├── .github ├── workflows │ ├── release.yaml │ ├── pr.yaml │ └── terraform.yml └── CODEOWNERS ├── modules ├── operator-lifecycle-manager │ ├── chart │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── 0000_50_olm_15-packageserver.clusterserviceversion.yaml │ │ │ ├── 0000_50_olm_02-olmconfig.yaml │ │ │ ├── _packageserver.package.yaml │ │ │ ├── 0000_50_olm_13-operatorgroup-default.yaml │ │ │ ├── 0000_50_olm_17-upstream-operators.catalogsource.yaml │ │ │ ├── 0000_50_olm_99-operatorstatus.yaml │ │ │ ├── 0000_50_olm_01-olm-operator.serviceaccount.yaml │ │ │ ├── 0000_50_olm_02-services.yaml │ │ │ ├── 0000_50_olm_09-aggregated.clusterrole.yaml │ │ │ ├── 0000_90_olm_01-prometheus-rule.yaml │ │ │ ├── _helpers.tpl │ │ │ ├── 0000_90_olm_00-service-monitor.yaml │ │ │ ├── _packageserver.deployment-spec.yaml │ │ │ ├── _packageserver.clusterserviceversion.yaml │ │ │ └── 0000_50_olm_07-olm-operator.deployment.yaml │ │ ├── .helmignore │ │ └── values.yaml │ ├── variables.tf │ └── main.tf ├── istio-operator │ ├── charts │ │ ├── kiali │ │ │ ├── Chart.yaml │ │ │ ├── values.yaml │ │ │ ├── .helmignore │ │ │ └── templates │ │ │ │ ├── kiali-authz.yaml │ │ │ │ ├── _helpers.tpl │ │ │ │ └── kiali-gateway.yaml │ │ └── mesh │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── telemetry.yaml │ │ │ ├── peerauthentication.yaml │ │ │ ├── apiserver.yaml │ │ │ ├── authorizationpolicy.yaml │ │ │ ├── certificate.yaml │ │ │ └── _helpers.tpl │ │ │ ├── values.yaml │ │ │ └── .helmignore │ └── values.yaml.tftpl ├── crds │ └── variables.tf ├── cloud-manager-agent │ ├── chart │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── configmap.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── secret.yaml │ │ │ ├── rolebindings.yaml │ │ │ └── roles.yaml │ │ └── .helmignore │ ├── values.yaml.tftpl │ ├── main.tf │ ├── variables.tf │ └── README.md ├── olm-subscriptions │ ├── chart │ │ ├── templates │ │ │ ├── istio.yaml │ │ │ ├── catalogsource.yaml │ │ │ ├── flink.yaml │ │ │ ├── pulsar.yaml │ │ │ ├── flinksql.yaml │ │ │ ├── prometheus.yaml │ │ │ ├── zookeeper.yaml │ │ │ ├── bookkeeper.yaml │ │ │ ├── sn-operator.yaml │ │ │ ├── sn-operator-all.yaml │ │ │ ├── elastic-cloud-eck.yaml │ │ │ ├── functionmesh.yaml │ │ │ └── _helper.tpl │ │ ├── Chart.yaml │ │ └── values.yaml │ ├── variables.tf │ └── main.tf ├── prometheus-operator │ ├── prometheus-cluster-role │ │ ├── main.tf │ │ ├── chart │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ │ ├── .helmignore │ │ │ │ └── clusterrole.yaml │ │ └── README.md │ ├── main.tf │ ├── variables.tf │ └── README.md ├── vector-agent │ ├── values.yaml.tftpl │ ├── main.tf │ └── variables.tf ├── _templates │ └── _helm_release │ │ ├── main.tf │ │ └── variables.tf ├── pulsar-operator │ ├── main.tf │ ├── variables.tf │ └── README.md ├── vault-operator │ ├── main.tf │ ├── variables.tf │ └── README.md ├── function-mesh-operator │ ├── main.tf │ ├── variables.tf │ └── README.md ├── hpa │ ├── variables.tf │ └── README.md ├── otel-collector │ ├── main.tf │ ├── variables.tf │ └── README.md └── victoria-metrics-agent │ └── main.tf ├── versions.tf ├── .gitignore └── CHANGELOG.md /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | release: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: google-github-actions/release-please-action@v3 13 | with: 14 | release-type: terraform-module -------------------------------------------------------------------------------- /.github/workflows/pr.yaml: -------------------------------------------------------------------------------- 1 | name: PR 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - '*' 7 | types: 8 | - opened 9 | - reopened 10 | - edited 11 | - synchronize 12 | 13 | jobs: 14 | title-check: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: amannn/action-semantic-pull-request@v5 18 | env: 19 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | * @streamnative/cloud 16 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | description: A Helm chart for Kubernetes 17 | name: olm 18 | version: 0.0.0-dev 19 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | name: kiali 17 | description: Kiali installation 18 | type: application 19 | version: 0.5.0 20 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- include "packageserver.clusterserviceversion" . }} 16 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_02-olmconfig.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: operators.coreos.com/v1 16 | kind: OLMConfig 17 | metadata: 18 | name: cluster 19 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | name: mesh 17 | description: Istio mesh configuration for SN Cloud 18 | type: application 19 | version: 0.5.0 20 | -------------------------------------------------------------------------------- /modules/crds/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | variable "install_application_crd" { 16 | default = true 17 | description = "Install the Application CRD. Defaults to \"true\"." 18 | type = bool 19 | } -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | apiVersion: v2 18 | name: cloud-manager-agent 19 | description: cloud-manager-agent helm chart to install on hosted clusters 20 | type: application 21 | version: 1.0.0 22 | appVersion: "v2.0.5" 23 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | gatewaySelector: {} 16 | gatewayTls: 17 | mode: SIMPLE 18 | gatewayHosts: [] 19 | 20 | kialiHost: kiali 21 | kialiSelector: 22 | app.kubernetes.io/name: kiali 23 | app.kubernetes.io/instance: kiali 24 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/_packageserver.package.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- define "packageserver.package" }} 16 | - packageName: packageserver 17 | channels: 18 | - name: alpha 19 | currentCSV: packageserver.v{{ .Chart.Version }} 20 | {{- end -}} -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/istio.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.istio.enabled }} 2 | apiVersion: security.istio.io/v1beta1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: {{ .Values.pulsar.name }} 6 | namespace: {{ .Values.istio.rootNamespace }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | # well-known labels 11 | cloud.streamnative.io/app: pulsar 12 | action: ALLOW 13 | rules: 14 | - from: 15 | - source: 16 | principals: 17 | - "cluster.local/ns/{{ .Values.install_namespace }}/sa/sn-operator-controller-manager" 18 | - "cluster.local/ns/{{ .Values.install_namespace }}/sa/zookeeper-operator-controller-manager" 19 | - "cluster.local/ns/{{ .Values.install_namespace }}/sa/bookkeeper-operator-controller-manager" 20 | - "cluster.local/ns/{{ .Values.install_namespace }}/sa/pulsar-operator-controller-manager" 21 | {{- end }} -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | terraform { 16 | required_version = ">=1.0.0" 17 | 18 | required_providers { 19 | helm = { 20 | source = "hashicorp/helm" 21 | version = "~> 2.2" 22 | } 23 | kubernetes = { 24 | source = "hashicorp/kubernetes" 25 | version = "~> 2.8" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /modules/prometheus-operator/prometheus-cluster-role/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | resource "helm_release" "prometheus_cluster_role" { 16 | atomic = true 17 | chart = "${path.module}/chart" 18 | cleanup_on_fail = true 19 | namespace = "kube-system" 20 | timeout = 120 21 | name = "prometheus-cluster-role" 22 | } 23 | -------------------------------------------------------------------------------- /modules/prometheus-operator/prometheus-cluster-role/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | name: prometheus-cluster-role 17 | description: ClusterRole for Prometheus 18 | version: 0.1.0 19 | home: https://streamnative.io 20 | sources: 21 | - https://github.com/streamnative/terraform-helm-charts 22 | icon: http://pulsar.apache.org/img/pulsar.svg 23 | maintainers: 24 | - name: jrsdav 25 | email: joey@streamnative.io -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/telemetry.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Mesh-wide configuration: Envoy access logging 16 | apiVersion: telemetry.istio.io/v1alpha1 17 | kind: Telemetry 18 | metadata: 19 | name: default 20 | {{- if .Values.rootNamespace }} 21 | namespace: {{ .Values.rootNamespace }} 22 | {{- end }} 23 | labels: 24 | {{- include "mesh.labels" . | nindent 4 }} 25 | spec: 26 | accessLogging: 27 | - {} -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # override for the Istio root namespace 16 | rootNamespace: 17 | 18 | # ingress gateway configuration 19 | ingressGateway: 20 | tlsCertificate: 21 | name: istio-ingressgateway-tls 22 | secretName: istio-ingressgateway-tls 23 | dnsNames: [] 24 | issuerRef: {} 25 | privateKey: 26 | algorithm: RSA 27 | size: 2048 28 | renewBefore: "168h0m0s" 29 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | apiVersion: v1 18 | appVersion: "0.7.2" 19 | description: OLM Subscriptions for the StreamNative Platform 20 | name: olm-subscriptions 21 | version: 0.4.0 22 | home: https://streamnative.io 23 | sources: 24 | - https://github.com/streamnative/terraform-helm-charts 25 | icon: http://pulsar.apache.org/img/pulsar.svg 26 | maintainers: 27 | - name: jrsdav 28 | email: joey@streamnative.io 29 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/peerauthentication.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Mesh-wide configuration: Enforce strict mTLS 16 | apiVersion: security.istio.io/v1beta1 17 | kind: PeerAuthentication 18 | metadata: 19 | name: default-strict 20 | {{- if .Values.rootNamespace }} 21 | namespace: {{ .Values.rootNamespace }} 22 | {{- end }} 23 | labels: 24 | {{- include "mesh.labels" . | nindent 4 }} 25 | spec: 26 | mtls: 27 | mode: STRICT 28 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_13-operatorgroup-default.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: operators.coreos.com/v1 16 | kind: OperatorGroup 17 | metadata: 18 | name: global-operators 19 | namespace: {{ .Values.operator_namespace }} 20 | --- 21 | apiVersion: operators.coreos.com/v1 22 | kind: OperatorGroup 23 | metadata: 24 | name: olm-operators 25 | namespace: {{ .Values.namespace }} 26 | spec: 27 | targetNamespaces: 28 | - {{ .Values.namespace }} 29 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Patterns to ignore when building packages. 16 | # This supports shell glob matching, relative path matching, and 17 | # negation (prefixed with !). Only one pattern per line. 18 | .DS_Store 19 | # Common VCS dirs 20 | .git/ 21 | .gitignore 22 | .bzr/ 23 | .bzrignore 24 | .hg/ 25 | .hgignore 26 | .svn/ 27 | # Common backup files 28 | *.swp 29 | *.bak 30 | *.tmp 31 | *~ 32 | # Various IDEs 33 | .project 34 | .idea/ 35 | *.tmproj 36 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Patterns to ignore when building packages. 16 | # This supports shell glob matching, relative path matching, and 17 | # negation (prefixed with !). Only one pattern per line. 18 | .DS_Store 19 | # Common VCS dirs 20 | .git/ 21 | .gitignore 22 | .bzr/ 23 | .bzrignore 24 | .hg/ 25 | .hgignore 26 | .svn/ 27 | # Common backup files 28 | *.swp 29 | *.bak 30 | *.tmp 31 | *.orig 32 | *~ 33 | # Various IDEs 34 | .project 35 | .idea/ 36 | *.tmproj 37 | .vscode/ 38 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Patterns to ignore when building packages. 16 | # This supports shell glob matching, relative path matching, and 17 | # negation (prefixed with !). Only one pattern per line. 18 | .DS_Store 19 | # Common VCS dirs 20 | .git/ 21 | .gitignore 22 | .bzr/ 23 | .bzrignore 24 | .hg/ 25 | .hgignore 26 | .svn/ 27 | # Common backup files 28 | *.swp 29 | *.bak 30 | *.tmp 31 | *.orig 32 | *~ 33 | # Various IDEs 34 | .project 35 | .idea/ 36 | *.tmproj 37 | .vscode/ 38 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Copyright 2023 StreamNative, Inc. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, 11 | software distributed under the License is distributed on an 12 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 13 | KIND, either express or implied. See the License for the 14 | specific language governing permissions and limitations 15 | under the License. 16 | */}} 17 | 18 | *********************************************************************** 19 | * Cloud Manager Agent * 20 | *********************************************************************** 21 | Chart version: {{ .Chart.Version }} 22 | App version: {{ .Chart.AppVersion }} 23 | Image tag: {{ include "cloud-manager-agent.image" . }} 24 | *********************************************************************** 25 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | # Patterns to ignore when building packages. 18 | # This supports shell glob matching, relative path matching, and 19 | # negation (prefixed with !). Only one pattern per line. 20 | .DS_Store 21 | # Common VCS dirs 22 | .git/ 23 | .gitignore 24 | .bzr/ 25 | .bzrignore 26 | .hg/ 27 | .hgignore 28 | .svn/ 29 | # Common backup files 30 | *.swp 31 | *.bak 32 | *.tmp 33 | *.orig 34 | *~ 35 | # Various IDEs 36 | .project 37 | .idea/ 38 | *.tmproj 39 | .vscode/ 40 | -------------------------------------------------------------------------------- /modules/prometheus-operator/prometheus-cluster-role/chart/templates/.helmignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Patterns to ignore when building packages. 16 | # This supports shell glob matching, relative path matching, and 17 | # negation (prefixed with !). Only one pattern per line. 18 | .DS_Store 19 | # Common VCS dirs 20 | .git/ 21 | .gitignore 22 | .bzr/ 23 | .bzrignore 24 | .hg/ 25 | .hgignore 26 | .svn/ 27 | # Common backup files 28 | *.swp 29 | *.bak 30 | *.tmp 31 | *.orig 32 | *~ 33 | # Various IDEs 34 | .project 35 | .idea/ 36 | *.tmproj 37 | .vscode/ 38 | -------------------------------------------------------------------------------- /modules/prometheus-operator/prometheus-cluster-role/chart/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: ClusterRole 17 | metadata: 18 | name: prometheus 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - nodes 24 | - nodes/proxy 25 | - nodes/metrics 26 | - services 27 | - endpoints 28 | - pods 29 | verbs: 30 | - get 31 | - list 32 | - watch 33 | - apiGroups: 34 | - "" 35 | resources: 36 | - configmaps 37 | verbs: 38 | - get 39 | - nonResourceURLs: 40 | - /metrics 41 | verbs: 42 | - get -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/apiserver.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Define a service entry for the Kubernetes API service, 16 | # to improve visualization of operator traffic. 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: ServiceEntry 19 | metadata: 20 | name: kubernetes 21 | namespace: default 22 | labels: 23 | {{- include "mesh.labels" . | nindent 4 }} 24 | spec: 25 | hosts: 26 | - "kubernetes" 27 | - "kubernetes.default.svc.cluster.local" 28 | ports: 29 | - number: 443 30 | name: https-port 31 | protocol: HTTPS 32 | resolution: DNS 33 | location: MESH_EXTERNAL 34 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/templates/kiali-authz.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Authorization Policy for Prometheus Server - Allow Kiali 16 | apiVersion: security.istio.io/v1beta1 17 | kind: AuthorizationPolicy 18 | metadata: 19 | name: {{ include "kiali.fullname" . }}-prometheus 20 | labels: 21 | {{- include "kiali.labels" . | nindent 4 }} 22 | spec: 23 | selector: 24 | matchLabels: 25 | app: prometheus 26 | component: server 27 | action: ALLOW 28 | rules: 29 | - from: 30 | - source: 31 | principals: 32 | - cluster.local/ns/{{ .Release.Namespace }}/sa/kiali-service-account 33 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/catalogsource.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | apiVersion: operators.coreos.com/v1alpha1 18 | kind: CatalogSource 19 | metadata: 20 | name: sn-catalog 21 | namespace: {{ .Values.olm_namespace }} 22 | annotations: 23 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 24 | spec: 25 | displayName: StreamNative Operators 26 | image: {{ .Values.sn_registry }} 27 | publisher: StreamNative.io 28 | sourceType: grpc 29 | {{- if .Values.tolerations }} 30 | grpcPodConfig: 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | updateStrategy: 35 | registryPoll: 36 | interval: 10m0s 37 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if and .Values.installType (eq .Values.installType "upstream") }} 16 | apiVersion: operators.coreos.com/v1alpha1 17 | kind: CatalogSource 18 | metadata: 19 | name: operatorhubio-catalog 20 | namespace: {{ .Values.catalog_namespace }} 21 | annotations: 22 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 23 | spec: 24 | sourceType: grpc 25 | image: {{ include "olm.upstreamOperatorCatalogImage" . }} 26 | displayName: Community Operators 27 | publisher: OperatorHub.io 28 | updateStrategy: 29 | registryPoll: 30 | interval: 60m 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /.github/workflows/terraform.yml: -------------------------------------------------------------------------------- 1 | name: "TF GH Action" 2 | on: 3 | - pull_request 4 | 5 | env: 6 | TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache 7 | 8 | jobs: 9 | fmt: 10 | name: "fmt" 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v3 15 | 16 | - name: Setup Terraform 17 | uses: hashicorp/setup-terraform@v1.3.2 18 | with: 19 | terraform_version: 0.15.x 20 | 21 | - name: Terraform fmt 22 | run: terraform fmt -recursive -write=false -check -diff . 23 | continue-on-error: true 24 | 25 | validate: 26 | name: "validate" 27 | runs-on: ubuntu-latest 28 | strategy: 29 | matrix: 30 | terraform_version: [1.0.x] 31 | steps: 32 | - name: Checkout 33 | uses: actions/checkout@v3 34 | 35 | - name: Setup Terraform ${{ matrix.terraform_version }} 36 | uses: hashicorp/setup-terraform@v1.3.2 37 | with: 38 | terraform_version: ${{ matrix.terraform_version }} 39 | 40 | - name: Terraform Validate Root 41 | run: cd "${GITHUB_WORKSPACE}" && terraform init -backend=false && AWS_REGION=us-east-1 terraform validate -no-color 42 | 43 | - name: Terraform Validate Modules 44 | run: for module in modules/*/; do cd "${GITHUB_WORKSPACE}/${module}" && terraform init -backend=false && AWS_REGION=us-east-1 terraform validate -no-color ; done 45 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_99-operatorstatus.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if .Values.imagestream }} 16 | apiVersion: config.openshift.io/v1 17 | kind: ClusterOperator 18 | metadata: 19 | name: {{ .Values.writeStatusName }} 20 | status: 21 | versions: 22 | - name: operator 23 | version: "0.0.1-snapshot" 24 | --- 25 | apiVersion: config.openshift.io/v1 26 | kind: ClusterOperator 27 | metadata: 28 | name: {{ .Values.writeStatusNameCatalog }} 29 | status: 30 | versions: 31 | - name: operator 32 | version: "0.0.1-snapshot" 33 | {{- if .Values.writePackageServerStatusName }} 34 | --- 35 | apiVersion: config.openshift.io/v1 36 | kind: ClusterOperator 37 | metadata: 38 | name: {{ .Values.writePackageServerStatusName }} 39 | status: 40 | versions: 41 | - name: operator 42 | version: "0.0.1-snapshot" 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Local .terraform directories 16 | **/.terraform/* 17 | 18 | # .tfstate files 19 | *.tfstate 20 | *.tfstate.* 21 | 22 | # Crash log files 23 | crash.log 24 | 25 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 26 | # .tfvars files are managed as part of configuration and so should be included in 27 | # version control. 28 | # 29 | # example.tfvars 30 | 31 | # Ignore override files as they are usually used to override resources locally and so 32 | # are not checked in 33 | override.tf 34 | override.tf.json 35 | *_override.tf 36 | *_override.tf.json 37 | 38 | # Include override files you do wish to add to version control using negated pattern 39 | # 40 | # !example_override.tf 41 | 42 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 43 | # example: *tfplan* 44 | 45 | .DS_Store 46 | .idea/ 47 | .vscode/ -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/authorizationpolicy.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Mesh-wide configuration: disallow access by default 16 | apiVersion: security.istio.io/v1beta1 17 | kind: AuthorizationPolicy 18 | metadata: 19 | name: default-deny 20 | {{- if .Values.rootNamespace }} 21 | namespace: {{ .Values.rootNamespace }} 22 | {{- end }} 23 | labels: 24 | {{- include "mesh.labels" . | nindent 4 }} 25 | spec: 26 | action: ALLOW 27 | 28 | --- 29 | # Istio gateway: allow inbound traffic 30 | apiVersion: security.istio.io/v1beta1 31 | kind: AuthorizationPolicy 32 | metadata: 33 | name: istio-ingressgateway 34 | {{- if .Values.rootNamespace }} 35 | namespace: {{ .Values.rootNamespace }} 36 | {{- end }} 37 | labels: 38 | {{- include "mesh.labels" . | nindent 4 }} 39 | spec: 40 | rules: 41 | - {} 42 | selector: 43 | matchLabels: 44 | cloud.streamnative.io/role: istio-ingressgateway 45 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: {{ .Values.rbacApiVersion }}/v1 16 | kind: ClusterRole 17 | metadata: 18 | name: system:controller:operator-lifecycle-manager 19 | rules: 20 | - apiGroups: ["*"] 21 | resources: ["*"] 22 | verbs: ["*"] 23 | - nonResourceURLs: ["*"] 24 | verbs: ["*"] 25 | --- 26 | kind: ServiceAccount 27 | apiVersion: v1 28 | metadata: 29 | name: olm-operator-serviceaccount 30 | namespace: {{ .Values.namespace }} 31 | --- 32 | apiVersion: {{ .Values.rbacApiVersion }}/v1 33 | kind: ClusterRoleBinding 34 | metadata: 35 | name: olm-operator-binding-{{ .Values.namespace }} 36 | roleRef: 37 | apiGroup: {{ .Values.rbacApiVersion }} 38 | kind: ClusterRole 39 | name: system:controller:operator-lifecycle-manager 40 | subjects: 41 | - kind: ServiceAccount 42 | name: olm-operator-serviceaccount 43 | namespace: {{ .Values.namespace }} 44 | -------------------------------------------------------------------------------- /modules/vector-agent/values.yaml.tftpl: -------------------------------------------------------------------------------- 1 | #Copyright 2023 StreamNative, Inc. 2 | # 3 | #Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | #You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | #Unless required by applicable law or agreed to in writing, software 10 | #distributed under the License is distributed on an "AS IS" BASIS, 11 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | #See the License for the specific language governing permissions and 13 | #limitations under the License. 14 | 15 | image: 16 | repository: docker.cloudsmith.io/streamnative/cloud-tools/vector 17 | pullPolicy: IfNotPresent 18 | tag: "0.18.0-debian" 19 | customConfig: 20 | data_dir: /vector-data-dir 21 | api: 22 | enabled: false 23 | address: '0.0.0.0:8686' 24 | playground: true 25 | log_schema: 26 | host_key: host 27 | message_key: message 28 | source_type_key: source_type 29 | timestamp_key: timestamp 30 | sources: 31 | kubernetes_logs: 32 | type: kubernetes_logs 33 | sinks: 34 | ${sink_name}: 35 | encoding: json 36 | endpoint: ${sink_endpoint} 37 | inputs: 38 | - kubernetes_logs 39 | topic: ${sink_topic} 40 | type: pulsar 41 | auth: 42 | oauth2: 43 | audience: ${sink_oauth_audience} 44 | credentials_url: >- 45 | ${sink_oauth_credentials_url} 46 | issuer_url: ${sink_oauth_issuer_url} 47 | healthcheck: 48 | enabled: true 49 | psp: 50 | enabled: true -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- /* 16 | Copyright 2023 StreamNative, Inc. 17 | 18 | Licensed under the Apache License, Version 2.0 (the "License"); 19 | you may not use this file except in compliance with the License. 20 | You may obtain a copy of the License at 21 | 22 | http://www.apache.org/licenses/LICENSE-2.0 23 | 24 | Unless required by applicable law or agreed to in writing, 25 | software distributed under the License is distributed on an 26 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 27 | KIND, either express or implied. See the License for the 28 | specific language governing permissions and limitations 29 | under the License. 30 | */}} 31 | apiVersion: v1 32 | kind: ConfigMap 33 | metadata: 34 | name: {{ include "cloud-manager-agent.fullname" . }} 35 | namespace: {{ .Release.Namespace | quote }} 36 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 37 | data: 38 | application.properties: | 39 | {{ .Values.appConfig.applicationProperties | indent 4 }} 40 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/values.yaml.tftpl: -------------------------------------------------------------------------------- 1 | #Copyright 2023 StreamNative, Inc. 2 | # 3 | #Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | #You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | #Unless required by applicable law or agreed to in writing, software 10 | #distributed under the License is distributed on an "AS IS" BASIS, 11 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | #See the License for the specific language governing permissions and 13 | #limitations under the License. 14 | 15 | appConfig: 16 | applicationAgentProperties: 17 | stripeKeySecretName: stripe 18 | %{ if environment == "test" } 19 | raw: | 20 | spring.security.oauth2.resourceserver.jwt.issuer-uri=https://auth.test.cloud.gcp.streamnative.dev/ 21 | cloud.api.audience=https://api.test.cloud.gcp.streamnative.dev 22 | spring.security.oauth2.resourceserver.jwt.audience=https://api.test.cloud.gcp.streamnative.dev 23 | %{ else } 24 | %{ if environment == "staging" } 25 | raw: | 26 | spring.security.oauth2.resourceserver.jwt.issuer-uri=https://auth.sncloud-stg.dev/ 27 | cloud.api.audience=https://api.sncloud-stg.dev 28 | spring.security.oauth2.resourceserver.jwt.audience=https://api.sncloud-stg.dev 29 | %{ else } 30 | raw: | 31 | spring.security.oauth2.resourceserver.jwt.issuer-uri=https://auth.streamnative.cloud/ 32 | cloud.api.audience=https://api.streamnative.cloud 33 | spring.security.oauth2.resourceserver.jwt.audience=https://api.streamnative.cloud 34 | %{ endif } 35 | %{ endif } 36 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/flink.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.flink }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.flink.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.flink.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.flink.approval | default .Values.approval }} 26 | source: {{ .Values.flink.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.flink.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.flinkResources" . }} 35 | {{- if .Values.flink.config.env }} 36 | env: 37 | {{- toYaml .Values.flink.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.flink.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.flink.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/pulsar.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.pulsar }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.pulsar.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.pulsar.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.pulsar.approval | default .Values.approval }} 26 | source: {{ .Values.pulsar.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.pulsar.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.pulsarResources" . }} 35 | {{- if .Values.pulsar.config.env }} 36 | env: 37 | {{- toYaml .Values.pulsar.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.pulsar.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.pulsar.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_02-services.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.monitoring.enabled }} 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: olm-operator-metrics 20 | namespace: {{ .Values.namespace }} 21 | annotations: 22 | service.alpha.openshift.io/serving-cert-secret-name: olm-operator-serving-cert 23 | labels: 24 | app: olm-operator 25 | spec: 26 | type: ClusterIP 27 | ports: 28 | - name: https-metrics 29 | port: 8081 30 | protocol: TCP 31 | targetPort: metrics 32 | selector: 33 | app: olm-operator 34 | --- 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: catalog-operator-metrics 39 | namespace: {{ .Values.namespace }} 40 | annotations: 41 | service.alpha.openshift.io/serving-cert-secret-name: catalog-operator-serving-cert 42 | labels: 43 | app: catalog-operator 44 | spec: 45 | type: ClusterIP 46 | ports: 47 | - name: https-metrics 48 | port: 8081 49 | protocol: TCP 50 | targetPort: metrics 51 | selector: 52 | app: catalog-operator 53 | {{ end }} 54 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/flinksql.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.flinkSql }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.flinkSql.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.flinkSql.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.flinkSql.approval | default .Values.approval }} 26 | source: {{ .Values.flinkSql.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.flinkSql.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.flinkSQLResources" . }} 35 | {{- if .Values.flinkSql.config.env }} 36 | env: 37 | {{- toYaml .Values.flinkSql.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.flinkSql.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.flinkSql.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/prometheus.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.prometheus }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.prometheus.name }}-operator 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.prometheus.channel }} 25 | installPlanApproval: {{ .Values.prometheus.approval | default .Values.approval }} 26 | source: {{ .Values.prometheus.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.prometheus.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.prometheusResources" . }} 35 | {{- if .Values.prometheus.config.env }} 36 | env: 37 | {{- toYaml .Values.prometheus.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.prometheus.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.prometheus.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/zookeeper.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.zookeeper }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.zookeeper.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.zookeeper.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.zookeeper.approval | default .Values.approval }} 26 | source: {{ .Values.zookeeper.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.zookeeper.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.zookeeperResources" . }} 35 | {{- if .Values.zookeeper.config.env }} 36 | env: 37 | {{- toYaml .Values.zookeeper.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.zookeeper.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.zookeeper.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/bookkeeper.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.bookkeeper }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.bookkeeper.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.bookkeeper.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.bookkeeper.approval | default .Values.approval }} 26 | source: {{ .Values.bookkeeper.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.bookkeeper.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.bookkeeperResources" . }} 35 | {{- if .Values.bookkeeper.config.env }} 36 | env: 37 | {{- toYaml .Values.bookkeeper.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.bookkeeper.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.bookkeeper.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- /* 16 | Copyright 2023 StreamNative, Inc. 17 | 18 | Licensed under the Apache License, Version 2.0 (the "License"); 19 | you may not use this file except in compliance with the License. 20 | You may obtain a copy of the License at 21 | 22 | http://www.apache.org/licenses/LICENSE-2.0 23 | 24 | Unless required by applicable law or agreed to in writing, 25 | software distributed under the License is distributed on an 26 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 27 | KIND, either express or implied. See the License for the 28 | specific language governing permissions and limitations 29 | under the License. 30 | */}} 31 | 32 | {{- if .Values.serviceAccount.create -}} 33 | apiVersion: v1 34 | kind: ServiceAccount 35 | metadata: 36 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 37 | namespace: {{ .Release.Namespace | quote }} 38 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 39 | {{- with .Values.serviceAccount.annotations }} 40 | annotations: 41 | {{- toYaml . | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/sn-operator.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.sn_operator }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.sn_operator.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.sn_operator.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.sn_operator.approval | default .Values.approval }} 26 | source: {{ .Values.sn_operator.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.sn_operator.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.snOperatorResources" . }} 35 | {{- if .Values.sn_operator.config.env }} 36 | env: 37 | {{- toYaml .Values.sn_operator.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.sn_operator.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.sn_operator.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- /* 16 | Copyright 2023 StreamNative, Inc. 17 | 18 | Licensed under the Apache License, Version 2.0 (the "License"); 19 | you may not use this file except in compliance with the License. 20 | You may obtain a copy of the License at 21 | 22 | http://www.apache.org/licenses/LICENSE-2.0 23 | 24 | Unless required by applicable law or agreed to in writing, 25 | software distributed under the License is distributed on an 26 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 27 | KIND, either express or implied. See the License for the 28 | specific language governing permissions and limitations 29 | under the License. 30 | */}} 31 | {{- if .Values.appConfig.applicationAgentProperties.raw }} 32 | apiVersion: v1 33 | kind: Secret 34 | metadata: 35 | name: {{ include "cloud-manager-agent.fullname" . }}-extra 36 | namespace: {{ .Release.Namespace | quote }} 37 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 38 | type: Opaque 39 | stringData: 40 | application-default.properties: | 41 | {{ .Values.appConfig.applicationAgentProperties.raw | indent 4 }} 42 | {{ end }} 43 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # TLS gateway certificate 16 | apiVersion: cert-manager.io/v1 17 | kind: Certificate 18 | metadata: 19 | name: {{ .Values.ingressGateway.tlsCertificate.name }} 20 | {{- if .Values.rootNamespace }} 21 | namespace: {{ .Values.rootNamespace }} 22 | {{- end }} 23 | labels: 24 | {{- include "mesh.labels" . | nindent 4 }} 25 | spec: 26 | {{- if .Values.ingressGateway.tlsCertificate.commonName }} 27 | commonName: {{ .Values.ingressGateway.tlsCertificate.commonName }} 28 | {{- end }} 29 | dnsNames: {{ toYaml .Values.ingressGateway.tlsCertificate.dnsNames | nindent 4 }} 30 | issuerRef: 31 | {{- toYaml .Values.ingressGateway.tlsCertificate.issuerRef | nindent 4 }} 32 | privateKey: 33 | {{- toYaml .Values.ingressGateway.tlsCertificate.privateKey | nindent 4 }} 34 | renewBefore: {{ .Values.ingressGateway.tlsCertificate.renewBefore }} 35 | {{- if .Values.ingressGateway.tlsCertificate.secretName }} 36 | secretName: {{ .Values.ingressGateway.tlsCertificate.secretName }} 37 | {{- else }} 38 | secretName: {{ .Values.ingressGateway.tlsCertificate.name }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/sn-operator-all.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.sn_operator_all }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.sn_operator_all.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.sn_operator_all.channel | default .Values.channel }} 25 | installPlanApproval: {{ .Values.sn_operator_all.approval | default .Values.approval }} 26 | source: {{ .Values.sn_operator_all.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.sn_operator_all.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.snOperatorResources" . }} 35 | {{- if .Values.sn_operator_all.config.env }} 36 | env: 37 | {{- toYaml .Values.sn_operator_all.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.sn_operator_all.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.sn_operator_all.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/elastic-cloud-eck.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.elastic_cloud_eck }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.elastic_cloud_eck.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.elastic_cloud_eck.channel | default "stable" }} 25 | installPlanApproval: {{ .Values.elastic_cloud_eck.approval | default .Values.approval }} 26 | source: {{ .Values.elastic_cloud_eck.source }} 27 | sourceNamespace: {{ .Values.olm_namespace }} 28 | name: {{ .Values.elastic_cloud_eck.name }} 29 | config: 30 | {{- if .Values.tolerations }} 31 | tolerations: 32 | {{ toYaml .Values.tolerations | indent 4 }} 33 | {{- end }} 34 | resources: {{ include "subscription.eckResources" . }} 35 | {{- if .Values.elastic_cloud_eck.config.env }} 36 | env: 37 | {{- toYaml .Values.elastic_cloud_eck.config.env | nindent 4 }} 38 | {{- end }} 39 | {{- if .Values.elastic_cloud_eck.config.envFrom }} 40 | envFrom: 41 | {{- toYaml .Values.elastic_cloud_eck.config.envFrom | nindent 4 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /modules/prometheus-operator/prometheus-cluster-role/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # prometheus-cluster-role 18 | This basic helm chart installs `ClusterRole` resource for Prometheus, useful when installing the operator but not the server component. 19 | 20 | ## Usage 21 | Update the Helm provider configuration accordingly: 22 | 23 | ```hcl 24 | provider "helm" { 25 | kubernetes { 26 | host = 27 | cluster_ca_certificate = 28 | token = 29 | } 30 | } 31 | 32 | module "prometheus_cluster_role" { 33 | source = "streamnative/charts/helm//modules/prometheus-operator/prometheus-cluster-role" 34 | } 35 | ``` 36 | 37 | ## Requirements 38 | 39 | No requirements. 40 | 41 | ## Providers 42 | 43 | | Name | Version | 44 | |------|---------| 45 | | [helm](#provider\_helm) | n/a | 46 | 47 | ## Modules 48 | 49 | No modules. 50 | 51 | ## Resources 52 | 53 | | Name | Type | 54 | |------|------| 55 | | [helm_release.prometheus_cluster_role](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 56 | 57 | ## Inputs 58 | 59 | No inputs. 60 | 61 | ## Outputs 62 | 63 | No outputs. 64 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/functionmesh.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | {{- if and .Values.components.functionMesh }} 18 | apiVersion: operators.coreos.com/v1alpha1 19 | kind: Subscription 20 | metadata: 21 | name: {{ .Values.functionMesh.name }} 22 | namespace: {{ .Values.install_namespace }} 23 | spec: 24 | channel: {{ .Values.functionMesh.channel | default .Values.channel }} 25 | config: 26 | {{- if .Values.tolerations }} 27 | tolerations: 28 | {{ toYaml .Values.tolerations | indent 4 }} 29 | {{- end }} 30 | env: 31 | - name: ENABLE_WEBHOOKS 32 | value: "{{ .Values.functionMesh.config.enableWebhooks }}" 33 | - name: ENABLE_FUNCTION_MESH_CONTROLLER 34 | value: "{{ .Values.functionMesh.config.enableController }}" 35 | {{- if .Values.functionMesh.config.env }} 36 | {{- toYaml .Values.functionMesh.config.env | nindent 4 }} 37 | {{- end }} 38 | {{- if .Values.functionMesh.config.envFrom }} 39 | envFrom: 40 | {{- toYaml .Values.functionMesh.config.envFrom | nindent 4 }} 41 | {{- end }} 42 | resources: {{ include "subscription.functionMeshResources" . }} 43 | installPlanApproval: {{ .Values.functionMesh.approval | default .Values.approval }} 44 | source: {{ .Values.functionMesh.source }} 45 | sourceNamespace: {{ .Values.olm_namespace }} 46 | name: {{ .Values.functionMesh.name }} 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_09-aggregated.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: ClusterRole 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: aggregate-olm-edit 19 | labels: 20 | # Add these permissions to the "admin" and "edit" default roles. 21 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 22 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 23 | rules: 24 | - apiGroups: ["operators.coreos.com"] 25 | resources: ["subscriptions"] 26 | verbs: ["create", "update", "patch", "delete"] 27 | - apiGroups: ["operators.coreos.com"] 28 | resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] 29 | verbs: ["delete"] 30 | --- 31 | kind: ClusterRole 32 | apiVersion: rbac.authorization.k8s.io/v1 33 | metadata: 34 | name: aggregate-olm-view 35 | labels: 36 | # Add these permissions to the "admin", "edit" and "view" default roles 37 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 38 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 39 | rbac.authorization.k8s.io/aggregate-to-view: "true" 40 | rules: 41 | - apiGroups: ["operators.coreos.com"] 42 | resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] 43 | verbs: ["get", "list", "watch"] 44 | - apiGroups: ["packages.operators.coreos.com"] 45 | resources: ["packagemanifests", "packagemanifests/icon"] 46 | verbs: ["get", "list", "watch"] 47 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/mesh/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {* 2 | Copyright 2023 StreamNative, Inc. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | *} 16 | 17 | {{/* 18 | Expand the name of the chart. 19 | */}} 20 | {{- define "mesh.name" -}} 21 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | 24 | {{/* 25 | Create a default fully qualified app name. 26 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 27 | If release name contains chart name it will be used as a full name. 28 | */}} 29 | {{- define "mesh.fullname" -}} 30 | {{- if .Values.fullnameOverride }} 31 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 32 | {{- else }} 33 | {{- $name := default .Chart.Name .Values.nameOverride }} 34 | {{- if contains $name .Release.Name }} 35 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 36 | {{- else }} 37 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | 42 | {{/* 43 | Create chart name and version as used by the chart label. 44 | */}} 45 | {{- define "mesh.chart" -}} 46 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 47 | {{- end }} 48 | 49 | {{/* 50 | Common labels 51 | */}} 52 | {{- define "mesh.labels" -}} 53 | helm.sh/chart: {{ include "mesh.chart" . }} 54 | app: {{ include "mesh.name" . }} 55 | app.kubernetes.io/name: {{ include "mesh.name" . }} 56 | app.kubernetes.io/instance: {{ .Release.Name }} 57 | {{- if .Chart.AppVersion }} 58 | version: {{ .Chart.AppVersion | quote }} 59 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 60 | {{- end }} 61 | app.kubernetes.io/managed-by: {{ .Release.Service }} 62 | app.kubernetes.io/part-of: mesh 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {* 2 | Copyright 2023 StreamNative, Inc. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | *} 16 | 17 | {{/* 18 | Expand the name of the chart. 19 | */}} 20 | {{- define "kiali.name" -}} 21 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | 24 | {{/* 25 | Create a default fully qualified app name. 26 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 27 | If release name contains chart name it will be used as a full name. 28 | */}} 29 | {{- define "kiali.fullname" -}} 30 | {{- if .Values.fullnameOverride }} 31 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 32 | {{- else }} 33 | {{- $name := default .Chart.Name .Values.nameOverride }} 34 | {{- if contains $name .Release.Name }} 35 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 36 | {{- else }} 37 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | 42 | {{/* 43 | Create chart name and version as used by the chart label. 44 | */}} 45 | {{- define "kiali.chart" -}} 46 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 47 | {{- end }} 48 | 49 | {{/* 50 | Common labels 51 | */}} 52 | {{- define "kiali.labels" -}} 53 | helm.sh/chart: {{ include "kiali.chart" . }} 54 | app: {{ include "kiali.name" . }} 55 | app.kubernetes.io/name: {{ include "kiali.name" . }} 56 | app.kubernetes.io/instance: {{ .Release.Name }} 57 | {{- if .Chart.AppVersion }} 58 | version: {{ .Chart.AppVersion | quote }} 59 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 60 | {{- end }} 61 | app.kubernetes.io/managed-by: {{ .Release.Service }} 62 | app.kubernetes.io/part-of: kiali 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /modules/_templates/_helm_release/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | ### Module defaults are managed below: 29 | locals { 30 | atomic = var.atomic != null ? var.atomic : true 31 | chart_name = var.chart_name != null ? var.chart_name : "" 32 | chart_repository = var.chart_repository != null ? var.chart_repository : "" 33 | chart_version = var.chart_version != null ? var.chart_version : "" 34 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 35 | create_namespace = var.create_namespace != null ? var.create_namespace : true 36 | namespace = var.namespace != null ? var.namespace : "default" 37 | release_name = var.release_name != null ? var.release_name : "" 38 | settings = var.settings != null ? var.settings : {} 39 | timeout = var.timeout != null ? var.timeout : 120 40 | values = var.values != null ? var.values : [] 41 | } 42 | 43 | resource "helm_release" "helm_chart" { 44 | atomic = local.atomic 45 | chart = local.chart_name 46 | cleanup_on_fail = local.cleanup_on_fail 47 | create_namespace = local.create_namespace 48 | name = local.release_name 49 | namespace = local.namespace 50 | repository = local.chart_repository 51 | timeout = local.timeout 52 | version = local.chart_version 53 | values = local.values 54 | 55 | dynamic "set" { 56 | for_each = local.settings 57 | content { 58 | name = set.key 59 | value = set.value 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /modules/pulsar-operator/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "pulsar-operator" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://charts.streamnative.io" 32 | chart_version = var.chart_version != null ? var.chart_version : "0.8.17" 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | create_namespace = var.create_namespace != null ? var.create_namespace : true 35 | namespace = var.namespace != null ? var.namespace : "sn-system" 36 | release_name = var.release_name != null ? var.release_name : "pulsar-operator" 37 | settings = var.settings != null ? var.settings : {} 38 | timeout = var.timeout != null ? var.timeout : 120 39 | values = var.values != null ? var.values : [] 40 | } 41 | 42 | resource "helm_release" "pulsar_operator" { 43 | atomic = local.atomic 44 | chart = local.chart_name 45 | cleanup_on_fail = local.cleanup_on_fail 46 | create_namespace = local.create_namespace 47 | namespace = local.namespace 48 | name = local.release_name 49 | repository = local.chart_repository 50 | timeout = local.timeout 51 | version = local.chart_version 52 | values = local.values 53 | 54 | dynamic "set" { 55 | for_each = local.settings 56 | content { 57 | name = set.key 58 | value = set.value 59 | } 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /modules/vault-operator/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "vault-operator" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://kubernetes-charts.banzaicloud.com" 32 | chart_version = var.chart_version != null ? var.chart_version : "1.14.4" 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | 35 | create_namespace = var.create_namespace != null ? var.create_namespace : true 36 | namespace = var.namespace != null ? var.namespace : "sn-system" 37 | release_name = var.release_name != null ? var.release_name : "vault-operator" 38 | settings = var.settings != null ? var.settings : {} 39 | timeout = var.timeout != null ? var.timeout : 120 40 | values = var.values != null ? var.values : [] 41 | } 42 | 43 | resource "helm_release" "vault_operator" { 44 | atomic = local.atomic 45 | chart = local.chart_name 46 | cleanup_on_fail = local.cleanup_on_fail 47 | create_namespace = local.create_namespace 48 | name = local.release_name 49 | namespace = local.namespace 50 | repository = local.chart_repository 51 | timeout = local.timeout 52 | version = local.chart_version 53 | values = local.values 54 | 55 | dynamic "set" { 56 | for_each = local.settings 57 | content { 58 | name = set.key 59 | value = set.value 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "${path.module}/chart" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : null 32 | chart_version = var.chart_version != null ? var.chart_version : null 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | namespace = var.namespace != null ? var.namespace : "sn-system" 35 | release_name = var.release_name != null ? var.release_name : "cloud-manager-agent" 36 | settings = var.settings != null ? var.settings : {} 37 | timeout = var.timeout != null ? var.timeout : 120 38 | values = var.values != null ? var.values : [] 39 | environment = var.environment != null ? var.environment : "production" 40 | } 41 | 42 | resource "helm_release" "cloud-manager-agent" { 43 | atomic = local.atomic 44 | chart = local.chart_name 45 | cleanup_on_fail = local.cleanup_on_fail 46 | namespace = local.namespace 47 | name = local.release_name 48 | repository = local.chart_repository 49 | timeout = local.timeout 50 | version = local.chart_version 51 | 52 | values = coalescelist(local.values, [templatefile("${path.module}/values.yaml.tftpl", { 53 | environment = local.environment 54 | })]) 55 | 56 | dynamic "set" { 57 | for_each = local.settings 58 | content { 59 | name = set.key 60 | value = set.value 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /modules/istio-operator/charts/kiali/templates/kiali-gateway.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: networking.istio.io/v1alpha3 16 | kind: Gateway 17 | metadata: 18 | name: {{ include "kiali.fullname" . }} 19 | labels: 20 | {{- include "kiali.labels" . | nindent 4 }} 21 | spec: 22 | selector: 23 | {{- if empty .Values.gatewaySelector }} 24 | istio: ingressgateway 25 | {{- else }} 26 | {{- toYaml .Values.gatewaySelector | nindent 4 }} 27 | {{- end }} 28 | servers: 29 | - port: 30 | number: 443 31 | name: https-kiali 32 | protocol: HTTPS 33 | tls: 34 | {{- toYaml .Values.gatewayTls | nindent 6 }} 35 | hosts: {{ toYaml .Values.gatewayHosts | nindent 6 }} 36 | 37 | --- 38 | apiVersion: networking.istio.io/v1alpha3 39 | kind: VirtualService 40 | metadata: 41 | name: {{ include "kiali.fullname" . }} 42 | spec: 43 | hosts: {{ toYaml .Values.gatewayHosts | nindent 4 }} 44 | gateways: 45 | - {{ include "kiali.fullname" . }} 46 | http: 47 | - route: 48 | - destination: 49 | host: {{ .Values.kialiHost }} 50 | port: 51 | number: 20001 52 | 53 | --- 54 | # Authorization Policy for Kiali 55 | # - Allow everyone to access the API port 56 | # - Allow prometheus to access the metrics port 57 | apiVersion: security.istio.io/v1beta1 58 | kind: AuthorizationPolicy 59 | metadata: 60 | name: {{ include "kiali.fullname" . }} 61 | spec: 62 | rules: 63 | - to: 64 | - operation: 65 | ports: ["20001"] 66 | - from: 67 | - source: 68 | principals: 69 | - cluster.local/ns/{{ .Release.Namespace }}/sa/prometheus-server 70 | to: 71 | - operation: 72 | ports: ["9090"] 73 | selector: 74 | matchLabels: 75 | {{- toYaml .Values.kialiSelector | nindent 6 }} 76 | -------------------------------------------------------------------------------- /modules/function-mesh-operator/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | ### Module defaults are managed below: 29 | locals { 30 | atomic = var.atomic != null ? var.atomic : true 31 | chart_name = var.chart_name != null ? var.chart_name : "function-mesh-operator" 32 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://charts.streamnative.io" 33 | chart_version = var.chart_version != null ? var.chart_version : "0.1.7" 34 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 35 | create_namespace = var.create_namespace != null ? var.create_namespace : true 36 | namespace = var.namespace != null ? var.namespace : "sn-system" 37 | release_name = var.release_name != null ? var.release_name : "function-mesh-operator" 38 | settings = var.settings != null ? var.settings : {} 39 | timeout = var.timeout != null ? var.timeout : 120 40 | values = var.values != null ? var.values : [] 41 | } 42 | 43 | resource "helm_release" "function_mesh_operator" { 44 | atomic = local.atomic 45 | chart = local.chart_name 46 | cleanup_on_fail = local.cleanup_on_fail 47 | create_namespace = local.create_namespace 48 | name = local.release_name 49 | namespace = local.namespace 50 | repository = local.chart_repository 51 | timeout = local.timeout 52 | version = local.chart_version 53 | values = local.values 54 | 55 | dynamic "set" { 56 | for_each = local.settings 57 | content { 58 | name = set.key 59 | value = set.value 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_90_olm_01-prometheus-rule.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.monitoring.enabled }} 16 | apiVersion: monitoring.coreos.com/v1 17 | kind: PrometheusRule 18 | metadata: 19 | name: olm-alert-rules 20 | namespace: {{ .Values.namespace }} 21 | labels: 22 | prometheus: alert-rules 23 | role: alert-rules 24 | spec: 25 | groups: 26 | - name: olm.csv_abnormal.rules 27 | rules: 28 | - alert: CsvAbnormalFailedOver2Min 29 | expr: csv_abnormal{phase=~"^Failed$"} 30 | for: 2m 31 | labels: 32 | severity: warning 33 | namespace: "{{ "{{ $labels.namespace }}" }}" 34 | annotations: 35 | message: Failed to install Operator {{ printf "{{ $labels.name }}" }} version {{ printf "{{ $labels.version }}" }}. Reason-{{ printf "{{ $labels.reason }}" }} 36 | - alert: CsvAbnormalOver30Min 37 | expr: csv_abnormal{phase=~"(^Replacing$|^Pending$|^Deleting$|^Unknown$)"} 38 | for: 30m 39 | labels: 40 | severity: warning 41 | namespace: "{{ "{{ $labels.namespace }}" }}" 42 | annotations: 43 | message: Failed to install Operator {{ printf "{{ $labels.name }}" }} version {{ printf "{{ $labels.version }}" }}. Phase-{{ printf "{{ $labels.phase }}" }} Reason-{{ printf "{{ $labels.reason }}" }} 44 | - name: olm.installplan.rules 45 | rules: 46 | - alert: InstallPlanStepAppliedWithWarnings 47 | expr: sum(increase(installplan_warnings_total[5m])) > 0 48 | labels: 49 | severity: warning 50 | annotations: 51 | message: The API server returned a warning during installation or upgrade of an operator. An Event with reason "AppliedWithWarnings" has been created with complete details, including a reference to the InstallPlan step that generated the warning. 52 | {{ end }} 53 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/rolebindings.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- /* 16 | Copyright 2023 StreamNative, Inc. 17 | 18 | Licensed under the Apache License, Version 2.0 (the "License"); 19 | you may not use this file except in compliance with the License. 20 | You may obtain a copy of the License at 21 | 22 | http://www.apache.org/licenses/LICENSE-2.0 23 | 24 | Unless required by applicable law or agreed to in writing, 25 | software distributed under the License is distributed on an 26 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 27 | KIND, either express or implied. See the License for the 28 | specific language governing permissions and limitations 29 | under the License. 30 | */}} 31 | 32 | {{- if and .Values.rbac.create .Values.rbac.clusterRole }} 33 | apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} 34 | kind: RoleBinding 35 | metadata: 36 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 37 | namespace: {{ .Release.Namespace | quote }} 38 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: Role 42 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 43 | subjects: 44 | - kind: ServiceAccount 45 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 46 | namespace: {{ .Release.Namespace | quote }} 47 | --- 48 | apiVersion: rbac.authorization.k8s.io/v1 49 | kind: ClusterRoleBinding 50 | metadata: 51 | name: cloud-manager-agent 52 | namespace: {{ .Release.Namespace | quote }} 53 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 54 | roleRef: 55 | apiGroup: rbac.authorization.k8s.io 56 | kind: ClusterRole 57 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 58 | subjects: 59 | - kind: ServiceAccount 60 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 61 | namespace: {{ .Release.Namespace | quote }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /modules/hpa/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | variable "metric_server_namespace" { 18 | default = "sn-system" 19 | description = "Namespace to deploy custom metric server(prometheus adapter)." 20 | type = string 21 | } 22 | 23 | variable "cert_manager_namespace" { 24 | default = "cert-manager" 25 | description = "Namespace where cert manager is deployed." 26 | type = string 27 | } 28 | 29 | variable "scaling_prometheus_namespace" { 30 | default = "sn-system" 31 | description = "Namespace to deploy prometheus for prometheus used for scarping metrics for HPA." 32 | type = string 33 | } 34 | 35 | variable "scaling_prometheus_version" { 36 | default = "v2.19.2" 37 | description = "Version of prometheus used for scarping metrics for HPA." 38 | type = string 39 | } 40 | 41 | variable "scaling_prometheus_scrape_interval" { 42 | default = "15s" 43 | description = "Scrape interval for prometheus used for scarping metrics for HPA." 44 | type = string 45 | } 46 | 47 | variable "scaling_prometheus_evaluation_interval" { 48 | default = "30s" 49 | description = "Evaluation interval for prometheus used for scarping metrics for HPA." 50 | type = string 51 | } 52 | 53 | variable "scaling_prometheus_retention_period" { 54 | default = "1h" 55 | description = "Retention period for prometheus used for scarping metrics for HPA." 56 | type = string 57 | } 58 | 59 | variable "scaling_prometheus_cpu_limit" { 60 | default = "200m" 61 | description = "CPU limit for prometheus used for scarping metrics for HPA." 62 | type = string 63 | } 64 | 65 | variable "scaling_prometheus_memory_limit" { 66 | default = "1G" 67 | description = "Memory limit for prometheus used for scarping metrics for HPA." 68 | type = string 69 | } 70 | 71 | variable "scaling_prometheus_replicas" { 72 | default = 1 73 | description = "Replicas of prometheus used for scarping metrics for HPA." 74 | type = number 75 | } 76 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | variable "atomic" { 18 | default = null 19 | description = "Purge the chart on a failed installation." 20 | } 21 | 22 | variable "chart_name" { 23 | default = null 24 | description = "The name of the chart to install." 25 | type = string 26 | } 27 | 28 | variable "chart_repository" { 29 | default = null 30 | description = "The repository to install the chart from." 31 | type = string 32 | } 33 | 34 | variable "chart_version" { 35 | default = null 36 | description = "The version of the chart to install." 37 | type = string 38 | } 39 | 40 | variable "cleanup_on_fail" { 41 | default = null 42 | description = "Allow deletion of new resources created in this upgrade when upgrade fails." 43 | type = bool 44 | } 45 | 46 | variable "namespace" { 47 | default = null 48 | description = "The namespace used for installing cloud-manager-agent in." 49 | type = string 50 | } 51 | 52 | variable "settings" { 53 | default = null 54 | description = "Additional settings which will be passed to the Helm chart values." 55 | type = map(any) 56 | } 57 | 58 | variable "release_name" { 59 | default = null 60 | description = "The name of the helm release." 61 | type = string 62 | } 63 | 64 | variable "timeout" { 65 | default = null 66 | description = "Time in seconds to wait for any individual kubernetes operation." 67 | type = number 68 | } 69 | 70 | variable "environment" { 71 | default = "production" 72 | description = "Whether this is for a test, staging, or production environment." 73 | 74 | validation { 75 | condition = var.environment == "test" || var.environment == "staging" || var.environment == "production" 76 | error_message = "Got an unexpected value for environment (expecting test, staging, or production)." 77 | } 78 | } 79 | 80 | variable "values" { 81 | default = null 82 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 83 | } 84 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | rbacApiVersion: rbac.authorization.k8s.io 16 | namespace: olm 17 | catalog_namespace: olm 18 | operator_namespace: operators 19 | minKubeVersion: 1.18.0 20 | writeStatusName: '""' 21 | imagestream: false 22 | debug: true 23 | installType: upstream 24 | 25 | image: 26 | registry: quay.io 27 | repository: operator-framework 28 | name: olm 29 | tag: v0.20.0 30 | pullSecrets: [] 31 | # - name: gcr-test 32 | 33 | olm: 34 | replicaCount: 1 35 | image: 36 | # if you want to use a specified image, you can set ref to override the common image 37 | # ref: quay.io/operator-framework/olm:master 38 | pullPolicy: Always 39 | service: 40 | internalPort: 8080 41 | externalPort: metrics 42 | # tlsSecret: olm-operator-serving-cert 43 | # clientCASecret: pprof-serving-cert 44 | nodeSelector: 45 | kubernetes.io/os: linux 46 | resources: 47 | requests: 48 | cpu: 10m 49 | memory: 160Mi 50 | 51 | catalog: 52 | replicaCount: 1 53 | commandArgs: --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest 54 | image: 55 | # ref: quay.io/operator-framework/olm:master 56 | pullPolicy: Always 57 | service: 58 | internalPort: 8080 59 | externalPort: metrics 60 | # tlsSecret: catalog-operator-serving-cert 61 | # clientCASecret: pprof-serving-cert 62 | nodeSelector: 63 | kubernetes.io/os: linux 64 | resources: 65 | requests: 66 | cpu: 10m 67 | memory: 80Mi 68 | 69 | package: 70 | replicaCount: 2 71 | maxUnavailable: 1 72 | maxSurge: 1 73 | image: 74 | # if you want to use a specified image, you can set ref to override the common image 75 | # ref: quay.io/operator-framework/olm:master 76 | pullPolicy: Always 77 | service: 78 | internalPort: 5443 79 | nodeSelector: 80 | kubernetes.io/os: linux 81 | resources: 82 | requests: 83 | cpu: 10m 84 | memory: 50Mi 85 | 86 | upstreamOperator: 87 | # catalog image for the upstream operator 88 | image: 89 | # ref: quay.io/operatorhubio/catalog:latest 90 | repository: operatorhubio 91 | name: catalog 92 | tag: latest 93 | 94 | monitoring: 95 | enabled: false 96 | namespace: monitoring -------------------------------------------------------------------------------- /modules/cloud-manager-agent/chart/templates/roles.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- /* 16 | Copyright 2023 StreamNative, Inc. 17 | 18 | Licensed under the Apache License, Version 2.0 (the "License"); 19 | you may not use this file except in compliance with the License. 20 | You may obtain a copy of the License at 21 | 22 | http://www.apache.org/licenses/LICENSE-2.0 23 | 24 | Unless required by applicable law or agreed to in writing, 25 | software distributed under the License is distributed on an 26 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 27 | KIND, either express or implied. See the License for the 28 | specific language governing permissions and limitations 29 | under the License. 30 | */}} 31 | 32 | {{- if and .Values.rbac.create .Values.rbac.clusterRole }} 33 | apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} 34 | kind: Role 35 | metadata: 36 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 37 | namespace: {{ .Release.Namespace | quote }} 38 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 39 | rules: 40 | - apiGroups: 41 | - "" 42 | resources: 43 | - pods 44 | - services 45 | - services/finalizers 46 | - endpoints 47 | - configmaps 48 | - secrets 49 | verbs: 50 | - 'get' 51 | - 'list' 52 | - 'watch' 53 | - apiGroups: 54 | - apps 55 | resources: 56 | - deployments 57 | - daemonsets 58 | - replicasets 59 | - statefulsets 60 | verbs: 61 | - 'get' 62 | - 'list' 63 | - 'watch' 64 | --- 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: ClusterRole 67 | metadata: 68 | name: {{ include "cloud-manager-agent.serviceAccountName" . }} 69 | namespace: {{ .Release.Namespace | quote }} 70 | labels: {{- include "cloud-manager-agent.labels" . | nindent 4 }} 71 | rules: 72 | - apiGroups: 73 | - "" 74 | resources: 75 | - pods 76 | - services 77 | - services/finalizers 78 | - endpoints 79 | - configmaps 80 | - secrets 81 | verbs: 82 | - 'get' 83 | - 'list' 84 | - 'watch' 85 | - apiGroups: 86 | - apps 87 | resources: 88 | - deployments 89 | - daemonsets 90 | - replicasets 91 | - statefulsets 92 | verbs: 93 | - 'get' 94 | - 'list' 95 | - 'watch' 96 | {{- end }} 97 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | olm_namespace: olm 18 | install_namespace: sn-system 19 | operator_group: sn-operators 20 | 21 | sn_registry: "docker.cloudsmith.io/streamnative/operators/sn-catalog:latest" 22 | channel: stable 23 | approval: Automatic 24 | 25 | tolerations: [] 26 | 27 | istio: 28 | enabled: false 29 | rootNamespace: istio-system 30 | 31 | components: 32 | bookkeeper: true 33 | functionMesh: true 34 | prometheus: false # Prometheus isn't receiving regular updates from the community operators project. This will eventually be removed altogether in favor of the kube-stack-prometheus chart 35 | pulsar: true 36 | flink: false # not used in cloud 37 | flinkSql: false # not used in cloud 38 | zookeeper: true 39 | sn_operator: true 40 | sn_operator_all: false 41 | elastic_cloud_eck: true 42 | 43 | subscriptionConfig: 44 | resources: 45 | requests: 46 | cpu: 20m 47 | memory: 16Mi 48 | limits: 49 | cpu: 200m 50 | memory: 256Mi 51 | 52 | 53 | bookkeeper: 54 | source: sn-catalog 55 | name: bookkeeper-operator 56 | config: {} 57 | # env: 58 | # - name: BOOK 59 | # value: bookeeper 60 | # envFrom: 61 | # - secretRef: 62 | # name: book-secret 63 | 64 | flink: 65 | source: sn-catalog 66 | name: flink-operator 67 | config: {} 68 | 69 | flinkSql: 70 | source: sn-catalog 71 | name: sql-operator 72 | config: {} 73 | 74 | functionMesh: 75 | config: 76 | enableWebhooks: true 77 | enableController: false 78 | source: sn-catalog 79 | name: function-mesh 80 | 81 | prometheus: 82 | channel: beta 83 | source: operatorhubio-catalog 84 | name: prometheus 85 | config: {} 86 | 87 | pulsar: 88 | source: sn-catalog 89 | name: pulsar-operator 90 | config: {} 91 | 92 | zookeeper: 93 | source: sn-catalog 94 | name: zookeeper-operator 95 | config: {} 96 | 97 | sn_operator: 98 | source: sn-catalog 99 | name: sn-operator 100 | config: {} 101 | 102 | sn_operator_all: 103 | source: sn-catalog 104 | name: sn-operator-all 105 | config: {} 106 | 107 | elastic_cloud_eck: 108 | source: operatorhubio-catalog 109 | name: elastic-cloud-eck 110 | config: {} 111 | -------------------------------------------------------------------------------- /modules/pulsar-operator/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install." 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails." 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults to \"true\"." 57 | type = bool 58 | } 59 | 60 | variable "namespace" { 61 | default = null 62 | description = "The namespace used for the operator deployment." 63 | type = string 64 | } 65 | 66 | variable "release_name" { 67 | default = null 68 | description = "The name of the helm release." 69 | type = string 70 | } 71 | 72 | variable "settings" { 73 | default = null 74 | description = "Additional settings which will be passed to the Helm chart values." 75 | type = map(any) 76 | } 77 | 78 | variable "timeout" { 79 | default = null 80 | description = "Time in seconds to wait for any individual kubernetes operation." 81 | type = number 82 | } 83 | 84 | variable "values" { 85 | default = null 86 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 87 | } -------------------------------------------------------------------------------- /modules/vault-operator/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Default's to \"true\"." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install" 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install" 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install" 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails" 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults to \"true\"." 57 | type = bool 58 | } 59 | 60 | variable "namespace" { 61 | default = null 62 | description = "The namespace used for the operator deployment" 63 | type = string 64 | } 65 | 66 | variable "release_name" { 67 | default = null 68 | description = "The name of the helm release" 69 | type = string 70 | } 71 | 72 | variable "settings" { 73 | default = {} 74 | description = "Additional settings which will be passed to the Helm chart values" 75 | type = map(any) 76 | } 77 | 78 | variable "timeout" { 79 | default = null 80 | description = "Time in seconds to wait for any individual kubernetes operation" 81 | type = number 82 | } 83 | 84 | variable "values" { 85 | default = null 86 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 87 | } 88 | -------------------------------------------------------------------------------- /modules/function-mesh-operator/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Default's to \"true\"." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install" 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install" 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install" 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails" 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults to \"true\"." 57 | type = bool 58 | } 59 | 60 | variable "namespace" { 61 | default = null 62 | description = "The namespace used for the operator deployment" 63 | type = string 64 | } 65 | 66 | variable "release_name" { 67 | default = null 68 | description = "The name of the helm release" 69 | type = string 70 | } 71 | 72 | variable "settings" { 73 | default = null 74 | description = "Additional settings which will be passed to the Helm chart values" 75 | type = map(any) 76 | } 77 | 78 | variable "timeout" { 79 | default = null 80 | description = "Time in seconds to wait for any individual kubernetes operation" 81 | type = number 82 | } 83 | 84 | variable "values" { 85 | default = null 86 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 87 | } 88 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {* 2 | Copyright 2023 StreamNative, Inc. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | *} 16 | 17 | {{/* vim: set filetype=mustache: */}} 18 | {{/* 19 | Expand the name of the chart. 20 | */}} 21 | {{- define "name" -}} 22 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | 25 | {{/* 26 | Create a default fully qualified app name. 27 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 28 | */}} 29 | {{- define "fullname" -}} 30 | {{- $name := default .Chart.Name .Values.nameOverride -}} 31 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Create the default image name for olm, catalog and package. 36 | use quay.io/operator-framework/olm:v0.20.0 as default if related values are empty 37 | */}} 38 | {{- define "olm.defaultImageName" -}} 39 | {{- $registry := default "quay.io" .Values.image.registry }} 40 | {{- $repository := default "operator-framework" .Values.image.repository }} 41 | {{- $name := default "olm" .Values.image.name }} 42 | {{- $tag := default "v0.20.0" .Values.image.tag }} 43 | {{- printf "%s/%s/%s:%s" $registry $repository $name $tag }} 44 | {{- end }} 45 | 46 | {{/* 47 | Create the name of olm image 48 | */}} 49 | {{- define "olm.image" -}} 50 | {{- if .Values.olm.image.ref }} 51 | {{- printf "%s" .Values.olm.image.ref }} 52 | {{- else }} 53 | {{- printf "%s" (include "olm.defaultImageName" . ) }} 54 | {{- end }} 55 | {{- end }} 56 | 57 | {{/* 58 | Create the name of catalog image 59 | */}} 60 | {{- define "olm.catalogImage" -}} 61 | {{- if .Values.catalog.image.ref }} 62 | {{- printf "%s" .Values.catalog.image.ref }} 63 | {{- else }} 64 | {{- printf "%s" (include "olm.defaultImageName" . ) }} 65 | {{- end }} 66 | {{- end }} 67 | 68 | {{/* 69 | Create the name of package image 70 | */}} 71 | {{- define "olm.packageImage" -}} 72 | {{- if .Values.package.image.ref }} 73 | {{- printf "%s" .Values.package.image.ref }} 74 | {{- else }} 75 | {{- printf "%s" (include "olm.defaultImageName" . ) }} 76 | {{- end }} 77 | {{- end }} 78 | 79 | {{/* 80 | Create the name of upstream operator catalog image 81 | */}} 82 | {{- define "olm.upstreamOperatorCatalogImage" -}} 83 | {{- if .Values.upstreamOperator.image.ref }} 84 | {{- printf "%s" .Values.upstreamOperator.image.ref }} 85 | {{- else }} 86 | {{- $registry := default .Values.image.registry "quay.io" }} 87 | {{- printf "%s/%s/%s:%s" $registry .Values.upstreamOperator.image.repository .Values.upstreamOperator.image.name .Values.upstreamOperator.image.tag }} 88 | {{- end }} 89 | {{- end }} -------------------------------------------------------------------------------- /modules/prometheus-operator/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "kube-prometheus-stack" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://prometheus-community.github.io/helm-charts" 32 | chart_version = var.chart_version != null ? var.chart_version : "33.2.1" 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | create_namespace = var.create_namespace != null ? var.create_namespace : true 35 | install_cluster_role = var.install_cluster_role != null ? var.install_cluster_role : true 36 | namespace = var.namespace != null ? var.namespace : "monitoring" 37 | release_name = var.release_name != null ? var.release_name : "kube-prometheus-stack" 38 | settings = var.settings != null ? var.settings : {} 39 | timeout = var.timeout != null ? var.timeout : 120 40 | values = var.values != null ? var.values : [] 41 | } 42 | 43 | resource "helm_release" "prometheus_operator" { 44 | atomic = local.atomic 45 | chart = local.chart_name 46 | cleanup_on_fail = local.cleanup_on_fail 47 | create_namespace = local.create_namespace 48 | name = local.release_name 49 | namespace = local.namespace 50 | repository = local.chart_repository 51 | timeout = local.timeout 52 | version = local.chart_version 53 | values = local.values 54 | 55 | set { 56 | name = "prometheusOperator.podAnnotations.traffic\\.sidecar\\.istio\\.io/excludeInboundPorts" 57 | value = "10250" 58 | type = "string" 59 | } 60 | 61 | set { 62 | name = "alertmanager.enabled" 63 | value = "false" 64 | type = "auto" 65 | } 66 | 67 | set { 68 | name = "nodeExporter.enabled" 69 | value = "false" 70 | type = "auto" 71 | } 72 | 73 | set { 74 | name = "kubeStateMetrics.enabled" 75 | value = "false" 76 | type = "auto" 77 | } 78 | 79 | dynamic "set" { 80 | for_each = local.settings 81 | content { 82 | name = set.key 83 | value = set.value 84 | } 85 | } 86 | } 87 | 88 | module "prometheus_cluster_role" { 89 | count = local.install_cluster_role ? 1 : 0 90 | source = "./prometheus-cluster-role" 91 | } -------------------------------------------------------------------------------- /modules/otel-collector/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | ### Module defaults are managed below: 29 | locals { 30 | atomic = var.atomic != null ? var.atomic : true 31 | chart_name = var.chart_name != null ? var.chart_name : "opentelemetry-collector" 32 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://open-telemetry.github.io/opentelemetry-helm-charts" 33 | chart_version = var.chart_version != null ? var.chart_version : "0.8.0" 34 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 35 | create_namespace = var.create_namespace != null ? var.create_namespace : true 36 | image_version = var.image_version != null ? var.image_version : "0.40.0" 37 | namespace = var.namespace != null ? var.namespace : "sn-system" 38 | release_name = var.release_name != null ? var.release_name : "otel-collector" 39 | settings = var.settings != null ? var.settings : {} 40 | timeout = var.timeout != null ? var.timeout : 120 41 | 42 | values = var.values != null ? var.values : yamlencode({ 43 | fullNameOverride = "opentelemetry-collector" 44 | nameOverride = "opentelemetry-collector" 45 | agentCollector = { 46 | enabled = false 47 | } 48 | autoscaling = { 49 | enabled = true 50 | minReplicas = 1 51 | maxReplicas = 10 52 | targetCPUUtilizationPercentage = 80 53 | targetMemoryUtilizationPercentage = 80 54 | } 55 | image = { 56 | tag = local.image_version 57 | } 58 | standaloneCollector = { 59 | enabled = true 60 | resources = { 61 | limits = { 62 | cpu = "500m" 63 | memory = "256M" 64 | } 65 | } 66 | } 67 | }) 68 | } 69 | 70 | resource "helm_release" "helm_chart" { 71 | atomic = local.atomic 72 | chart = local.chart_name 73 | cleanup_on_fail = local.cleanup_on_fail 74 | create_namespace = local.create_namespace 75 | name = local.release_name 76 | namespace = local.namespace 77 | repository = local.chart_repository 78 | timeout = local.timeout 79 | version = local.chart_version 80 | values = [local.values] 81 | 82 | dynamic "set" { 83 | for_each = local.settings 84 | content { 85 | name = set.key 86 | value = set.value 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /modules/prometheus-operator/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Default's to \"true\"." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install." 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails." 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults to \"true\"." 57 | type = bool 58 | } 59 | 60 | variable "install_cluster_role" { 61 | default = null 62 | description = "Installs the well-known Prometheus server ClusterRole resource on the cluster." 63 | type = bool 64 | } 65 | 66 | variable "namespace" { 67 | default = null 68 | description = "The namespace used for the operator deployment." 69 | type = string 70 | } 71 | 72 | variable "release_name" { 73 | default = null 74 | description = "The name of the helm release." 75 | type = string 76 | } 77 | 78 | variable "settings" { 79 | default = {} 80 | description = "Additional settings which will be passed to the Helm chart values." 81 | type = map(any) 82 | } 83 | 84 | variable "timeout" { 85 | default = 120 86 | description = "Time in seconds to wait for any individual kubernetes operation." 87 | type = number 88 | } 89 | 90 | variable "values" { 91 | default = null 92 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 93 | } 94 | -------------------------------------------------------------------------------- /modules/hpa/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # HPA 18 | Deploy resources to support HPA. 19 | Including a Prometheus to scrape metrics used to determine if scaling is needed. 20 | An internal issuer to issue self-signed cert. 21 | A Prometheus Adapter to bridge HPA controller and Prometheus. 22 | 23 | ## Inputs 24 | 25 | | Name | Description | Type | Default | Required | 26 | |------|-------------|------|---------|:--------:| 27 | | [metric\_server\_namespace](#input\_metric\_server\_namespace) | Namespace to deploy custom metric server(prometheus adapter). | `string` | `sn-system` | no | 28 | | [cert\_manager\_namespace](#input\_cert\_manager\_namespace) | Namespace where cert manager is deployed. | `string` | `cert-manager` | no | 29 | | [scaling\_prometheus\_namespace](#input\_scaling\_prometheus\_namespace) | Namespace to deploy prometheus for prometheus used for scarping metrics for HPA. | `string` | `sn-system` | no | 30 | | [scaling\_prometheus\_version](#input\_scaling\_prometheus\_version) | Version of prometheus used for scarping metrics for HPA. | `string` | `v2.19.2` | no | 31 | | [scaling\_prometheus\_scrape\_interval](#input\_scaling\_prometheus\_scrape\_interval) | Scrape interval for prometheus used for scarping metrics for HPA. | `string` | `15s` | no | 32 | | [scaling\_prometheus\_evaluation\_interval](#input\_scaling\_prometheus\_evaluation\_interval) | Evaluation interval for prometheus used for scarping metrics for HPA. | `string` | `30s` | no | 33 | | [scaling\_prometheus\_retention\_period](#input\_scaling\_prometheus\_retention\_period) | Retention period for prometheus used for scarping metrics for HPA. | `string` | `1h` | no | 34 | | [scaling\_prometheus\_cpu\_limit](#input\_scaling\_prometheus\_cpu\_limit) | CPU limit for prometheus used for scarping metrics for HPA. | `string` | `200m` | no | 35 | | [scaling\_prometheus\_memory\_limit](#input\_scaling\_prometheus\_memory\_limit) | Memory limit for prometheus used for scarping metrics for HPA. | `string` | `1G` | no | 36 | | [scaling\_prometheus\_replicas](#input\_scaling\_prometheus\_replicas) | Replicas of prometheus used for scarping metrics for HPA. | `number` | `1` | no | 37 | -------------------------------------------------------------------------------- /modules/cloud-manager-agent/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | ## Requirements 19 | 20 | | Name | Version | 21 | |------|---------| 22 | | [terraform](#requirement\_terraform) | >=1.0.0 | 23 | | [helm](#requirement\_helm) | >=2.2.0 | 24 | 25 | ## Providers 26 | 27 | | Name | Version | 28 | |------|---------| 29 | | [helm](#provider\_helm) | >=2.2.0 | 30 | 31 | ## Modules 32 | 33 | No modules. 34 | 35 | ## Resources 36 | 37 | | Name | Type | 38 | |------|------| 39 | | [helm_release.cloud-manager-agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 40 | 41 | ## Inputs 42 | 43 | | Name | Description | Type | Default | Required | 44 | |------|-------------|------|---------|:--------:| 45 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. | `any` | `null` | no | 46 | | [chart\_name](#input\_chart\_name) | The name of the chart to install. | `string` | `null` | no | 47 | | [chart\_repository](#input\_chart\_repository) | The repository to install the chart from. | `string` | `null` | no | 48 | | [chart\_version](#input\_chart\_version) | The version of the chart to install. | `string` | `null` | no | 49 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails. | `bool` | `null` | no | 50 | | [environment](#input\_environment) | Whether this is for a test, staging, or production environment. | `string` | `"production"` | no | 51 | | [namespace](#input\_namespace) | The namespace used for installing cloud-manager-agent in. | `string` | `null` | no | 52 | | [release\_name](#input\_release\_name) | The name of the helm release. | `string` | `null` | no | 53 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values. | `map(any)` | `null` | no | 54 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation. | `number` | `null` | no | 55 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no | 56 | 57 | ## Outputs 58 | 59 | No outputs. 60 | -------------------------------------------------------------------------------- /modules/istio-operator/values.yaml.tftpl: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | istioNamespace: ${istio_system_namespace} 18 | controlPlane: 19 | install: true 20 | spec: 21 | profile: ${profile} 22 | revision: ${revision_tag} 23 | values: 24 | global: 25 | istioNamespace: ${istio_system_namespace} 26 | meshID: ${mesh_id} 27 | multiCluster: 28 | clusterName: ${cluster_name} 29 | network: ${network} 30 | sidecarInjectorWebhook: 31 | injectedAnnotations: 32 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 33 | neverInjectSelector: 34 | # kube-prometheus-stack 35 | ## Admission Webhook jobs do not terminate as expected with istio-proxy 36 | - matchExpressions: 37 | - {key: app, operator: In, values: [kube-prometheus-stack-admission-create,kube-prometheus-stack-admission-patch,kube-prometheus-stack-operator]} 38 | 39 | meshConfig: 40 | trustDomain: ${trust_domain} 41 | defaultConfig: 42 | proxyMetadata: 43 | ISTIO_META_DNS_CAPTURE: "true" 44 | ISTIO_META_DNS_AUTO_ALLOCATE: "true" 45 | enablePrometheusMerge: false 46 | components: 47 | cni: 48 | enabled: true 49 | pilot: 50 | k8s: 51 | podDisruptionBudget: 52 | maxUnavailable: 1 53 | hpaSpec: 54 | minReplicas: 2 55 | ingressGateways: 56 | - name: istio-ingressgateway 57 | namespace: ${istio_system_namespace} 58 | enabled: true 59 | label: 60 | cloud.streamnative.io/role: "istio-ingressgateway" 61 | k8s: 62 | resources: 63 | limits: 64 | cpu: "2" 65 | memory: 1Gi 66 | requests: 67 | cpu: "2" 68 | memory: 1Gi 69 | podDisruptionBudget: 70 | maxUnavailable: 1 71 | hpaSpec: 72 | minReplicas: 3 73 | maxReplicas: 20 74 | serviceAnnotations: 75 | %{ for k, v in ingress_gateway_service_annotations ~} 76 | ${k}: "${v}" 77 | %{ endfor ~} 78 | service: 79 | ports: 80 | - port: 15021 81 | targetPort: 15021 82 | name: status-port 83 | - port: 80 84 | targetPort: 8080 85 | name: http2 86 | - port: 443 87 | targetPort: 8443 88 | name: https 89 | - port: 6651 90 | targetPort: 6651 91 | name: tls-pulsar 92 | - port: 9093 93 | targetPort: 9093 94 | name: tls-kafka 95 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_90_olm_00-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.monitoring.enabled }} 16 | apiVersion: monitoring.coreos.com/v1 17 | kind: ServiceMonitor 18 | metadata: 19 | name: olm-operator 20 | namespace: {{ .Values.namespace }} 21 | labels: 22 | app: olm-operator 23 | spec: 24 | endpoints: 25 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 26 | interval: 30s 27 | metricRelabelings: 28 | - action: drop 29 | regex: etcd_(debugging|disk|request|server).* 30 | sourceLabels: 31 | - __name__ 32 | port: https-metrics 33 | scheme: https 34 | tlsConfig: 35 | caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt 36 | serverName: olm-operator-metrics.{{ .Values.namespace }}.svc 37 | jobLabel: component 38 | namespaceSelector: 39 | matchNames: 40 | - {{ .Values.namespace }} 41 | selector: 42 | matchLabels: 43 | app: olm-operator 44 | --- 45 | apiVersion: monitoring.coreos.com/v1 46 | kind: ServiceMonitor 47 | metadata: 48 | name: catalog-operator 49 | namespace: {{ .Values.namespace }} 50 | labels: 51 | app: catalog-operator 52 | spec: 53 | jobLabel: k8s-app 54 | endpoints: 55 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 56 | interval: 30s 57 | metricRelabelings: 58 | - action: drop 59 | regex: etcd_(debugging|disk|request|server).* 60 | sourceLabels: 61 | - __name__ 62 | port: https-metrics 63 | scheme: https 64 | tlsConfig: 65 | caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt 66 | serverName: catalog-operator-metrics.{{ .Values.namespace }}.svc 67 | jobLabel: component 68 | namespaceSelector: 69 | matchNames: 70 | - {{ .Values.namespace }} 71 | selector: 72 | matchLabels: 73 | app: catalog-operator 74 | --- 75 | apiVersion: rbac.authorization.k8s.io/v1 76 | kind: RoleBinding 77 | metadata: 78 | name: operator-lifecycle-manager-metrics 79 | namespace: {{ .Values.namespace }} 80 | roleRef: 81 | apiGroup: rbac.authorization.k8s.io 82 | kind: Role 83 | name: operator-lifecycle-manager-metrics 84 | subjects: 85 | - kind: ServiceAccount 86 | name: prometheus-k8s 87 | namespace: {{ .Values.monitoring.namespace }} 88 | --- 89 | apiVersion: rbac.authorization.k8s.io/v1 90 | kind: Role 91 | metadata: 92 | name: operator-lifecycle-manager-metrics 93 | namespace: {{ .Values.namespace }} 94 | rules: 95 | - apiGroups: 96 | - "" 97 | resources: 98 | - services 99 | - endpoints 100 | - pods 101 | verbs: 102 | - get 103 | - list 104 | - watch 105 | {{ end }} 106 | -------------------------------------------------------------------------------- /modules/vault-operator/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # Vault Operator 18 | A simple module that installs a Vault operator via helm 19 | 20 | ## Requirements 21 | 22 | | Name | Version | 23 | |------|---------| 24 | | [terraform](#requirement\_terraform) | >=1.0.0 | 25 | | [helm](#requirement\_helm) | 2.2.0 | 26 | 27 | ## Providers 28 | 29 | | Name | Version | 30 | |------|---------| 31 | | [helm](#provider\_helm) | 2.2.0 | 32 | 33 | ## Modules 34 | 35 | No modules. 36 | 37 | ## Resources 38 | 39 | | Name | Type | 40 | |------|------| 41 | | [helm_release.vault_operator](https://registry.terraform.io/providers/hashicorp/helm/2.2.0/docs/resources/release) | resource | 42 | 43 | ## Inputs 44 | 45 | | Name | Description | Type | Default | Required | 46 | |------|-------------|------|---------|:--------:| 47 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. Default's to "true". | `bool` | `null` | no | 48 | | [chart\_name](#input\_chart\_name) | The name of the Helm chart to install | `string` | `null` | no | 49 | | [chart\_repository](#input\_chart\_repository) | The repository containing the Helm chart to install | `string` | `null` | no | 50 | | [chart\_version](#input\_chart\_version) | The version of the Helm chart to install | `string` | `null` | no | 51 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails | `bool` | `null` | no | 52 | | [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults to "true". | `bool` | `null` | no | 53 | | [namespace](#input\_namespace) | The namespace used for the operator deployment | `string` | `null` | no | 54 | | [release\_name](#input\_release\_name) | The name of the helm release | `string` | `null` | no | 55 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values | `map(any)` | `{}` | no | 56 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation | `number` | `null` | no | 57 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no | 58 | 59 | ## Outputs 60 | 61 | No outputs. 62 | -------------------------------------------------------------------------------- /modules/function-mesh-operator/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # function-mesh-operator 18 | Installs the StreamNative function-mesh operator 19 | 20 | ## Requirements 21 | 22 | | Name | Version | 23 | |------|---------| 24 | | [terraform](#requirement\_terraform) | >=1.0.0 | 25 | | [helm](#requirement\_helm) | 2.2.0 | 26 | 27 | ## Providers 28 | 29 | | Name | Version | 30 | |------|---------| 31 | | [helm](#provider\_helm) | 2.2.0 | 32 | 33 | ## Modules 34 | 35 | No modules. 36 | 37 | ## Resources 38 | 39 | | Name | Type | 40 | |------|------| 41 | | [helm_release.function_mesh_operator](https://registry.terraform.io/providers/hashicorp/helm/2.2.0/docs/resources/release) | resource | 42 | 43 | ## Inputs 44 | 45 | | Name | Description | Type | Default | Required | 46 | |------|-------------|------|---------|:--------:| 47 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. Default's to "true". | `bool` | `null` | no | 48 | | [chart\_name](#input\_chart\_name) | The name of the Helm chart to install | `string` | `null` | no | 49 | | [chart\_repository](#input\_chart\_repository) | The repository containing the Helm chart to install | `string` | `null` | no | 50 | | [chart\_version](#input\_chart\_version) | The version of the Helm chart to install | `string` | `null` | no | 51 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails | `bool` | `null` | no | 52 | | [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults to "true". | `bool` | `null` | no | 53 | | [namespace](#input\_namespace) | The namespace used for the operator deployment | `string` | `null` | no | 54 | | [release\_name](#input\_release\_name) | The name of the helm release | `string` | `null` | no | 55 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values | `map(any)` | `null` | no | 56 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation | `number` | `null` | no | 57 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no | 58 | 59 | ## Outputs 60 | 61 | No outputs. 62 | -------------------------------------------------------------------------------- /modules/pulsar-operator/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # StreamNative Pulsar Operator 18 | Refer to our [charts](https://github.com/streamnative/charts) repo for more details 19 | 20 | ## Requirements 21 | 22 | | Name | Version | 23 | |------|---------| 24 | | [terraform](#requirement\_terraform) | >=1.0.0 | 25 | | [helm](#requirement\_helm) | 2.2.0 | 26 | 27 | ## Providers 28 | 29 | | Name | Version | 30 | |------|---------| 31 | | [helm](#provider\_helm) | 2.2.0 | 32 | 33 | ## Modules 34 | 35 | No modules. 36 | 37 | ## Resources 38 | 39 | | Name | Type | 40 | |------|------| 41 | | [helm_release.pulsar_operator](https://registry.terraform.io/providers/hashicorp/helm/2.2.0/docs/resources/release) | resource | 42 | 43 | ## Inputs 44 | 45 | | Name | Description | Type | Default | Required | 46 | |------|-------------|------|---------|:--------:| 47 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. | `bool` | `null` | no | 48 | | [chart\_name](#input\_chart\_name) | The name of the Helm chart to install. | `string` | `null` | no | 49 | | [chart\_repository](#input\_chart\_repository) | The repository containing the Helm chart to install. | `string` | `null` | no | 50 | | [chart\_version](#input\_chart\_version) | The version of the Helm chart to install. | `string` | `null` | no | 51 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails. | `bool` | `null` | no | 52 | | [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults to "true". | `bool` | `null` | no | 53 | | [namespace](#input\_namespace) | The namespace used for the operator deployment. | `string` | `null` | no | 54 | | [release\_name](#input\_release\_name) | The name of the helm release. | `string` | `null` | no | 55 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values. | `map(any)` | `null` | no | 56 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation. | `number` | `null` | no | 57 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no | 58 | 59 | ## Outputs 60 | 61 | No outputs. 62 | -------------------------------------------------------------------------------- /modules/vector-agent/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "vector-agent" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://helm.vector.dev" 32 | chart_version = var.chart_version != null ? var.chart_version : "0.21.3" 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | create_namespace = var.create_namespace != null ? var.create_namespace : true 35 | namespace = var.namespace != null ? var.namespace : "sn-system" 36 | release_name = var.release_name != null ? var.release_name : "vector-agent" 37 | settings = var.settings != null ? var.settings : {} 38 | sink_endpoint = var.sink_endpoint != null ? var.sink_endpoint : "" 39 | sink_name = var.sink_name != null ? var.sink_name : "sn-default" 40 | sink_topic = var.sink_topic != null ? var.sink_topic : "" 41 | sink_oauth_audience = var.sink_oauth_audience != null ? var.sink_oauth_audience : "" 42 | sink_oauth_credentials_url = var.sink_oauth_credentials_url != null ? var.sink_oauth_credentials_url : "" 43 | sink_oauth_issuer_url = var.sink_oauth_issuer_url != null ? var.sink_oauth_issuer_url : "" 44 | timeout = var.timeout != null ? var.timeout : 120 45 | values = var.values != null ? var.values : [] 46 | } 47 | 48 | resource "helm_release" "vector_agent" { 49 | atomic = local.atomic 50 | chart = local.chart_name 51 | cleanup_on_fail = local.cleanup_on_fail 52 | name = local.release_name 53 | namespace = local.namespace 54 | repository = local.chart_repository 55 | timeout = local.timeout 56 | version = local.chart_version 57 | 58 | values = coalescelist(local.values, [templatefile("${path.module}/values.yaml.tftpl", { 59 | sink_name = local.sink_name 60 | sink_endpoint = local.sink_endpoint 61 | sink_oauth_audience = local.sink_oauth_audience 62 | sink_oauth_credentials_url = base64decode(local.sink_oauth_credentials_url) 63 | sink_oauth_issuer_url = local.sink_oauth_issuer_url 64 | sink_topic = local.sink_topic 65 | })] 66 | ) 67 | 68 | dynamic "set" { 69 | for_each = local.settings 70 | content { 71 | name = set.key 72 | value = set.value 73 | } 74 | } 75 | } -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/_packageserver.deployment-spec.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- define "packageserver.deployment-spec" }} 16 | spec: 17 | strategy: 18 | type: RollingUpdate 19 | rollingUpdate: 20 | maxUnavailable: {{ .Values.package.maxUnavailable }} 21 | maxSurge: {{ .Values.package.maxSurge }} 22 | replicas: {{ .Values.package.replicaCount }} 23 | selector: 24 | matchLabels: 25 | app: packageserver 26 | template: 27 | metadata: 28 | labels: 29 | app: packageserver 30 | spec: 31 | serviceAccountName: olm-operator-serviceaccount 32 | {{- if .Values.package.nodeSelector }} 33 | nodeSelector: 34 | {{- toYaml .Values.package.nodeSelector | nindent 8 }} 35 | {{- end }} 36 | {{- if .Values.package.tolerations }} 37 | tolerations: 38 | {{- toYaml .Values.package.tolerations | nindent 6 }} 39 | {{- end }} 40 | {{- if .Values.image.pullSecrets }} 41 | imagePullSecrets: 42 | {{- toYaml .Values.image.pullSecrets | nindent 6 }} 43 | {{- end }} 44 | containers: 45 | - name: packageserver 46 | command: 47 | - /bin/package-server 48 | - -v=4 49 | {{- if .Values.watchedNamespaces }} 50 | - --watched-namespaces 51 | - {{ .Values.watchedNamespaces }} 52 | {{- end }} 53 | - --secure-port 54 | - {{ .Values.package.service.internalPort | quote }} 55 | - --global-namespace 56 | - {{ .Values.catalog_namespace }} 57 | {{- if .Values.debug }} 58 | - --debug 59 | {{- end }} 60 | {{- if .Values.package.commandArgs }} 61 | - {{ .Values.package.commandArgs }} 62 | {{- end }} 63 | image: {{ include "olm.packageImage" . }} 64 | imagePullPolicy: {{ .Values.package.image.pullPolicy }} 65 | ports: 66 | - containerPort: {{ .Values.package.service.internalPort }} 67 | livenessProbe: 68 | httpGet: 69 | scheme: HTTPS 70 | path: /healthz 71 | port: {{ .Values.package.service.internalPort }} 72 | readinessProbe: 73 | httpGet: 74 | scheme: HTTPS 75 | path: /healthz 76 | port: {{ .Values.package.service.internalPort }} 77 | terminationMessagePolicy: FallbackToLogsOnError 78 | {{- if .Values.package.resources }} 79 | resources: 80 | {{ toYaml .Values.package.resources | indent 10 }} 81 | {{- end }} 82 | {{- if .Values.package.securityContext }} 83 | securityContext: 84 | runAsUser: {{ .Values.package.securityContext.runAsUser }} 85 | {{- end }} 86 | volumeMounts: 87 | - name: tmpfs 88 | mountPath: /tmp 89 | volumes: 90 | - name: tmpfs 91 | emptyDir: {} 92 | {{- end -}} 93 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/_packageserver.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- define "packageserver.clusterserviceversion" }} 16 | apiVersion: operators.coreos.com/v1alpha1 17 | kind: ClusterServiceVersion 18 | metadata: 19 | name: packageserver 20 | namespace: {{ .Values.namespace }} 21 | labels: 22 | olm.version: {{ .Chart.Version }} 23 | {{- if .Values.writePackageServerStatusName }} 24 | olm.clusteroperator.name: {{ .Values.writePackageServerStatusName }} 25 | {{- end }} 26 | spec: 27 | displayName: Package Server 28 | description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. 29 | minKubeVersion: {{ .Values.minKubeVersion }} 30 | keywords: ['packagemanifests', 'olm', 'packages'] 31 | maintainers: 32 | - name: Red Hat 33 | email: openshift-operators@redhat.com 34 | provider: 35 | name: Red Hat 36 | links: 37 | - name: Package Server 38 | url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server 39 | installModes: 40 | - type: OwnNamespace 41 | supported: true 42 | - type: SingleNamespace 43 | supported: true 44 | - type: MultiNamespace 45 | supported: true 46 | - type: AllNamespaces 47 | supported: true 48 | install: 49 | strategy: deployment 50 | spec: 51 | clusterPermissions: 52 | - serviceAccountName: olm-operator-serviceaccount 53 | rules: 54 | - apiGroups: 55 | - authorization.k8s.io 56 | resources: 57 | - subjectaccessreviews 58 | verbs: 59 | - create 60 | - get 61 | - apiGroups: 62 | - "" 63 | resources: 64 | - configmaps 65 | verbs: 66 | - get 67 | - list 68 | - watch 69 | - apiGroups: 70 | - "operators.coreos.com" 71 | resources: 72 | - catalogsources 73 | verbs: 74 | - get 75 | - list 76 | - watch 77 | - apiGroups: 78 | - "packages.operators.coreos.com" 79 | resources: 80 | - packagemanifests 81 | verbs: 82 | - get 83 | - list 84 | deployments: 85 | - name: packageserver 86 | {{- include "packageserver.deployment-spec" . | nindent 8 }} 87 | maturity: alpha 88 | version: {{ .Chart.Version }} 89 | apiservicedefinitions: 90 | owned: 91 | - group: packages.operators.coreos.com 92 | version: v1 93 | kind: PackageManifest 94 | name: packagemanifests 95 | displayName: PackageManifest 96 | description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps 97 | deploymentName: packageserver 98 | containerPort: {{ .Values.package.service.internalPort }} 99 | {{- end -}} 100 | -------------------------------------------------------------------------------- /modules/prometheus-operator/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # Prometheus 18 | A simple module that installs a the `kube-prometheus-stack` operator via helm 19 | 20 | ## Requirements 21 | 22 | | Name | Version | 23 | |------|---------| 24 | | [terraform](#requirement\_terraform) | >=1.0.0 | 25 | | [helm](#requirement\_helm) | >=2.2.0 | 26 | 27 | ## Providers 28 | 29 | | Name | Version | 30 | |------|---------| 31 | | [helm](#provider\_helm) | >=2.2.0 | 32 | 33 | ## Modules 34 | 35 | | Name | Source | Version | 36 | |------|--------|---------| 37 | | [prometheus\_cluster\_role](#module\_prometheus\_cluster\_role) | ./prometheus-cluster-role | n/a | 38 | 39 | ## Resources 40 | 41 | | Name | Type | 42 | |------|------| 43 | | [helm_release.prometheus_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 44 | 45 | ## Inputs 46 | 47 | | Name | Description | Type | Default | Required | 48 | |------|-------------|------|---------|:--------:| 49 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. Default's to "true". | `bool` | `null` | no | 50 | | [chart\_name](#input\_chart\_name) | The name of the Helm chart to install. | `string` | `null` | no | 51 | | [chart\_repository](#input\_chart\_repository) | The repository containing the Helm chart to install. | `string` | `null` | no | 52 | | [chart\_version](#input\_chart\_version) | The version of the Helm chart to install. | `string` | `null` | no | 53 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails. | `bool` | `null` | no | 54 | | [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults to "true". | `bool` | `null` | no | 55 | | [install\_cluster\_role](#input\_install\_cluster\_role) | Installs the well-known Prometheus server ClusterRole resource on the cluster. | `bool` | `null` | no | 56 | | [namespace](#input\_namespace) | The namespace used for the operator deployment. | `string` | `null` | no | 57 | | [release\_name](#input\_release\_name) | The name of the helm release. | `string` | `null` | no | 58 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values. | `map(any)` | `{}` | no | 59 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation. | `number` | `120` | no | 60 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. | `any` | `null` | no | 61 | 62 | ## Outputs 63 | 64 | No outputs. 65 | -------------------------------------------------------------------------------- /modules/_templates/_helm_release/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Defaults are configured in the locals block of this module's main.tf file." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults are configured in the locals block of this module's main.tf file." 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults are configured in the locals block of this module's main.tf file." 57 | type = bool 58 | } 59 | 60 | variable "namespace" { 61 | default = null 62 | description = "The namespace used for the operator deployment. Defaults are configured in the locals block of this module's main.tf file." 63 | type = string 64 | } 65 | 66 | variable "release_name" { 67 | default = null 68 | description = "The name of the helm release. Defaults are configured in the locals block of this module's main.tf file." 69 | type = string 70 | } 71 | 72 | variable "settings" { 73 | default = null 74 | description = "Additional settings which will be passed to the Helm chart values. Defaults are configured in the locals block of this module's main.tf file." 75 | type = map(any) 76 | } 77 | 78 | variable "timeout" { 79 | default = null 80 | description = "Time in seconds to wait for any individual kubernetes operation. Defaults are configured in the locals block of this module's main.tf file." 81 | type = number 82 | } 83 | 84 | variable "values" { 85 | default = null 86 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`. Defaults are configured in the locals block of this module's main.tf file." 87 | } 88 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/chart/templates/_helper.tpl: -------------------------------------------------------------------------------- 1 | {* 2 | Copyright 2023 StreamNative, Inc. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | *} 16 | 17 | {{/* 18 | Get subscription config for bookkeeper 19 | */}} 20 | {{- define "subscription.bookkeeperResources" -}} 21 | {{- if .Values.bookkeeper.config.resources }} 22 | {{- toYaml .Values.bookkeeper.config.resources | nindent 6 }} 23 | {{- else }} 24 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 25 | {{- end }} 26 | {{- end }} 27 | 28 | 29 | {{/* 30 | Get subscription config for flink 31 | */}} 32 | {{- define "subscription.flinkResources" -}} 33 | {{- if .Values.flink.config.resources }} 34 | {{- toYaml .Values.flink.config.resources | nindent 6 }} 35 | {{- else }} 36 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 37 | {{- end }} 38 | {{- end }} 39 | 40 | {{/* 41 | Get subscription config for flink sql 42 | */}} 43 | {{- define "subscription.flinkSQLResources" -}} 44 | {{- if .Values.flinkSql.config.resources }} 45 | {{- toYaml .Values.flinkSql.config.resources | nindent 6 }} 46 | {{- else }} 47 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 48 | {{- end }} 49 | {{- end }} 50 | 51 | {{/* 52 | Get subscription config for function mesh 53 | */}} 54 | {{- define "subscription.functionMeshResources" -}} 55 | {{- if .Values.functionMesh.config.resources }} 56 | {{- toYaml .Values.functionMesh.config.resources | nindent 6 }} 57 | {{- else }} 58 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 59 | {{- end }} 60 | {{- end }} 61 | 62 | {{/* 63 | Get subscription config for prometheus 64 | */}} 65 | {{- define "subscription.prometheusResources" -}} 66 | {{- if .Values.prometheus.config.resources }} 67 | {{- toYaml .Values.prometheus.config.resources | nindent 6 }} 68 | {{- else }} 69 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 70 | {{- end }} 71 | {{- end }} 72 | 73 | 74 | {{/* 75 | Get subscription config for pulsar 76 | */}} 77 | {{- define "subscription.pulsarResources" -}} 78 | {{- if .Values.pulsar.config.resources }} 79 | {{- toYaml .Values.pulsar.config.resources | nindent 6 }} 80 | {{- else }} 81 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 82 | {{- end }} 83 | {{- end }} 84 | 85 | {{/* 86 | Get subscription config for sn-operator 87 | */}} 88 | {{- define "subscription.snOperatorResources" -}} 89 | {{- if .Values.sn_operator.config.resources }} 90 | {{- toYaml .Values.sn_operator.config.resources | nindent 6 }} 91 | {{- else }} 92 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 93 | {{- end }} 94 | {{- end }} 95 | 96 | {{/* 97 | Get subscription config for zookeeper 98 | */}} 99 | {{- define "subscription.zookeeperResources" -}} 100 | {{- if .Values.zookeeper.config.resources }} 101 | {{- toYaml .Values.zookeeper.config.resources | nindent 6 }} 102 | {{- else }} 103 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 104 | {{- end }} 105 | {{- end }} 106 | 107 | {{/* 108 | Get subscription config for elastic_cloud_eck 109 | */}} 110 | {{- define "subscription.eckResources" -}} 111 | {{- if .Values.elastic_cloud_eck.config.resources }} 112 | {{- toYaml .Values.elastic_cloud_eck.config.resources | nindent 6 }} 113 | {{- else }} 114 | {{- toYaml .Values.subscriptionConfig.resources | nindent 6 }} 115 | {{- end }} 116 | {{- end }} -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/chart/templates/0000_50_olm_07-olm-operator.deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: olm-operator 19 | namespace: {{ .Values.namespace }} 20 | labels: 21 | app: olm-operator 22 | spec: 23 | strategy: 24 | type: RollingUpdate 25 | replicas: {{ .Values.olm.replicaCount }} 26 | selector: 27 | matchLabels: 28 | app: olm-operator 29 | template: 30 | metadata: 31 | labels: 32 | app: olm-operator 33 | spec: 34 | serviceAccountName: olm-operator-serviceaccount 35 | {{- if .Values.image.pullSecrets }} 36 | imagePullSecrets: 37 | {{- toYaml .Values.image.pullSecrets | nindent 6 }} 38 | {{- end }} 39 | containers: 40 | - name: olm-operator 41 | command: 42 | - /bin/olm 43 | args: 44 | - --namespace 45 | - $(OPERATOR_NAMESPACE) 46 | {{- if .Values.watchedNamespaces }} 47 | - --watchedNamespaces 48 | - {{ .Values.watchedNamespaces }} 49 | {{- end }} 50 | {{- if .Values.olm.commandArgs }} 51 | - {{ .Values.olm.commandArgs }} 52 | {{- end }} 53 | {{- if .Values.debug }} 54 | - --debug 55 | {{- end }} 56 | {{- if .Values.writeStatusName }} 57 | - --writeStatusName 58 | - {{ .Values.writeStatusName }} 59 | {{- end }} 60 | {{- if .Values.writePackageServerStatusName }} 61 | - --writePackageServerStatusName 62 | - {{ .Values.writePackageServerStatusName }} 63 | {{- end }} 64 | {{- if .Values.olm.tlsCertPath }} 65 | - --tls-cert 66 | - {{ .Values.olm.tlsCertPath }} 67 | {{- end }} 68 | {{- if .Values.olm.tlsKeyPath }} 69 | - --tls-key 70 | - {{ .Values.olm.tlsKeyPath }} 71 | {{- end }} 72 | image: {{ include "olm.image" . }} 73 | imagePullPolicy: {{ .Values.olm.image.pullPolicy }} 74 | ports: 75 | - containerPort: {{ .Values.olm.service.internalPort }} 76 | - containerPort: 8081 77 | name: metrics 78 | protocol: TCP 79 | livenessProbe: 80 | httpGet: 81 | path: /healthz 82 | port: {{ .Values.olm.service.internalPort }} 83 | readinessProbe: 84 | httpGet: 85 | path: /healthz 86 | port: {{ .Values.olm.service.internalPort }} 87 | terminationMessagePolicy: FallbackToLogsOnError 88 | env: 89 | - name: OPERATOR_NAMESPACE 90 | valueFrom: 91 | fieldRef: 92 | fieldPath: metadata.namespace 93 | - name: OPERATOR_NAME 94 | value: olm-operator 95 | {{- if .Values.olm.resources }} 96 | resources: 97 | {{ toYaml .Values.olm.resources | indent 12 }} 98 | {{- end}} 99 | {{- if .Values.olm.nodeSelector }} 100 | nodeSelector: 101 | {{ toYaml .Values.olm.nodeSelector | indent 8 }} 102 | {{- end }} 103 | {{- if .Values.olm.tolerations }} 104 | tolerations: 105 | {{ toYaml .Values.olm.tolerations | indent 6 }} 106 | {{- end }} 107 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [0.11.1](https://github.com/streamnative/terraform-helm-charts/compare/v0.11.0...v0.11.1) (2024-09-12) 4 | 5 | 6 | ### Bug Fixes 7 | 8 | * Remove duplicated AuthorizationPolicy ([#75](https://github.com/streamnative/terraform-helm-charts/issues/75)) ([587c786](https://github.com/streamnative/terraform-helm-charts/commit/587c786fdb12780d57a9061bb708ebfbe20cab5b)) 9 | 10 | ## [0.11.0](https://github.com/streamnative/terraform-helm-charts/compare/v0.10.0...v0.11.0) (2024-05-30) 11 | 12 | 13 | ### Features 14 | 15 | * Add istio configuration for sn-operator ([#72](https://github.com/streamnative/terraform-helm-charts/issues/72)) ([a8bf092](https://github.com/streamnative/terraform-helm-charts/commit/a8bf092a77f495ce07c061d68dd71a371a622c0f)) 16 | * support sn-operator-all deploy ([#73](https://github.com/streamnative/terraform-helm-charts/issues/73)) ([9901a65](https://github.com/streamnative/terraform-helm-charts/commit/9901a657c0b49f8076191be773450b82053523c2)) 17 | 18 | 19 | ### Bug Fixes 20 | 21 | * Disable flink operators by default ([#71](https://github.com/streamnative/terraform-helm-charts/issues/71)) ([61d23f5](https://github.com/streamnative/terraform-helm-charts/commit/61d23f5d411dbfd50b11d2b6366ac7d0b93fef00)) 22 | 23 | ## [0.10.0](https://github.com/streamnative/terraform-helm-charts/compare/v0.9.1...v0.10.0) (2023-11-07) 24 | 25 | 26 | ### Features 27 | 28 | * Support specify commonName in mesh cert ([#69](https://github.com/streamnative/terraform-helm-charts/issues/69)) ([9de9835](https://github.com/streamnative/terraform-helm-charts/commit/9de98350b48a0ae642429be922581f4d2671762b)) 29 | 30 | ## [0.9.1](https://github.com/streamnative/terraform-helm-charts/compare/v0.9.0...v0.9.1) (2023-10-19) 31 | 32 | 33 | ### Bug Fixes 34 | 35 | * elastic cloud eck default channel ([#67](https://github.com/streamnative/terraform-helm-charts/issues/67)) ([ad05049](https://github.com/streamnative/terraform-helm-charts/commit/ad05049721e272d4014913cd8a534261782b8555)) 36 | 37 | ## [0.9.0](https://github.com/streamnative/terraform-helm-charts/compare/v0.8.6...v0.9.0) (2023-10-17) 38 | 39 | 40 | ### Features 41 | 42 | * Add eck olm-subscription ([#66](https://github.com/streamnative/terraform-helm-charts/issues/66)) ([0a5dfff](https://github.com/streamnative/terraform-helm-charts/commit/0a5dfff3eafda1b058c651485060d850d7ca0c3d)) 43 | 44 | 45 | ### Bug Fixes 46 | 47 | * wrong words ([#64](https://github.com/streamnative/terraform-helm-charts/issues/64)) ([73acc1b](https://github.com/streamnative/terraform-helm-charts/commit/73acc1b6f10d63b69ba84a369e81a38504ab7359)) 48 | 49 | ## [0.8.6](https://github.com/streamnative/terraform-helm-charts/compare/v0.8.5...v0.8.6) (2023-08-24) 50 | 51 | 52 | ### Bug Fixes 53 | 54 | * copyright in license header ([#53](https://github.com/streamnative/terraform-helm-charts/issues/53)) ([9fbd40f](https://github.com/streamnative/terraform-helm-charts/commit/9fbd40f31a2901b451a25a13be55469b0939854d)) 55 | * line break ([#54](https://github.com/streamnative/terraform-helm-charts/issues/54)) ([1fbfe10](https://github.com/streamnative/terraform-helm-charts/commit/1fbfe10e658cd93f9b6d4ad978acdf558a340f42)) 56 | * set versions range rather than exact ([#52](https://github.com/streamnative/terraform-helm-charts/issues/52)) ([2c37284](https://github.com/streamnative/terraform-helm-charts/commit/2c37284e054fdeebdd2fbfb183361279d27c93aa)) 57 | * tftpl file path ([#57](https://github.com/streamnative/terraform-helm-charts/issues/57)) ([2dfb807](https://github.com/streamnative/terraform-helm-charts/commit/2dfb807e16f70fa80cfb672074f7f8a145eeb8c3)) 58 | * update istio values tftpl file ([#56](https://github.com/streamnative/terraform-helm-charts/issues/56)) ([269dd96](https://github.com/streamnative/terraform-helm-charts/commit/269dd9644421c24468a3cf82168346b8c97875ce)) 59 | * wrong words ([#63](https://github.com/streamnative/terraform-helm-charts/issues/63)) ([1458462](https://github.com/streamnative/terraform-helm-charts/commit/14584620c36d0b67122d544e56bbbe2b3408fb3e)) 60 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | variable "atomic" { 18 | default = null 19 | description = "Purge the chart on a failed installation." 20 | } 21 | 22 | variable "chart_name" { 23 | default = null 24 | description = "The name of the chart to install." 25 | type = string 26 | } 27 | 28 | variable "chart_repository" { 29 | default = null 30 | description = "The repository to install the chart from." 31 | type = string 32 | } 33 | 34 | variable "chart_version" { 35 | default = null 36 | description = "The version of the chart to install." 37 | type = string 38 | } 39 | 40 | variable "cleanup_on_fail" { 41 | default = null 42 | description = "Allow deletion of new resources created in this upgrade when upgrade fails." 43 | type = bool 44 | } 45 | 46 | variable "install_namespace" { 47 | default = null 48 | description = "The namespace used for installing the operators managed by OLM." 49 | type = string 50 | } 51 | 52 | variable "olm_namespace" { 53 | default = "olm" 54 | description = "The namespace used by OLM and its resources." 55 | type = string 56 | } 57 | 58 | variable "settings" { 59 | default = null 60 | description = "Additional settings which will be passed to the Helm chart values." 61 | type = map(any) 62 | } 63 | 64 | variable "registry" { 65 | default = null 66 | description = "The registry containing StreamNative's operator catalog images. This is required." 67 | type = string 68 | } 69 | 70 | variable "channel" { 71 | default = null 72 | description = "The channel to subscribe to. This is required." 73 | type = string 74 | } 75 | 76 | variable "enable_istio" { 77 | default = null 78 | description = "Enable Istio support. Assumes that the Istio CRDs are available." 79 | type = bool 80 | } 81 | 82 | variable "istio_system_namespace" { 83 | default = null 84 | description = "The namespace for Istio authorization policies. Set to the Istio root namespace for cluster-wide policies." 85 | type = string 86 | } 87 | 88 | variable "release_name" { 89 | default = null 90 | description = "The name of the helm release." 91 | type = string 92 | } 93 | 94 | variable "timeout" { 95 | default = null 96 | description = "Time in seconds to wait for any individual kubernetes operation." 97 | type = number 98 | } 99 | 100 | variable "values" { 101 | default = null 102 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 103 | } 104 | 105 | variable "subscription_cpu_requests" { 106 | default = null 107 | description = "The cpu requests of subscription." 108 | type = string 109 | } 110 | 111 | variable "subscription_mem_requests" { 112 | default = null 113 | description = "The mem requests of subscription." 114 | type = string 115 | } 116 | 117 | variable "subscription_cpu_limits" { 118 | default = null 119 | description = "The cpu limits of subscription." 120 | type = string 121 | } 122 | 123 | variable "subscription_mem_limits" { 124 | default = null 125 | description = "The mem limits of subscription." 126 | type = string 127 | } -------------------------------------------------------------------------------- /modules/otel-collector/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Defaults are configured in the locals block of this module's main.tf file." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails. Defaults are configured in the locals block of this module's main.tf file." 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults are configured in the locals block of this module's main.tf file." 57 | type = bool 58 | } 59 | 60 | variable "image_version" { 61 | default = null 62 | description = "The image tag of the OpenTelemetry Collector to be used by the Helm install. Defaults are configured in the locals block of this module's main.tf file." 63 | type = string 64 | } 65 | 66 | variable "namespace" { 67 | default = null 68 | description = "The namespace used for the operator deployment. Defaults are configured in the locals block of this module's main.tf file." 69 | type = string 70 | } 71 | 72 | variable "release_name" { 73 | default = null 74 | description = "The name of the helm release. Defaults are configured in the locals block of this module's main.tf file." 75 | type = string 76 | } 77 | 78 | variable "settings" { 79 | default = null 80 | description = "Additional settings which will be passed to the Helm chart values. Defaults are configured in the locals block of this module's main.tf file." 81 | type = map(any) 82 | } 83 | 84 | variable "timeout" { 85 | default = null 86 | description = "Time in seconds to wait for any individual kubernetes operation. Defaults are configured in the locals block of this module's main.tf file." 87 | type = number 88 | } 89 | 90 | variable "values" { 91 | default = null 92 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`. Defaults are configured in the locals block of this module's main.tf file." 93 | } 94 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the chart to install." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install. Defaults to the chart local to this module." 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the chart to install." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails" 51 | type = bool 52 | } 53 | 54 | variable "create_install_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment." 57 | type = bool 58 | } 59 | 60 | variable "create_olm_namespace" { 61 | default = null 62 | description = "Whether or not to create the namespace used for OLM and its resources." 63 | type = bool 64 | } 65 | 66 | variable "install_namespace" { 67 | default = null 68 | description = "The namespace where OLM will install the operators." 69 | type = string 70 | } 71 | 72 | variable "olm_namespace" { 73 | default = null 74 | description = "The namespace used by OLM and its resources" 75 | type = string 76 | } 77 | 78 | variable "release_name" { 79 | default = null 80 | description = "The name of the helm release" 81 | type = string 82 | } 83 | 84 | variable "settings" { 85 | default = null 86 | description = "Additional settings which will be passed to the Helm chart values" 87 | type = map(any) 88 | } 89 | 90 | variable "timeout" { 91 | default = null 92 | description = "Time in seconds to wait for any individual kubernetes operation" 93 | type = number 94 | } 95 | 96 | variable "values" { 97 | default = null 98 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 99 | } 100 | 101 | 102 | variable "image_registry" { 103 | default = null 104 | description = "The registry name of olm image" 105 | type = string 106 | } 107 | 108 | variable "image_repository" { 109 | default = null 110 | description = "The repository name of olm image" 111 | type = string 112 | } 113 | 114 | variable "image_name" { 115 | default = null 116 | description = "The repository olm image name" 117 | type = string 118 | } 119 | 120 | variable "image_tag" { 121 | default = null 122 | description = "The tag name of olm image" 123 | type = string 124 | } -------------------------------------------------------------------------------- /modules/victoria-metrics-agent/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 31 | create_namespace = var.create_namespace != null ? var.create_namespace : true 32 | chart_name = var.chart_name != null ? var.chart_name : "victoria-metrics-agent" 33 | chart_repository = var.chart_repository != null ? var.chart_repository : "https://victoriametrics.github.io/helm-charts/" 34 | chart_version = var.chart_version != null ? var.chart_version : "0.7.42" 35 | namespace = var.namespace != null ? var.namespace : "sn-system" 36 | release_name = var.release_name != null ? var.release_name : "vmagent" 37 | remote_write_urls = var.remote_write_urls != null ? var.remote_write_urls : [] 38 | settings = var.settings != null ? var.settings : {} 39 | timeout = var.timeout != null ? var.timeout : 120 40 | values = var.values != null ? var.values : [] 41 | 42 | basicauth_enabled = var.basicauth_enabled != null ? var.basicauth_enabled : false 43 | basicauth_password = var.basicauth_password != null ? var.basicauth_password : "" 44 | gsa_audience = var.gsa_audience != null ? var.gsa_audience : "" 45 | gtoken_image = var.gtoken_image != null ? var.gtoken_image : "docker.cloudsmith.io/streamnative/cloud-tools/gtoken" 46 | gtoken_image_version = var.gtoken_image_version != null ? var.gtoken_image_version : "v1.10.0" 47 | basicauth_username = var.basicauth_username != null ? var.basicauth_username : "" 48 | oauth2_enabled = var.oauth2_enabled != null ? var.oauth2_enabled : false 49 | oauth2_client_id = var.oauth2_client_id != null ? var.oauth2_client_id : "" 50 | oauth2_client_secret = var.oauth2_client_secret != null ? var.oauth2_client_secret : "" 51 | oauth2_token_url = var.oauth2_token_url != null ? var.oauth2_token_url : "" 52 | pods_scrape_namespaces = var.pods_scrape_namespaces != null ? var.pods_scrape_namespaces : ["sn-system"] 53 | } 54 | 55 | resource "helm_release" "vmagent" { 56 | atomic = local.atomic 57 | chart = local.chart_name 58 | cleanup_on_fail = local.cleanup_on_fail 59 | create_namespace = local.create_namespace 60 | name = local.release_name 61 | namespace = local.namespace 62 | repository = local.chart_repository 63 | timeout = local.timeout 64 | version = local.chart_version 65 | 66 | values = coalescelist(local.values, [templatefile("${path.module}/values.yaml.tftpl", { 67 | basicauth_enabled = local.basicauth_enabled 68 | basicauth_password = base64decode(local.basicauth_password) 69 | basicauth_username = local.basicauth_username 70 | gsa_audience = local.gsa_audience 71 | gtoken_image = local.gtoken_image 72 | gtoken_image_version = local.gtoken_image_version 73 | oauth2_enabled = local.oauth2_enabled 74 | oauth2_client_id = local.oauth2_client_id 75 | oauth2_client_secret = base64decode(local.oauth2_client_secret) 76 | oauth2_token_url = local.oauth2_token_url 77 | pods_scrape_namespaces = local.pods_scrape_namespaces 78 | remote_write_urls = local.remote_write_urls 79 | })]) 80 | 81 | dynamic "set" { 82 | for_each = local.settings 83 | content { 84 | name = set.key 85 | value = set.value 86 | } 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /modules/vector-agent/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | ##### 18 | # Why the weird use of null defaults? This module is a "child" used by the terraform-provider-helm parent module. 19 | # Since we don't want to duplicate default managemant, some hacky use of locals and ternary operators are necessary. 20 | # As such, the defaults are configured in the locals{} block in this module's corresponding main.tf file. 21 | # See this issue for more details https://github.com/hashicorp/terraform/issues/24142 22 | ##### 23 | 24 | variable "atomic" { 25 | default = null 26 | description = "Purge the chart on a failed installation. Default's to \"true\"." 27 | type = bool 28 | } 29 | 30 | variable "chart_name" { 31 | default = null 32 | description = "The name of the Helm chart to install." 33 | type = string 34 | } 35 | 36 | variable "chart_repository" { 37 | default = null 38 | description = "The repository containing the Helm chart to install. See https://github.com/timberio/vector/tree/master/distribution/helm/vector-agent for available configuration options" 39 | type = string 40 | } 41 | 42 | variable "chart_version" { 43 | default = null 44 | description = "The version of the Helm chart to install." 45 | type = string 46 | } 47 | 48 | variable "cleanup_on_fail" { 49 | default = null 50 | description = "Allow deletion of new resources created in this upgrade when upgrade fails." 51 | type = bool 52 | } 53 | 54 | variable "create_namespace" { 55 | default = null 56 | description = "Create a namespace for the deployment. Defaults to \"true\"." 57 | type = bool 58 | } 59 | 60 | variable "namespace" { 61 | default = null 62 | description = "The namespace used for the deployment." 63 | type = string 64 | } 65 | 66 | variable "release_name" { 67 | default = null 68 | description = "The name of the helm release." 69 | type = string 70 | } 71 | 72 | variable "settings" { 73 | default = null 74 | description = "Additional settings which will be passed to the Helm chart values." 75 | type = map(any) 76 | } 77 | 78 | variable "sink_endpoint" { 79 | default = null 80 | description = "The endpoint to which Vector will send logs." 81 | type = string 82 | } 83 | 84 | variable "sink_name" { 85 | default = null 86 | description = "The name of the vector sink." 87 | type = string 88 | } 89 | 90 | variable "sink_oauth_audience" { 91 | default = null 92 | description = "The OAuth audience for the sink authorization config." 93 | type = string 94 | } 95 | 96 | variable "sink_oauth_credentials_url" { 97 | default = null 98 | description = "A base64 encoded string containing the OAuth credentials URL for the sink authorization config." 99 | sensitive = true 100 | type = string 101 | } 102 | 103 | variable "sink_oauth_issuer_url" { 104 | default = null 105 | description = "The OAuth issuer URL for the sink authorization config." 106 | type = string 107 | } 108 | 109 | variable "sink_topic" { 110 | default = null 111 | description = "The topic for the sink to which Vector will send logs." 112 | type = string 113 | } 114 | 115 | variable "timeout" { 116 | default = null 117 | description = "Time in seconds to wait for any individual kubernetes operation." 118 | type = number 119 | } 120 | 121 | variable "values" { 122 | default = null 123 | description = "A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file(\"my/values.yaml\")`." 124 | } 125 | -------------------------------------------------------------------------------- /modules/olm-subscriptions/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | terraform { 18 | required_version = ">=1.0.0" 19 | 20 | required_providers { 21 | helm = { 22 | source = "hashicorp/helm" 23 | version = ">=2.2.0" 24 | } 25 | } 26 | } 27 | 28 | locals { 29 | atomic = var.atomic != null ? var.atomic : true 30 | chart_name = var.chart_name != null ? var.chart_name : "${path.module}/chart" 31 | chart_repository = var.chart_repository != null ? var.chart_repository : null 32 | chart_version = var.chart_version != null ? var.chart_version : null 33 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 34 | install_namespace = var.install_namespace != null ? var.install_namespace : "sn-system" 35 | olm_namespace = var.olm_namespace != null ? var.olm_namespace : "olm" 36 | release_name = var.release_name != null ? var.release_name : "olm-subscriptions" 37 | enable_istio = var.enable_istio != null ? var.enable_istio : false 38 | istio_system_namespace = var.istio_system_namespace != null ? var.istio_system_namespace : "istio-system" 39 | channel = var.channel != null ? var.channel : "stable" 40 | settings = var.settings != null ? var.settings : {} 41 | timeout = var.timeout != null ? var.timeout : 120 42 | values = var.values != null ? var.values : [] 43 | subscription_cpu_requests = var.subscription_cpu_requests != null ? var.subscription_cpu_requests : "20m" 44 | subscription_mem_requests = var.subscription_mem_requests != null ? var.subscription_mem_requests : "16Mi" 45 | subscription_cpu_limits = var.subscription_cpu_limits != null ? var.subscription_cpu_limits : "200m" 46 | subscription_mem_limits = var.subscription_mem_limits != null ? var.subscription_mem_limits : "256Mi" 47 | } 48 | 49 | resource "helm_release" "olm_subscriptions" { 50 | atomic = local.atomic 51 | chart = local.chart_name 52 | cleanup_on_fail = local.cleanup_on_fail 53 | namespace = local.olm_namespace 54 | name = local.release_name 55 | repository = local.chart_repository 56 | timeout = local.timeout 57 | version = local.chart_version 58 | values = local.values 59 | 60 | set { 61 | name = "olm_namespace" 62 | value = local.olm_namespace 63 | type = "string" 64 | } 65 | 66 | set { 67 | name = "install_namespace" 68 | value = local.install_namespace 69 | type = "string" 70 | } 71 | 72 | set { 73 | name = "channel" 74 | value = local.channel 75 | type = "string" 76 | } 77 | 78 | set { 79 | name = "istio.enabled" 80 | value = local.enable_istio 81 | type = "auto" 82 | } 83 | 84 | set { 85 | name = "istio.rootNamespace" 86 | value = local.istio_system_namespace 87 | type = "string" 88 | } 89 | 90 | set { 91 | name = "subscriptionConfig.resources.requests.cpu" 92 | value = local.subscription_cpu_requests 93 | type = "string" 94 | } 95 | 96 | set { 97 | name = "subscriptionConfig.resources.requests.memory" 98 | value = local.subscription_mem_requests 99 | type = "string" 100 | } 101 | 102 | set { 103 | name = "subscriptionConfig.resources.limits.cpu" 104 | value = local.subscription_cpu_limits 105 | type = "string" 106 | } 107 | 108 | set { 109 | name = "subscriptionConfig.resources.limits.memory" 110 | value = local.subscription_mem_limits 111 | type = "string" 112 | } 113 | 114 | dynamic "set" { 115 | for_each = local.settings 116 | content { 117 | name = set.key 118 | value = set.value 119 | } 120 | } 121 | } 122 | -------------------------------------------------------------------------------- /modules/operator-lifecycle-manager/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 StreamNative, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, 10 | # software distributed under the License is distributed on an 11 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 12 | # KIND, either express or implied. See the License for the 13 | # specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | # Note: This module is opinionated about how it manages namespaces, and is specific to the needs of StreamNative. 18 | 19 | terraform { 20 | required_version = ">=1.0.0" 21 | 22 | required_providers { 23 | helm = { 24 | source = "hashicorp/helm" 25 | version = ">=2.2.0" 26 | } 27 | kubernetes = { 28 | source = "hashicorp/kubernetes" 29 | version = ">=2.6.1" 30 | } 31 | } 32 | } 33 | 34 | locals { 35 | atomic = var.atomic != null ? var.atomic : true 36 | chart_name = var.chart_name != null ? var.chart_name : "" 37 | chart_repository = var.chart_repository != null ? var.chart_repository : "${path.module}/chart" 38 | chart_version = var.chart_version != null ? var.chart_version : "" 39 | cleanup_on_fail = var.cleanup_on_fail != null ? var.cleanup_on_fail : true 40 | create_install_namespace = var.create_install_namespace != null ? var.create_install_namespace : true 41 | create_olm_namespace = var.create_olm_namespace != null ? var.create_olm_namespace : true 42 | install_namespace = var.install_namespace != null ? var.install_namespace : "operators" 43 | olm_namespace = var.olm_namespace != null ? var.olm_namespace : "olm" 44 | release_name = var.release_name != null ? var.release_name : "operator-lifecycle-manager" 45 | settings = var.settings != null ? var.settings : {} 46 | timeout = var.timeout != null ? var.timeout : 120 47 | values = var.values != null ? var.values : [] 48 | image_registry = var.image_registry != null ? var.image_registry : "quay.io" 49 | image_repository = var.image_repository != null ? var.image_repository : "operator-framework" 50 | image_name = var.image_name != null ? var.image_name : "olm" 51 | image_tag = var.image_tag != null ? var.image_tag : "v0.20.0" 52 | } 53 | 54 | resource "kubernetes_namespace" "olm_install" { 55 | count = local.create_install_namespace ? 1 : 0 56 | metadata { 57 | name = local.install_namespace 58 | } 59 | 60 | lifecycle { 61 | ignore_changes = [ 62 | metadata[0].labels 63 | ] 64 | } 65 | } 66 | 67 | resource "helm_release" "operator_lifecycle_manager" { 68 | atomic = local.atomic 69 | chart = local.chart_repository 70 | cleanup_on_fail = local.cleanup_on_fail 71 | create_namespace = local.create_olm_namespace 72 | name = local.release_name 73 | namespace = local.olm_namespace 74 | timeout = local.timeout 75 | values = local.values 76 | version = local.chart_version 77 | 78 | set { 79 | name = "namespace" 80 | value = local.olm_namespace 81 | type = "string" 82 | } 83 | 84 | set { 85 | name = "catalog_namespace" 86 | value = local.olm_namespace 87 | type = "string" 88 | } 89 | 90 | set { 91 | name = "operator_namespace" 92 | value = local.create_install_namespace ? kubernetes_namespace.olm_install[0].id : local.install_namespace 93 | type = "string" 94 | } 95 | 96 | set { 97 | name = "image.registry" 98 | value = local.image_registry 99 | type = "string" 100 | } 101 | 102 | set { 103 | name = "image.repository" 104 | value = local.image_repository 105 | type = "string" 106 | } 107 | 108 | set { 109 | name = "image.name" 110 | value = local.image_name 111 | type = "string" 112 | } 113 | set { 114 | name = "image.tag" 115 | value = local.image_tag 116 | type = "string" 117 | } 118 | 119 | 120 | dynamic "set" { 121 | for_each = local.settings 122 | content { 123 | name = set.key 124 | value = set.value 125 | } 126 | } 127 | } 128 | -------------------------------------------------------------------------------- /modules/otel-collector/README.md: -------------------------------------------------------------------------------- 1 | 16 | 17 | # otel-collector 18 | This module manages the helm installation of the OpenTelemetry Collector. 19 | 20 | While this pattern has [some limitations](https://github.com/hashicorp/terraform/issues/24142#issuecomment-938106778), it is a sufficient workaround for our (opinionated) needs in these modules. 21 | 22 | ## Requirements 23 | 24 | | Name | Version | 25 | |------|---------| 26 | | [terraform](#requirement\_terraform) | >=1.0.0 | 27 | | [helm](#requirement\_helm) | >=2.2.0 | 28 | 29 | ## Providers 30 | 31 | | Name | Version | 32 | |------|---------| 33 | | [helm](#provider\_helm) | >=2.2.0 | 34 | 35 | ## Modules 36 | 37 | No modules. 38 | 39 | ## Resources 40 | 41 | | Name | Type | 42 | |------|------| 43 | | [helm_release.helm_chart](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 44 | 45 | ## Inputs 46 | 47 | | Name | Description | Type | Default | Required | 48 | |------|-------------|------|---------|:--------:| 49 | | [atomic](#input\_atomic) | Purge the chart on a failed installation. Defaults are configured in the locals block of this module's main.tf file. | `bool` | `null` | no | 50 | | [chart\_name](#input\_chart\_name) | The name of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 51 | | [chart\_repository](#input\_chart\_repository) | The repository containing the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 52 | | [chart\_version](#input\_chart\_version) | The version of the Helm chart to install. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 53 | | [cleanup\_on\_fail](#input\_cleanup\_on\_fail) | Allow deletion of new resources created in this upgrade when upgrade fails. Defaults are configured in the locals block of this module's main.tf file. | `bool` | `null` | no | 54 | | [create\_namespace](#input\_create\_namespace) | Create a namespace for the deployment. Defaults are configured in the locals block of this module's main.tf file. | `bool` | `null` | no | 55 | | [image\_version](#input\_image\_version) | The image tag of the OpenTelemetry Collector to be used by the Helm install. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 56 | | [namespace](#input\_namespace) | The namespace used for the operator deployment. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 57 | | [release\_name](#input\_release\_name) | The name of the helm release. Defaults are configured in the locals block of this module's main.tf file. | `string` | `null` | no | 58 | | [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values. Defaults are configured in the locals block of this module's main.tf file. | `map(any)` | `null` | no | 59 | | [timeout](#input\_timeout) | Time in seconds to wait for any individual kubernetes operation. Defaults are configured in the locals block of this module's main.tf file. | `number` | `null` | no | 60 | | [values](#input\_values) | A list of values in raw YAML to be applied to the helm release. Merges with the settings input, can also be used with the `file()` function, i.e. `file("my/values.yaml")`. Defaults are configured in the locals block of this module's main.tf file. | `any` | `null` | no | 61 | 62 | ## Outputs 63 | 64 | No outputs. 65 | --------------------------------------------------------------------------------