancer"}} 31 | {{- if .Values.service.loadBalancerSourceRanges }} 32 | loadBalancerSourceRanges: 33 | {{- range .Values.service.loadBalancerSourceRanges }} 34 | - {{ . }} 35 | {{- end }} 36 | {{- end -}} 37 | {{- if .Values.service.loadBalancerIP}} 38 | loadBalancerIP: {{.Values.service.loadBalancerIP}} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonar-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.serviceAccount.create }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | {{- if .Values.serviceAccount.name }} 7 | name: {{ .Values.serviceAccount.name }} 8 | {{- else }} 9 | name: {{ include "sonarqube.fullname" . }} 10 | {{- end }} 11 | {{- if .Values.serviceAccount.annotations }} 12 | annotations: 13 | {{ toYaml .Values.serviceAccount.annotations | indent 4 }} 14 | {{- end }} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /charts/sonarqube/templates/sonarqube-admin-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | {{- if .Values.account }} 3 | {{- if not .Values.account.existingSecret }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ template "sonarqube.fullname" . }} 8 | labels: 9 | app: {{ template "sonarqube.name" . }} 10 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | type: Opaque 14 | data: 15 | username: {{- if and (.Values.account ) }} {{ .Values.account.username | b64enc | quote }} {{- else }} {{ default "admin" | b64enc | quote }} {{- end }} 16 | password: {{- if and (.Values.account ) }} {{ .Values.account.password | b64enc | quote }} {{- else }} {{ default "admin" | b64enc | quote }} {{- end }} 17 | currentAdminPassword: {{- if and (.Values.account) }} {{ .Values.account.currentAdminPassword | b64enc | quote }} {{- else }} {{ default "admin" | b64enc | quote }} {{- end }} 18 | {{- end -}} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | # OWNERS file for Kubernetes 23 | OWNERS 24 | *.tar 25 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/.test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | trap "exit 1" TERM 4 | export TOP_PID=$$ 5 | 6 | export project_name="sonatypenexus-$(date +'%d%m%Y')" 7 | 8 | install() { 9 | echo "install - $(pwd)" 10 | 11 | oc new-project ${project_name} 12 | helm template nexus --skip-tests . | oc apply -f - 13 | } 14 | 15 | test() { 16 | echo "test - $(pwd)" 17 | 18 | oc rollout status Deployment/nexus-sonatype-nexus -n ${project_name} --watch=true 19 | 20 | timeout 2m bash <<"EOT" 21 | run() { 22 | host=$(oc get route/nexus -o jsonpath='{.spec.host}' -n ${project_name}) 23 | echo "Attempting $host" 24 | 25 | while [[ $(curl -L -k -s -o /dev/null -w '%{http_code}' https://${host}) != '200' ]]; do 26 | sleep 10 27 | done 28 | } 29 | 30 | run 31 | EOT 32 | 33 | if [[ $? != 0 ]]; then 34 | echo "CURL timed-out. Failing" 35 | 36 | host=$(oc get route/nexus -o jsonpath='{.spec.host}' -n ${project_name}) 37 | curl -L -k -vvv "https://${host}" 38 | exit 1 39 | fi 40 | 41 | echo "Test complete" 42 | } 43 | 44 | cleanup() { 45 | echo "cleanup - $(pwd)" 46 | oc delete project/${project_name} 47 | } 48 | 49 | # Process arguments 50 | case $1 in 51 | install) 52 | install 53 | ;; 54 | test) 55 | test 56 | ;; 57 | cleanup) 58 | cleanup 59 | ;; 60 | *) 61 | echo "Not an option" 62 | exit 1 63 | esac 64 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 3.43.0 3 | description: Sonatype Nexus is an open source repository manager 4 | home: https://github.com/redhat-cop/helm-charts 5 | name: sonatype-nexus 6 | sources: 7 | - https://github.com/sonatype/nexus-public 8 | icon: https://help.sonatype.com/docs/files/331022/34537964/3/1564671303641/NexusRepo_Icon.png 9 | version: 1.1.13 10 | maintainers: 11 | - name: eformat 12 | - name: ckavili 13 | - name: springdo 14 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "nexus.name" . }}-conf 6 | labels: 7 | {{ include "nexus.labels" . | indent 4 }} 8 | {{- if .Values.nexus.labels }} 9 | {{ toYaml .Values.nexus.labels | indent 4 }} 10 | {{- end }} 11 | data: 12 | {{ toYaml .Values.config.data | indent 2 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/image-pull-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.nexus.imagePullSecret -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "nexus.name" . }} 6 | data: 7 | .dockerconfigjson: {{ .Values.nexus.imagePullSecret }} 8 | 9 | type: kubernetes.io/dockerconfigjson 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "nexus.fullname" . }} 6 | labels: 7 | {{ include "nexus.labels" . | indent 4 }} 8 | annotations: 9 | {{- range $key, $value := .Values.ingress.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | spec: 13 | rules: 14 | {{- with .Values.ingress.rules }} 15 | {{ toYaml . | indent 2 }} 16 | {{- end -}} 17 | {{- if .Values.ingress.tls.enabled }} 18 | tls: 19 | - hosts: 20 | {{- if .Values.ingress.tls.secretName }} 21 | secretName: {{ .Values.ingress.tls.secretName | quote }} 22 | {{- end }} 23 | {{- end -}} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/proxy-route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.nexusProxyRoute.enabled }} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: {{ template "nexus.fullname" . }} 6 | labels: {{ .Values.nexusProxyRoute.labels }} 7 | annotations: 8 | {{- range $key, $value := .Values.nexusProxyRoute.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | spec: 12 | host: {{ .Values.nexusProxyRoute.path }} 13 | port: 14 | targetPort: {{ template "nexus.fullname" . }} 15 | tls: 16 | insecureEdgeTerminationPolicy: Redirect 17 | termination: edge 18 | to: 19 | kind: Service 20 | name: {{ template "nexus.fullname" . }} 21 | weight: 100 22 | wildcardPolicy: None 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/pv.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.statefulset.enabled }} 2 | {{- if .Values.persistence.pdName -}} 3 | apiVersion: v1 4 | kind: PersistentVolume 5 | metadata: 6 | name: {{ .Values.persistence.pdName }} 7 | labels: 8 | {{ include "nexus.labels" . | indent 4 }} 9 | spec: 10 | capacity: 11 | storage: {{ .Values.persistence.storageSize }} 12 | accessModes: 13 | - ReadWriteOnce 14 | claimRef: 15 | namespace: {{ .Release.Namespace }} 16 | name: {{ template "nexus.fullname" . }}-data 17 | gcePersistentDisk: 18 | pdName: {{ .Values.persistence.pdName }} 19 | fsType: {{ .Values.persistence.fsType }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.statefulset.enabled }} 2 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "nexus.fullname" . }}-data 7 | labels: 8 | {{ include "nexus.labels" . | indent 4 }} 9 | {{- if .Values.persistence.annotations }} 10 | annotations: 11 | {{ toYaml .Values.persistence.annotations | indent 4 }} 12 | {{- end }} 13 | spec: 14 | accessModes: 15 | - {{ .Values.persistence.accessMode | quote }} 16 | resources: 17 | requests: 18 | storage: {{ .Values.persistence.storageSize | quote }} 19 | {{- if .Values.persistence.storageClass }} 20 | {{- if (eq "-" .Values.persistence.storageClass) }} 21 | storageClassName: "" 22 | {{- else }} 23 | storageClassName: "{{ .Values.persistence.storageClass }}" 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route.enabled }} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: {{ .Values.route.name }} 6 | labels: {{ .Values.route.labels }} 7 | annotations: 8 | {{- range $key, $value := .Values.route.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | spec: 12 | host: null 13 | port: 14 | targetPort: {{ .Values.route.portName }} 15 | tls: 16 | insecureEdgeTerminationPolicy: Redirect 17 | termination: edge 18 | to: 19 | kind: Service 20 | {{- if .Values.service.name }} 21 | name: {{ .Values.service.name }} 22 | {{- else }} 23 | name: {{ template "nexus.name" . }}-service 24 | {{- end }} 25 | weight: 100 26 | wildcardPolicy: None 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secret.enabled -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "nexus.name" . }}-secret 6 | labels: 7 | {{ include "nexus.labels" . | indent 4 }} 8 | {{- if .Values.nexus.labels }} 9 | {{ toYaml .Values.nexus.labels | indent 4 }} 10 | {{- end }} 11 | data: 12 | {{ toYaml .Values.secret.data | indent 2 }} 13 | {{- end}} 14 | -------------------------------------------------------------------------------- /charts/sonatype-nexus/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.service.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if .Values.service.name }} 6 | name: {{ .Values.service.name }} 7 | {{- else }} 8 | name: {{ template "nexus.name" . }}-service 9 | {{- end }} 10 | labels: 11 | {{ include "nexus.labels" . | indent 4 }} 12 | {{- if .Values.service.labels }} 13 | {{ toYaml .Values.service.labels | indent 4 }} 14 | {{- end }} 15 | {{- if .Values.service.annotations }} 16 | annotations: 17 | {{ toYaml .Values.service.annotations | indent 4 }} 18 | {{- end }} 19 | spec: 20 | ports: 21 | {{- if .Values.service.portName }} 22 | - name: {{ .Values.service.portName }} 23 | port: {{ .Values.service.port }} 24 | targetPort: {{ .Values.service.targetPort }} 25 | {{- end }} 26 | {{- with .Values.service.ports }} 27 | {{ toYaml . | indent 2 }} 28 | {{- end }} 29 | selector: 30 | app: {{ template "nexus.name" . }} 31 | release: {{ .Release.Name }} 32 | type: {{ .Values.service.serviceType | default "ClusterIP" }} 33 | {{ if .Values.service.loadBalancerSourceRanges }} 34 | loadBalancerSourceRanges: 35 | {{- range .Values.service.loadBalancerSourceRanges }} 36 | - {{ . }} 37 | {{- end }} 38 | {{ end }} 39 | {{- end}} 40 | -------------------------------------------------------------------------------- /charts/stackrox/.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | -------------------------------------------------------------------------------- /charts/stackrox/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/stackrox/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: stackrox-chart 3 | description: Install and Configure Stackrox 4 | type: application 5 | version: 0.0.10 6 | home: https://github.com/redhat-cop/helm-charts 7 | icon: https://avatars.githubusercontent.com/u/40638982?s=200&v=4 8 | maintainers: 9 | - name: eformat 10 | -------------------------------------------------------------------------------- /charts/stackrox/README.md: -------------------------------------------------------------------------------- 1 | # stackrox chart 2 | 3 | Installs the ACS/Stackrox Operator, configures a Central instance and a SecuredCluster. Uses a Job for initialization work. Set `--set verbose=true` to see verbose job logs. 4 | 5 | Production: 6 | ```bash 7 | helm repo add redhat-cop https://redhat-cop.github.io/helm-charts 8 | helm install stackrox redhat-cop/stackrox-chart 9 | ``` 10 | 11 | Debug/Development: 12 | ```bash 13 | helm upgrade --install stackrox . --namespace tl500 --debug 14 | ``` 15 | 16 | You can watch the logs of the init job: 17 | ```bash 18 | stern -n stackrox configure-stackrox- 19 | ``` 20 | 21 | StackRox WebUI credentials (user is "admin") 22 | ```bash 23 | # get web url 24 | echo https://$(oc -n stackrox get route central --template='{{ .spec.host }}') 25 | # get credentials 26 | echo $(oc -n stackrox get secret central-htpasswd -o go-template='{{index .data "password" | base64decode}}') 27 | ``` 28 | 29 | Stores the Admin API Token created whilst creating the SecuredCluster in a secret for later use 30 | ```bash 31 | ROX_API_TOKEN=$(oc -n stackrox get secret rox-api-token-tl500 -o go-template='{{index .data "token" | base64decode}}') 32 | ``` 33 | -------------------------------------------------------------------------------- /charts/stackrox/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: {{ .Values.stackrox.namespace | quote }} 6 | -------------------------------------------------------------------------------- /charts/stackrox/templates/subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- $sub := .Values.stackrox.operator }} 2 | --- 3 | apiVersion: operators.coreos.com/v1alpha1 4 | kind: Subscription 5 | metadata: 6 | name: {{ $sub.name | quote }} 7 | namespace: {{ $sub.namespace | quote }} 8 | spec: 9 | channel: {{ $sub.channel | quote }} 10 | installPlanApproval: {{ $sub.approval | default "Automatic" | quote }} 11 | name: {{ $sub.operatorName | quote }} 12 | source: {{ $sub.sourceName | default "redhat-operators" | quote }} 13 | sourceNamespace: {{ $sub.sourceNamespace | default "openshift-marketplace" | quote }} 14 | {{- if $sub.csv }} 15 | startingCSV: {{ $sub.csv | quote }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/stackrox/values.yaml: -------------------------------------------------------------------------------- 1 | # turn on verbose logging for config job 2 | verbose: false 3 | 4 | # stackrox configuration 5 | stackrox: 6 | operator: 7 | namespace: openshift-operators 8 | name: rhacs-operator 9 | channel: stable 10 | approval: Automatic 11 | operatorName: rhacs-operator 12 | sourceName: redhat-operators 13 | sourceNamespace: openshift-marketplace 14 | clusterName: tl500 15 | namespace: stackrox 16 | analyzer: 17 | resources: 18 | limits: 19 | cpu: 500m 20 | requests: 21 | cpu: 100m 22 | -------------------------------------------------------------------------------- /charts/static-site/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: static-site 3 | description: A Helm chart for deploying a static-site with auto-updating 4 | type: application 5 | version: 0.0.23 6 | appVersion: 1.17.9-alpine 7 | home: https://github.com/redhat-cop/helm-charts 8 | icon: https://i.dlpng.com/static/png/6796939_preview.png 9 | maintainers: 10 | - name: jijiechen 11 | -------------------------------------------------------------------------------- /charts/static-site/README-zh.md: -------------------------------------------------------------------------------- 1 | 2 | ## 在 Kubernetes 上部署的可自动更新的静态网站 3 | 4 | 此项目包含一个 helm chart,它支持向 Kubernetes 部署一个静态网站,并根据 Git 仓库中的最新变更,自动更新网站。 5 | 6 | ### 用法 7 | 8 | ```sh 9 | helm install my-cool-site ./ --set "repo.location=https://git-location-of-your-static-site" 10 | ``` 11 | 12 | ### 支持的 Helm 设置项 13 | 14 | 下表列出了这个 Helm Chart 所支持的各项设置及其默认值: 15 | 16 | | 参数 | 描述 | 默认值 | 是否必填 | 17 | | -------------------- | ------------------------------------------------- | --------------- | ----------------- | 18 | | `repo.location` | 存储静态网站源代码的 Git 仓库地址的 HTTP(s) 地址 | | 是 | 19 | | `repo.branch` | 要部署的分支名称 | `master` | 否 | 20 | | `repo.credential.username` | Git 仓库的用户名 | | 否 | 21 | | `repo.credential.password` | Git 仓库的密码 | | 否 | 22 | | `site.enableDirectoryListing` | 是否启用目录浏览功能 | `false` | 否 | 23 | | `replicas` | 部署时,要生成的副本数目 | `2` | 否 | 24 | | `autoUpdateCron` | 用以设定检测自动更新频率的 CRON 表达式 | `* * * * *`, 即每分钟检查 | 否 | 25 | -------------------------------------------------------------------------------- /charts/static-site/alpine-curl-git.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine/git:v2.47.2@sha256:fb0b8c4c4062307b947101b301bae17d24d456055dd2265c659f93699f0dcc27 2 | RUN apk add --no-cache curl 3 | 4 | ENTRYPOINT ["/bin/sh"] 5 | 6 | # docker build . -f ./alpine-curl-git.Dockerfile -t jijiechen/alpine-curl-git:v2.24.1 7 | # https://hub.docker.com/r/jijiechen/alpine-curl-git 8 | -------------------------------------------------------------------------------- /charts/static-site/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: static-site-{{ .Release.Name }} 5 | labels: 6 | app: static-site 7 | site: {{ .Release.Name }} 8 | spec: 9 | type: ClusterIP 10 | selector: 11 | app: static-site 12 | site: {{ .Release.Name }} 13 | ports: 14 | - name: http 15 | targetPort: 8080 16 | port: 80 17 | -------------------------------------------------------------------------------- /charts/static-site/values.yaml: -------------------------------------------------------------------------------- 1 | autoUpdateCron: '* * * * *' 2 | replicas: 2 3 | site: 4 | enableDirectoryListing: false 5 | persistence: 6 | enabled: false 7 | storage: 8 | ## Data Persistent Volume Storage Class 9 | ## If defined, storageClassName: 10 | ## If set to "-", storageClassName: "", which disables dynamic provisioning 11 | ## If '' (the default), no storageClassName spec is 12 | ## set, choosing the default provisioner. (gp2 on AWS, standard on 13 | ## GKE, AWS & OpenStack) 14 | storageClass: '' 15 | size: 1Gi 16 | repo: 17 | location: '' 18 | branch: 'master' 19 | credential: 20 | username: '' 21 | password: '' 22 | -------------------------------------------------------------------------------- /charts/tekton-demo/.helmignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .git 3 | -------------------------------------------------------------------------------- /charts/tekton-demo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: tekton-demo 3 | description: This is an example of a pipeline developed in Tekton, the peaceful cat. 4 | It contains the main steps of a continuous software delivery process. It enforces 5 | a strict semantic version validation strategy, managing tag increments for you. 6 | Develop, Features, releases, patches and hotfixes flows are supported. 7 | version: 0.0.17 8 | appVersion: latest 9 | home: https://github.com/redhat-cop/helm-charts 10 | keywords: 11 | - tekton 12 | - pipeline 13 | - nodejs 14 | - github 15 | icon: https://cd.foundation/wp-content/uploads/sites/78/2020/04/tekton-icon-color-1-300x300.png 16 | maintainers: 17 | - name: mvmaestri 18 | -------------------------------------------------------------------------------- /charts/tekton-demo/assets/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/tekton-demo/assets/logo.png -------------------------------------------------------------------------------- /charts/tekton-demo/assets/pipeline-with-task-steps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/tekton-demo/assets/pipeline-with-task-steps.png -------------------------------------------------------------------------------- /charts/tekton-demo/assets/pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/tekton-demo/assets/pipeline.png -------------------------------------------------------------------------------- /charts/tekton-demo/assets/routes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-cop/helm-charts/99be7ae93aa20033f97cf377b2e09ab04438ad15/charts/tekton-demo/assets/routes.png -------------------------------------------------------------------------------- /charts/tekton-demo/templates/github/github-webhook-run.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1beta1 3 | kind: TaskRun 4 | metadata: 5 | name: create-{{ .Values.application.name }}-github-webhook 6 | namespace: {{ .Values.application.environments.cicd }} 7 | spec: 8 | serviceAccountName: tekton-triggers-createwebhook 9 | taskRef: 10 | name: {{ .Values.application.name }}-create-webhook 11 | params: 12 | - name: GitHubOrg 13 | value: {{ .Values.pipeline.webhook.github.org }} 14 | - name: GitHubUser 15 | value: {{ .Values.pipeline.webhook.github.user }} 16 | - name: GitHubRepo 17 | value: {{ .Values.pipeline.webhook.github.repo }} 18 | - name: GitHubSecretName 19 | value: {{ .Values.pipeline.webhook.github.secret }} 20 | - name: GitHubAccessTokenKey 21 | value: password 22 | - name: GitHubSecretStringKey 23 | value: secret 24 | - name: ExternalDomain 25 | value: http://{{ .Values.application.name }}-trigger-{{ .Values.application.environments.cicd }}.{{ .Values.cluster }} 26 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/github/trigger-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: triggers.tekton.dev/v1alpha1 3 | kind: TriggerBinding 4 | metadata: 5 | name: {{ .Values.application.name }}-trigger-binding 6 | namespace: {{ .Values.application.environments.cicd }} 7 | spec: 8 | # description: >- 9 | # This `task` can be used to transport github webhook payload into the trigger template file. 10 | params: 11 | - name: ref 12 | value: $(body.ref) 13 | - name: revision 14 | value: $(body.head_commit.id) 15 | - name: repourl 16 | value: $(body.repository.html_url) 17 | - name: reponame 18 | value: $(body.repository.name) 19 | - name: repofullname 20 | value: $(body.repository.full_name) 21 | - name: message 22 | value: $(body.head_commit.message) 23 | - name: author 24 | value: $(body.head_commit.author.username) 25 | - name: email 26 | value: $(body.head_commit.author.email) 27 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/github/trigger-eventlistener.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: triggers.tekton.dev/v1alpha1 3 | kind: EventListener 4 | metadata: 5 | name: {{ .Values.application.name }} 6 | namespace: {{ .Values.application.environments.cicd }} 7 | spec: 8 | serviceAccountName: {{ .Values.pipeline.sa.triggers }} 9 | triggers: 10 | - name: cel-trig-with-canonical 11 | interceptors: 12 | - cel: 13 | filter: "header.canonical('X-GitHub-Event') == 'push'" 14 | bindings: 15 | - ref: {{ .Values.application.name }}-trigger-binding 16 | template: 17 | name: {{ .Values.application.name }}-trigger-template 18 | --- 19 | apiVersion: route.openshift.io/v1 20 | kind: Route 21 | metadata: 22 | labels: 23 | app.kubernetes.io/managed-by: EventListener 24 | app.kubernetes.io/part-of: Triggers 25 | eventlistener: {{ .Values.application.name }} 26 | name: {{ .Values.application.name }}-trigger 27 | namespace: {{ .Values.application.environments.cicd }} 28 | spec: 29 | port: 30 | targetPort: http-listener 31 | to: 32 | kind: Service 33 | name: el-{{ .Values.application.name }} 34 | weight: 100 35 | wildcardPolicy: None 36 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/github/trigger-sa-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: tekton-triggers-role 6 | rules: 7 | - apiGroups: 8 | - tekton.dev 9 | resources: 10 | - eventlisteners 11 | - triggerbindings 12 | - triggertemplates 13 | - pipelineresources 14 | verbs: 15 | - get 16 | - create 17 | - list 18 | - apiGroups: 19 | - tekton.dev 20 | resources: 21 | - pipelineruns 22 | - pipelineresources 23 | verbs: 24 | - create 25 | - apiGroups: [""] 26 | resources: 27 | - configmaps 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | --- 33 | apiVersion: v1 34 | kind: ServiceAccount 35 | metadata: 36 | name: {{ .Values.pipeline.sa.triggers }} 37 | secrets: 38 | - name: {{ .Values.pipeline.webhook.github.secret }} 39 | - name: {{ .Values.pipeline.webhook.github.key }} 40 | - name: {{ .Values.registry.secret }} 41 | --- 42 | apiVersion: rbac.authorization.k8s.io/v1 43 | kind: RoleBinding 44 | metadata: 45 | name: tekton-triggers-rolebinding 46 | subjects: 47 | - kind: ServiceAccount 48 | name: {{ .Values.pipeline.sa.triggers }} 49 | roleRef: 50 | apiGroup: rbac.authorization.k8s.io 51 | kind: Role 52 | name: tekton-triggers-role 53 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/github/trigger-webhook-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: tekton-triggers-createwebhook 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - secrets 11 | verbs: 12 | - get 13 | - list 14 | - create 15 | - update 16 | - delete 17 | - apiGroups: 18 | - tekton.dev 19 | resources: 20 | - eventlisteners 21 | verbs: 22 | - get 23 | - list 24 | - create 25 | - update 26 | - delete 27 | - apiGroups: 28 | - extensions 29 | resources: 30 | - ingresses 31 | verbs: 32 | - create 33 | - get 34 | - list 35 | - delete 36 | - update 37 | --- 38 | apiVersion: v1 39 | kind: ServiceAccount 40 | metadata: 41 | name: tekton-triggers-createwebhook 42 | secrets: 43 | - name: {{ .Values.pipeline.webhook.github.secret }} 44 | - name: {{ .Values.pipeline.webhook.github.key }} 45 | --- 46 | apiVersion: rbac.authorization.k8s.io/v1 47 | kind: RoleBinding 48 | metadata: 49 | name: tekton-triggers-createwebhook 50 | subjects: 51 | - kind: ServiceAccount 52 | name: tekton-triggers-createwebhook 53 | roleRef: 54 | apiGroup: rbac.authorization.k8s.io 55 | kind: Role 56 | name: tekton-triggers-createwebhook 57 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/resources/nodejs-git.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1alpha1 3 | kind: PipelineResource 4 | metadata: 5 | name: {{ .Values.application.name }}-git 6 | spec: 7 | type: git 8 | params: 9 | - name: url 10 | - name: revision 11 | - name: submodules 12 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/resources/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ .Values.application.name }}-pvc 6 | spec: 7 | resources: 8 | requests: 9 | storage: 3Gi 10 | volumeMode: Filesystem 11 | accessModes: 12 | - ReadWriteOnce 13 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/roles.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: pipeline-builder-image-puller-{{ .Values.application.environments.development }} 6 | namespace: {{ .Values.application.environments.cicd }} 7 | subjects: 8 | - kind: ServiceAccount 9 | name: {{ .Values.pipeline.sa.triggers }} 10 | namespace: {{ .Values.application.environments.development }} 11 | roleRef: 12 | kind: ClusterRole 13 | name: system:image-puller 14 | apiGroup: rbac.authorization.k8s.io 15 | --- 16 | kind: RoleBinding 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | metadata: 19 | name: pipeline-builder-image-puller-{{ .Values.application.environments.production }} 20 | namespace: {{ .Values.application.environments.cicd }} 21 | subjects: 22 | - kind: ServiceAccount 23 | name: {{ .Values.pipeline.sa.triggers }} 24 | namespace: {{ .Values.application.environments.production }} 25 | roleRef: 26 | kind: ClusterRole 27 | name: system:image-puller 28 | apiGroup: rbac.authorization.k8s.io 29 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/tasks/conditions.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tekton.dev/v1alpha1 3 | kind: Condition 4 | metadata: 5 | name: is-allowed-development 6 | namespace: {{ .Values.application.environments.cicd }} 7 | spec: 8 | params: 9 | - name: revision-type 10 | check: 11 | image: registry.redhat.io/openshift4/ose-cli:latest@sha256:bc35a9fc663baf0d6493cc57e89e77a240a36c43cf38fb78d8e61d3b87cf5cc5 12 | script: | 13 | #!/bin/sh 14 | if [ "$(params.revision-type)" == "feature" ] || [ "$(params.revision-type)" == "develop" ]; then 15 | exit 0 16 | else 17 | exit 1 18 | fi 19 | --- 20 | apiVersion: tekton.dev/v1alpha1 21 | kind: Condition 22 | metadata: 23 | name: is-allowed-production 24 | namespace: {{ .Values.application.environments.cicd }} 25 | spec: 26 | params: 27 | - name: revision-type 28 | check: 29 | image: registry.redhat.io/openshift4/ose-cli:latest@sha256:bc35a9fc663baf0d6493cc57e89e77a240a36c43cf38fb78d8e61d3b87cf5cc5 30 | script: | 31 | #!/bin/sh 32 | if [ "$(params.revision-type)" == "release" ] || [ "$(params.revision-type)" == "hotfix" ] || [ "$(params.revision-type)" == "patch" ]; then 33 | exit 0 34 | else 35 | exit 1 36 | fi 37 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/tasks/task-apply.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: apply 5 | namespace: {{ .Values.application.environments.cicd }} 6 | spec: 7 | workspaces: 8 | - name: source 9 | - name: shared 10 | steps: 11 | - name: helm-apply 12 | image: registry.redhat.io/openshift4/ose-cli:latest@sha256:bc35a9fc663baf0d6493cc57e89e77a240a36c43cf38fb78d8e61d3b87cf5cc5 13 | resources: {} 14 | workingDir: /workspace/source/{{ .Values.pipeline.build.s2i.context }} 15 | script: | 16 | #!/bin/sh 17 | if [ -d "chart" ]; then 18 | /workspace/shared/helm template -f chart/values.yaml chart | oc apply -f- 19 | else 20 | echo "Chart does not exist" 21 | exit 0 22 | fi 23 | securityContext: 24 | runAsUser: 0 25 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/tasks/task-finally.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: finally 5 | namespace: {{ .Values.application.environments.cicd }} 6 | spec: 7 | workspaces: 8 | - name: source 9 | - name: shared 10 | params: 11 | - name: uid 12 | type: string 13 | - name: name 14 | type: string 15 | - name: repofullname 16 | type: string 17 | - name: repourl 18 | type: string 19 | steps: 20 | - name: status 21 | image: registry.redhat.io/rhel8/nodejs-12@sha256:3c7f0b36e4313819009df28c4b666320e0cff45041ccbc3861327054f9e1d1f6 22 | workingDir: /workspace/shared 23 | script: | 24 | #!/bin/sh 25 | ./tkn pr desc $(params.name) 26 | -------------------------------------------------------------------------------- /charts/tekton-demo/templates/tasks/task-tag.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: tag 5 | namespace: {{ .Values.application.environments.cicd }} 6 | spec: 7 | params: 8 | - name: author 9 | type: string 10 | - name: email 11 | type: string 12 | - name: revision-type 13 | type: string 14 | - name: revision-name 15 | type: string 16 | workspaces: 17 | - name: source 18 | steps: 19 | - name: debug 20 | image: registry.redhat.io/rhel8/nodejs-12@sha256:3c7f0b36e4313819009df28c4b666320e0cff45041ccbc3861327054f9e1d1f6 21 | workingDir: /workspace/source/{{ .Values.pipeline.build.s2i.context }} 22 | command: ["/bin/bash", "-c"] 23 | args: 24 | - |- 25 | set -ex 26 | find /workspace/source/{{ .Values.pipeline.build.s2i.context }} 27 | -------------------------------------------------------------------------------- /charts/tekton-demo/values.yaml: -------------------------------------------------------------------------------- 1 | cluster: apps.s45.core.rht-labs.com 2 | registry: 3 | secret: 11009103-tekton-pipeline-pull-secret 4 | application: 5 | name: do101 6 | runtime: nodejs:12 7 | environments: 8 | cicd: labs-ci-cd 9 | development: do101-development 10 | production: do101-production 11 | pipeline: 12 | sa: 13 | default: pipeline 14 | triggers: do101-tekton-triggers-sa 15 | nexus: 16 | host: https://nexus-labs-ci-cd.apps.s45.core.rht-labs.com/repository/labs-npm 17 | build: 18 | s2i: 19 | context: weather 20 | 21 | webhook: 22 | github: 23 | org: mvmaestri 24 | user: mvmaestri 25 | repo: do101-apps 26 | secret: do101-github-webhook-secret 27 | key: do101-github-deploy-secret 28 | -------------------------------------------------------------------------------- /charts/tpl/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: tpl 3 | description: A library that shall collect certain templates to reuse them among different charts. 4 | version: 1.0.8 5 | home: https://github.com/redhat-cop/helm-charts/tree/main/charts/tpl 6 | maintainers: 7 | - name: tjungbauer 8 | email: tjungbau@redhat.com 9 | url: https://blog.stderr.at/ 10 | keywords: 11 | - templates 12 | - helper 13 | - subchart 14 | -------------------------------------------------------------------------------- /charts/tpl/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "doc.header" . }} 2 | 3 | This Helm Chart is a library of reusable template, like tolerations or resources. 4 | Instead of defining them in other Charts multiple times, it is possible to simply include the template. 5 | 6 | The template "tpl.sleeptimer" is a simple template that can be used for Job to print our a timer. 7 | 8 | {{ template "doc.deps" . }} 9 | 10 | No dependencies 11 | 12 | {{ template "doc.maintainer_and_sources" . }} 13 | 14 | {{ template "doc.values" . }} 15 | 16 | ## Example values 17 | 18 | ```yaml 19 | --- 20 | # Examples values file 21 | 22 | tolerations: 23 | - effect: NoSchedule 24 | key: infra 25 | operator: Equal 26 | value: reserved 27 | tolerationSeconds: 600 28 | - effect: NoSchedule 29 | key: infra 30 | operator: Equal 31 | value: reserved 32 | tolerationSeconds: 600 33 | 34 | resources: 35 | requests: 36 | cpu: 4 37 | memory: 8 38 | ephemeral-storage: 50 39 | limits: 40 | cpu: 8 41 | memory: 16 42 | ephemeral-storage: 500 43 | 44 | nodeSelector: 45 | key: node-role.kubernetes.io/infra 46 | value: '' 47 | ``` 48 | 49 | {{ template "doc.footer" . }} 50 | -------------------------------------------------------------------------------- /charts/tpl/templates/_job_sleeptimer.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a sleeptimer for Jobs. 3 | This has no input parameters. It just prints our the below while loop. 4 | 5 | {{ include "tpl.sleeptimer" . -}} 6 | */}} 7 | {{- define "tpl.sleeptimer" -}} 8 | sleep_timer={{ .sleeptimer | default 20 }} 9 | 10 | SLEEPER_TMP=1 11 | SLEEPER_MOD=10 12 | 13 | while [[ $SLEEPER_TMP -le "$sleep_timer" ]]; do 14 | if (( $SLEEPER_TMP % 10 == 0 )) 15 | then 16 | echo -n "$SLEEPER_MOD" 17 | SLEEPER_MOD=$(($SLEEPER_MOD+10)) 18 | else 19 | echo -n "." 20 | fi 21 | sleep 1 22 | SLEEPER_TMP=$(($SLEEPER_TMP+1)) 23 | done 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /charts/tpl/templates/_nodeSelector.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Set a nodeSelctor 3 | 4 | Example for resources in the values-file: 5 | nodeSelector: 6 | key: node-role.kubernetes.io/infra 7 | value: '' 8 | 9 | {{ include "tpl.nodeSelector" . -}} 10 | */}} 11 | 12 | {{- define "tpl.nodeSelector" -}} 13 | {{- if .nodeSelector }} 14 | nodeSelector: 15 | matchLabels: 16 | {{ .nodeSelector.key }}: {{ .nodeSelector.value | quote }} 17 | {{- end }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/tpl/templates/_serviceAccount.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create the name of the service account to use. 3 | If not set use "temp-serviceaccount" to ensure 4 | that templating works and does not break at some point 5 | */}} 6 | {{- define "tpl.serviceAccountName" -}} 7 | {{- if .Values.serviceAccount.create }} 8 | {{- default .Values.serviceAccount.name }} 9 | {{- else }} 10 | {{- default "temp-serviceaccount" }} 11 | {{- end }} 12 | {{- end }} 13 | 14 | 15 | {{/* 16 | Create the name of the service account to use. 17 | If not set use "temp-serviceaccount" to ensure 18 | that templating works and does not break at some point 19 | */}} 20 | {{- define "tpl.serviceAccount" -}} 21 | {{- if .create }} 22 | {{- default .name }} 23 | {{- else }} 24 | {{- default "temp-serviceaccount" }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/tpl/templates/_tolerations.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Return the range of tolerations if defined. 3 | 4 | Example for infrastructure nodes in the values-file: 5 | tolerations: 6 | - effect: NoSchedule 7 | key: infra 8 | operator: Equal 9 | value: reserved 10 | - effect: NoSchedule 11 | key: infra 12 | operator: Equal 13 | value: reserved 14 | 15 | {{ include "tpl.tolerations" . -}} 16 | */}} 17 | 18 | {{- define "tpl.tolerations" -}} 19 | tolerations: 20 | {{- range . }} 21 | - key: "{{ .key }}" 22 | operator: "{{ .operator }}" 23 | value: "{{ .value }}" 24 | effect: "{{ .effect }}" 25 | {{- if .tolerationSeconds }} 26 | tolerationSeconds: {{ .tolerationSeconds }} 27 | {{- end }} 28 | {{- end }} 29 | {{- end -}} 30 | -------------------------------------------------------------------------------- /charts/tpl/templates/test/example.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Set tolerations */}} 2 | {{- if .Values.tolerations }} 3 | {{ include "tpl.tolerations" .Values.tolerations | indent 0 }} 4 | {{- end }} 5 | 6 | {{- /* Set resources */}} 7 | {{- if .Values.resources }} 8 | {{ include "tpl.resources" .Values.resources | indent 0 }} 9 | {{- end }} 10 | 11 | {{- /* Set nodeSelector */}} 12 | {{- if .Values.nodeSelector }} 13 | {{- include "tpl.nodeSelector" .Values | indent 0 }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/tpl/values-example.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Examples values file 3 | 4 | # -- If you want this component to only run on specific nodes, you can 5 | # configure tolerations of tainted nodes. 6 | #
7 | # Example include: 8 | # {{- if .Values.tolerations }} 9 | # {{ include "tpl.tolerations" .Values.tolerations | indent 0 }} 10 | # {{- end }} 11 | tolerations: 12 | - effect: NoSchedule 13 | key: infra 14 | operator: Equal 15 | value: reserved 16 | tolerationSeconds: 600 17 | - effect: NoSchedule 18 | key: infra 19 | operator: Equal 20 | value: reserved 21 | tolerationSeconds: 600 22 | 23 | # -- If you want to define resources 24 | #
25 | # Example include: 26 | # {{- if .Values.resources }} 27 | # {{ include "tpl.resources" .Values.resources | indent 0 }} 28 | # {{- end }} 29 | resources: 30 | requests: 31 | cpu: 4 32 | memory: 8 33 | ephemeral-storage: 50 34 | limits: 35 | cpu: 8 36 | memory: 16 37 | ephemeral-storage: 500 38 | 39 | nodeSelector: 40 | key: node-role.kubernetes.io/infra 41 | value: '' 42 | -------------------------------------------------------------------------------- /charts/tpl/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /charts/update-clusterversion/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/update-clusterversion/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: update-clusterversion 3 | description: A Helm chart to update OpenShift ClusterVersion 4 | home: https://github.com/redhat-cop/helm-charts 5 | version: 1.0.1 6 | maintainers: 7 | - name: tjungbauer 8 | email: tjungbau@redhat.com 9 | url: https://blog.stderr.at/ 10 | keywords: 11 | - configuration 12 | -------------------------------------------------------------------------------- /charts/update-clusterversion/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2022 Thomas Jungbauer 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /charts/update-clusterversion/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "doc.header" . }} 2 | 3 | This Chart can be used to start a cluster update using a GitOps approach. 4 | All you need are the required channel, the version and (optionally) the image-sha. 5 | 6 | All this information can be found by `oc get clusterversion/version -o yaml`. 7 | 8 | Simply select the channel, version etc and update your values file. 9 | Once Argo CD syncs the changes the update process will start. 10 | 11 | {{ template "doc.deps" . }} 12 | 13 | It is best used with a full GitOps approach such as Argo CD does. For example, https://github.com/tjungbauer/openshift-clusterconfig-gitops 14 | 15 | 16 | {{ template "doc.maintainer_and_sources" . }} 17 | 18 | ## Parameters 19 | 20 | {{ template "doc.values" . }} 21 | 22 | ## Example values 23 | 24 | Update the cluster to version 4.15.15 using the channel stable-4.15 25 | 26 | ```yaml 27 | channel: stable-4.15 28 | desiredVersion: 4.15.15 29 | ``` 30 | 31 | {{ template "doc.footer" . }} 32 | -------------------------------------------------------------------------------- /charts/update-clusterversion/templates/clusterversion.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: config.openshift.io/v1 3 | kind: ClusterVersion 4 | metadata: 5 | name: version 6 | spec: 7 | channel: {{ .Values.channel }} 8 | desiredUpdate: 9 | version: {{ .Values.desiredVersion }} 10 | {{- if .Values.image }} 11 | image: {{ .Values.image }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/update-clusterversion/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Example values file. This should be used by a gitOps process that triggers the clsuter update. 3 | 4 | # -- The channel that shall be used for that cluster. The available channels 5 | # can be found with oc get clusterversion -o yaml 6 | # Verify the availableUpdates to find the required channel. 7 | channel: your-channel 8 | 9 | # -- The desired version that the cluster shall be updated to. The available versions 10 | # can be found with oc get clusterversion -o yaml 11 | # Verify the availableUpdates to find the required version. 12 | desiredVersion: your-target-version 13 | 14 | # -- OPTIONAL: The desired image SHA that the cluster shall be updated to. The available SHA 15 | # can be found with oc get clusterversion -o yaml 16 | # Verify the availableUpdates to find the required SHA. 17 | # This option is optional and typically only used for restricted clusters. 18 | image: '' 19 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:best-practices", 5 | "customManagers:githubActionsVersions", 6 | "schedule:earlyMondays" 7 | ], 8 | "bumpVersion": "patch", 9 | "hostRules": [ 10 | { 11 | "matchHost": "https://registry.redhat.io", 12 | "hostType": "docker", 13 | "username": "6340056|redhat-cop-helm-charts", 14 | "password": "{{ secrets.REDHAT_REGISTRY_TOKEN }}" 15 | } 16 | ], 17 | "packageRules": [ 18 | { 19 | "matchManagers": [ 20 | "github-actions" 21 | ], 22 | "matchPackageNames": [ 23 | "slsa-framework/slsa-github-generator" 24 | ], 25 | "pinDigests": false 26 | }, 27 | { 28 | "matchDatasources": [ 29 | "docker" 30 | ], 31 | "matchPackageNames": [ 32 | "quay.io/freeipa/freeipa-server" 33 | ], 34 | "pinDigests": false 35 | } 36 | ] 37 | } 38 | --------------------------------------------------------------------------------