├── .github ├── ISSUE_TEMPLATE │ ├── broken-link.md │ ├── bug-report.md │ ├── enhancement.md │ └── support.md ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── branch.yml │ ├── dependent-issues.yml │ ├── e2e-full.yml │ ├── e2e.yml │ ├── flake_finder.yml │ ├── linting.yml │ ├── periodic.yml │ ├── release.yml │ └── stale.yml ├── .gitignore ├── .markdownlinkcheck.json ├── .markdownlint.yml ├── .shipyard.e2e.ovn.yml ├── .shipyard.e2e.yml ├── .submarinerbot.yaml ├── .yamllint.yml ├── CODE-OF-CONDUCT.md ├── CODEOWNERS ├── CODEOWNERS.in ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── ct.yaml ├── extract-yamls ├── generate-yamls.sh ├── submariner-k8s-broker ├── .helmignore ├── Chart.yaml ├── README.md ├── app-readme.md ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── rbac.yaml │ └── svc-acct.yaml └── values.yaml └── submariner-operator ├── .helmignore ├── Chart.yaml ├── README.md ├── app-readme.md ├── templates ├── NOTES.txt ├── _helpers.tpl ├── operator-deployment.yaml └── submariner.yaml └── values.yaml /.github/ISSUE_TEMPLATE/broken-link.md: -------------------------------------------------------------------------------- 1 | Periodic link aliveness CI detected a broken link. Please see the [periodic job 2 | results](https://github.com/submariner-io/submariner-charts/actions?query=workflow%3APeriodic) for details. 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Report a bug in Helm Charts 4 | labels: bug 5 | 6 | --- 7 | 8 | 15 | 16 | 17 | **What happened**: 18 | 19 | **What you expected to happen**: 20 | 21 | **How to reproduce it (as minimally and precisely as possible)**: 22 | 23 | **Anything else we need to know?**: 24 | 25 | **Environment**: 26 | - Diagnose information (use `subctl diagnose all`): 27 | - Gather information (use `subctl gather`): 28 | - Cloud provider or hardware configuration: 29 | - Install tools: 30 | - Network plugin and version (if this is a network-related bug): 31 | - Others: 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Enhancement Request 3 | about: Suggest an enhancement to the Helm Charts project 4 | labels: enhancement 5 | 6 | --- 7 | 8 | 9 | **What would you like to be added**: 10 | 11 | **Why is this needed**: 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/support.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Support Request 3 | about: Support request or question relating to Helm Charts 4 | labels: support 5 | 6 | --- 7 | 8 | 19 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 14 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2 3 | updates: 4 | - package-ecosystem: github-actions 5 | directory: '/' 6 | schedule: 7 | interval: monthly 8 | groups: 9 | github-actions: 10 | patterns: 11 | - "*" 12 | - package-ecosystem: github-actions 13 | directory: '/' 14 | target-branch: "release-0.16" 15 | schedule: 16 | interval: monthly 17 | groups: 18 | github-actions: 19 | patterns: 20 | - "*" 21 | - package-ecosystem: github-actions 22 | directory: '/' 23 | target-branch: "release-0.17" 24 | schedule: 25 | interval: monthly 26 | groups: 27 | github-actions: 28 | patterns: 29 | - "*" 30 | - package-ecosystem: github-actions 31 | directory: '/' 32 | target-branch: "release-0.18" 33 | schedule: 34 | interval: monthly 35 | groups: 36 | github-actions: 37 | patterns: 38 | - "*" 39 | - package-ecosystem: github-actions 40 | directory: '/' 41 | target-branch: "release-0.19" 42 | schedule: 43 | interval: monthly 44 | groups: 45 | github-actions: 46 | patterns: 47 | - "*" 48 | - package-ecosystem: github-actions 49 | directory: '/' 50 | target-branch: "release-0.20" 51 | schedule: 52 | interval: monthly 53 | groups: 54 | github-actions: 55 | patterns: 56 | - "*" 57 | -------------------------------------------------------------------------------- /.github/workflows/branch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Branch Checks 3 | 4 | on: 5 | pull_request: 6 | 7 | permissions: {} 8 | 9 | jobs: 10 | target_branch: 11 | name: PR targets branch 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Check that the PR targets devel 15 | if: ${{ github.base_ref != 'devel' }} 16 | run: exit 1 17 | -------------------------------------------------------------------------------- /.github/workflows/dependent-issues.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: PR Dependencies 3 | 4 | on: 5 | issues: 6 | types: 7 | - opened 8 | - edited 9 | - closed 10 | - reopened 11 | - synchronize 12 | pull_request_target: 13 | types: 14 | - opened 15 | - edited 16 | - closed 17 | - reopened 18 | - synchronize 19 | schedule: 20 | - cron: '0 0/6 * * *' # every 6 hours 21 | 22 | permissions: 23 | issues: write 24 | pull-requests: write 25 | statuses: write 26 | 27 | jobs: 28 | check: 29 | name: Check Dependencies 30 | if: github.repository_owner == 'submariner-io' 31 | runs-on: ubuntu-latest 32 | steps: 33 | - uses: z0al/dependent-issues@950226e7ca8fc43dc209a7febf67c655af3bdb43 34 | env: 35 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 36 | with: 37 | # The label to use to mark dependent issues 38 | label: dependent 39 | 40 | # Enable checking for dependencies in issues. 41 | check_issues: on 42 | 43 | # A comma-separated list of keywords to mark dependency. 44 | keywords: depends on, Depends on 45 | -------------------------------------------------------------------------------- /.github/workflows/e2e-full.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: End to End Full 3 | 4 | on: 5 | pull_request: 6 | types: [labeled, opened, synchronize, reopened] 7 | 8 | permissions: {} 9 | 10 | jobs: 11 | e2e: 12 | name: E2E 13 | if: contains(github.event.pull_request.labels.*.name, 'ready-to-test') 14 | timeout-minutes: 45 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | cable_driver: ['libreswan', 'wireguard', 'vxlan'] 20 | globalnet: ['', 'globalnet'] 21 | # Run most tests against the latest K8s version 22 | k8s_version: ['1.32'] 23 | lighthouse: ['', 'lighthouse'] 24 | include: 25 | # Bottom of supported K8s version range 26 | - k8s_version: '1.29' 27 | steps: 28 | - name: Check out the repository 29 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 30 | 31 | - name: Run E2E deployment and tests 32 | uses: submariner-io/shipyard/gh-actions/e2e@devel 33 | with: 34 | k8s_version: ${{ matrix.k8s_version }} 35 | using: ${{ matrix.cable_driver }} ${{ matrix.globalnet }} ${{ matrix.lighthouse }} 36 | 37 | - name: Post mortem 38 | if: failure() 39 | uses: submariner-io/shipyard/gh-actions/post-mortem@devel 40 | -------------------------------------------------------------------------------- /.github/workflows/e2e.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: End to End Default 3 | 4 | on: 5 | pull_request: 6 | 7 | permissions: {} 8 | 9 | jobs: 10 | e2e: 11 | name: E2E 12 | timeout-minutes: 30 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Check out the repository 16 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 17 | 18 | - name: Run E2E deployment and tests 19 | uses: submariner-io/shipyard/gh-actions/e2e@devel 20 | 21 | - name: Post mortem 22 | if: failure() 23 | uses: submariner-io/shipyard/gh-actions/post-mortem@devel 24 | -------------------------------------------------------------------------------- /.github/workflows/flake_finder.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Flake Finder 3 | 4 | on: 5 | schedule: 6 | - cron: "0 0 * * *" 7 | 8 | permissions: {} 9 | 10 | jobs: 11 | e2e: 12 | name: E2E 13 | if: github.repository_owner == 'submariner-io' 14 | timeout-minutes: 30 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | cable_driver: ['libreswan', 'wireguard', 'vxlan'] 20 | globalnet: ['', 'globalnet'] 21 | lighthouse: ['', 'lighthouse'] 22 | steps: 23 | - name: Check out the repository 24 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 25 | 26 | - name: Run E2E deployment and tests 27 | uses: submariner-io/shipyard/gh-actions/e2e@devel 28 | with: 29 | using: ${{ matrix.cable_driver }} ${{ matrix.globalnet }} ${{ matrix.lighthouse }} 30 | 31 | - name: Post mortem 32 | if: failure() 33 | uses: submariner-io/shipyard/gh-actions/post-mortem@devel 34 | -------------------------------------------------------------------------------- /.github/workflows/linting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Linting 3 | 4 | on: 5 | pull_request: 6 | 7 | permissions: {} 8 | 9 | jobs: 10 | apply-suggestions-commits: 11 | name: 'No "Apply suggestions from code review" Commits' 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Get PR commits 15 | id: 'get-pr-commits' 16 | uses: tim-actions/get-pr-commits@198af03565609bb4ed924d1260247b4881f09e7d 17 | with: 18 | token: ${{ secrets.GITHUB_TOKEN }} 19 | 20 | - name: 'Verify no "Apply suggestions from code review" commits' 21 | uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 22 | with: 23 | commits: ${{ steps.get-pr-commits.outputs.commits }} 24 | pattern: '^(?!.*(apply suggestions from code review))' 25 | flags: 'i' 26 | error: 'Commits addressing code review feedback should typically be squashed into the commits under review' 27 | 28 | - name: 'Verify no "fixup!" commits' 29 | uses: tim-actions/commit-message-checker-with-regex@094fc16ff83d04e2ec73edb5eaf6aa267db33791 30 | with: 31 | commits: ${{ steps.get-pr-commits.outputs.commits }} 32 | pattern: '^(?!fixup!)' 33 | flags: 'i' 34 | error: 'Fixup commits should be squashed into the commits under review' 35 | 36 | chart-testing: 37 | name: Helm Chart Linting 38 | runs-on: ubuntu-latest 39 | steps: 40 | - name: Check out the repository 41 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 42 | 43 | - name: Set up Helm 44 | uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 45 | with: 46 | version: v3.6.0 47 | 48 | - name: Set up Python 49 | uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 50 | with: 51 | python-version: '3.x' 52 | 53 | - name: Set up helm/chart-testing 54 | uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b 55 | 56 | - name: Set up local helm repo 57 | run: make local-helm-repo 58 | 59 | - name: Run helm/chart-testing (lint) 60 | run: ct lint --config ct.yaml 61 | 62 | gitlint: 63 | name: Commit Message(s) 64 | runs-on: ubuntu-latest 65 | steps: 66 | - name: Check out the repository 67 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 68 | with: 69 | fetch-depth: 0 70 | - name: Run gitlint 71 | run: make gitlint 72 | 73 | helm-docs: 74 | name: Helm Docs Generation 75 | runs-on: ubuntu-latest 76 | steps: 77 | - name: Check out the repository 78 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 79 | 80 | - name: Run helm-docs and verify docs are up-to-date 81 | run: make helm-docs 82 | 83 | markdown-link-check: 84 | name: Markdown Links (modified files) 85 | runs-on: ubuntu-latest 86 | steps: 87 | - name: Check out the repository 88 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 89 | 90 | - name: Run markdown-link-check 91 | uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 92 | with: 93 | config-file: ".markdownlinkcheck.json" 94 | check-modified-files-only: "yes" 95 | base-branch: ${{ github.base_ref }} 96 | 97 | markdownlint: 98 | name: Markdown 99 | runs-on: ubuntu-latest 100 | steps: 101 | - name: Check out the repository 102 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 103 | - name: Run markdownlint 104 | run: make markdownlint 105 | 106 | yaml-lint: 107 | name: YAML 108 | runs-on: ubuntu-latest 109 | steps: 110 | - name: Check out the repository 111 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 112 | - name: Run yamllint 113 | run: make yamllint 114 | -------------------------------------------------------------------------------- /.github/workflows/periodic.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Periodic 3 | 4 | on: 5 | schedule: 6 | - cron: "0 0 * * 0" 7 | 8 | permissions: {} 9 | 10 | jobs: 11 | markdown-link-check-periodic: 12 | name: Markdown Links (all files) 13 | if: github.repository_owner == 'submariner-io' 14 | runs-on: ubuntu-latest 15 | permissions: 16 | issues: write 17 | steps: 18 | - name: Check out the repository 19 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 20 | 21 | - name: Run markdown-link-check 22 | uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 23 | with: 24 | config-file: ".markdownlinkcheck.json" 25 | 26 | - name: Raise an Issue to report broken links 27 | if: ${{ failure() }} 28 | uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd 29 | with: 30 | title: Broken link detected by CI 31 | content-filepath: .github/ISSUE_TEMPLATE/broken-link.md 32 | labels: automated, broken link 33 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release Charts 3 | 4 | on: 5 | push: 6 | branches: 7 | - devel 8 | 9 | permissions: 10 | contents: write 11 | 12 | jobs: 13 | release: 14 | name: Release 15 | if: github.repository_owner == 'submariner-io' 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 20 | with: 21 | fetch-depth: 0 22 | 23 | - name: Configure Git 24 | run: | 25 | git config user.name "$GITHUB_ACTOR" 26 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 27 | 28 | - name: Update the charts 29 | run: | 30 | make release 31 | 32 | - name: Push the charts 33 | run: | 34 | git add charts/* 35 | git commit -m "Chart update" 36 | git push 37 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Stale 3 | 4 | on: 5 | schedule: 6 | - cron: "0 0 * * *" 7 | 8 | permissions: {} 9 | 10 | jobs: 11 | stale: 12 | name: Close Stale Issues and PRs 13 | if: github.repository_owner == 'submariner-io' 14 | runs-on: ubuntu-latest 15 | permissions: 16 | issues: write 17 | pull-requests: write 18 | steps: 19 | - uses: actions/stale@816d9db1aba399a7f70277f1a2b01a4d21497fdd 20 | with: 21 | days-before-issue-stale: 120 22 | days-before-pr-stale: 14 23 | exempt-issue-labels: 'confirmed,security' 24 | exempt-pr-labels: 'confirmed,security' 25 | stale-issue-label: 'stale' 26 | stale-issue-message: | 27 | This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further 28 | activity occurs. Thank you for your contributions. 29 | stale-pr-label: 'stale' 30 | stale-pr-message: | 31 | This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further 32 | activity occurs. Thank you for your contributions. 33 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .dapper 2 | .idea 3 | .shflags 4 | *.tgz 5 | Makefile.dapper 6 | Makefile.shipyard 7 | Dockerfile.* 8 | helm_repo 9 | yamls 10 | submariner-k8s-broker/crds/crd.yaml 11 | submariner-k8s-broker/templates/_role.tpl 12 | submariner-operator/crds/crd.yaml 13 | submariner-operator/templates/*-rbac.yaml 14 | -------------------------------------------------------------------------------- /.markdownlinkcheck.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignorePatterns": [ 3 | { 4 | "pattern": "^https://docs.github.com" 5 | }, 6 | { 7 | "pattern": "^https://github.com/\\S+/\\S+/(issues|pull)/[0-9]+" 8 | }, 9 | { 10 | "pattern": "^http://localhost:" 11 | }, 12 | { 13 | "pattern": "^https://submariner-io.github.io/submariner-charts/charts" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /.markdownlint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Breaks reusing MD snippets extracted to files 3 | first-line-heading: false 4 | 5 | # Set maximum line Length to 140c to match Go linting 6 | line-length: 7 | line_length: 140 8 | 9 | # Allow HTML span elements to set font sizes 10 | no-inline-html: 11 | allowed_elements: 12 | - span 13 | 14 | # Temporary while helm-docs has a bug where maintainer URLs are used raw in MD 15 | # Waiting on: https://github.com/norwoodj/helm-docs/pull/102 16 | no-bare-urls: false 17 | -------------------------------------------------------------------------------- /.shipyard.e2e.ovn.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cni: ovn 3 | submariner: true 4 | nodes: control-plane 5 | clusters: 6 | cluster1: 7 | cluster2: 8 | -------------------------------------------------------------------------------- /.shipyard.e2e.yml: -------------------------------------------------------------------------------- 1 | --- 2 | submariner: true 3 | nodes: control-plane 4 | clusters: 5 | cluster1: 6 | cluster2: 7 | -------------------------------------------------------------------------------- /.submarinerbot.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | label-approved: 3 | approvals: 2 4 | label: ready-to-test 5 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | line-length: 6 | max: 140 7 | # Allow standard GHA syntax for "on: *" 8 | truthy: 9 | ignore: '.github/workflows/*.yml' 10 | 11 | ignore: | 12 | /submariner-k8s-broker/crds 13 | /submariner-operator/crds 14 | /submariner-k8s-broker/templates 15 | /submariner-operator/templates 16 | -------------------------------------------------------------------------------- /CODE-OF-CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | Please see the [Code of Conduct docs on Submariner's website](https://submariner.io/community/code-of-conduct/). 4 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Auto-generated, do not edit; see CODEOWNERS.in 2 | * @Oats87 @skitt @sridhargaddam @tpantelis @vthapar 3 | *.md @dfarrell07 @Oats87 @skitt @sridhargaddam @tpantelis @vthapar 4 | Makefile @aswinsuryan @dfarrell07 @maayanf24 @Oats87 @skitt @sridhargaddam @tpantelis @vthapar @yboaron 5 | -------------------------------------------------------------------------------- /CODEOWNERS.in: -------------------------------------------------------------------------------- 1 | @aswinsuryan Makefile 2 | @dfarrell07 *.md Makefile 3 | @maayanf24 Makefile 4 | @Oats87 * 5 | @skitt * 6 | @sridhargaddam * 7 | @tpantelis * 8 | @vthapar * 9 | @yboaron Makefile 10 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Please see the [Development docs on Submariner's website](https://submariner.io/development/). 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BASE_BRANCH ?= devel 2 | export BASE_BRANCH 3 | export HELM_REPO_LOCATION=./helm_repo 4 | 5 | ifneq (,$(DAPPER_HOST_ARCH)) 6 | 7 | # Running in Dapper 8 | 9 | include $(SHIPYARD_DIR)/Makefile.inc 10 | 11 | ifneq (,$(filter ovn,$(_using))) 12 | export SETTINGS = $(DAPPER_SOURCE)/.shipyard.e2e.ovn.yml 13 | else 14 | export SETTINGS = $(DAPPER_SOURCE)/.shipyard.e2e.yml 15 | endif 16 | 17 | export DEPLOYTOOL = helm 18 | GH_URL=https://submariner-io.github.io/submariner-charts/charts 19 | CHARTS_DIR=charts 20 | CHARTS_VERSION=0.21.0-m2 21 | HELM_DOCS_VERSION=0.15.0 22 | REPO_URL=$(shell git config remote.origin.url) 23 | 24 | # Targets to make 25 | 26 | CHART_PACKAGES := submariner-k8s-broker-$(CHARTS_VERSION).tgz submariner-operator-$(CHARTS_VERSION).tgz 27 | 28 | local-helm-repo: $(CHART_PACKAGES) 29 | mkdir -p $(HELM_REPO_LOCATION) 30 | for archive in $^; do \ 31 | tar xzf $$archive -C $(HELM_REPO_LOCATION); \ 32 | done 33 | 34 | e2e: local-helm-repo 35 | $(SCRIPTS_DIR)/e2e.sh 36 | 37 | generate-yamls: 38 | ./generate-yamls.sh $(BASE_BRANCH) 39 | 40 | %.tgz: generate-yamls 41 | helm dep update $(subst -$(CHARTS_VERSION),,$(basename $(@F))) 42 | helm package --version $(CHARTS_VERSION) --app-version $(CHARTS_VERSION) $(subst -$(CHARTS_VERSION),,$(basename $(@F))) 43 | 44 | helm-docs: 45 | # Avoid polluting repo with helm-docs' README/LICENSE or other files in the release archive 46 | cd /tmp && \ 47 | curl -sL https://github.com/norwoodj/helm-docs/releases/download/v$(HELM_DOCS_VERSION)/helm-docs_$(HELM_DOCS_VERSION)_Linux_x86_64.tar.gz | tar zx && \ 48 | cd - 49 | /tmp/helm-docs 50 | if [ ! -z $(git status --porcelain) ]; then \ 51 | echo "Helm docs not up-to-date:"; \ 52 | git status --porcelain; \ 53 | git diff; \ 54 | echo "Run make helm-docs locally to generate updated docs, commit the updates."; \ 55 | exit 1; \ 56 | fi 57 | 58 | release: $(CHART_PACKAGES) 59 | git checkout gh-pages 60 | mv *.tgz $(CHARTS_DIR) 61 | if [ -f $(CHARTS_DIR)/index.yaml ]; then \ 62 | helm repo index $(CHARTS_DIR) --url $(GH_URL) --merge $(CHARTS_DIR)/index.yaml; \ 63 | else \ 64 | helm repo index $(CHARTS_DIR) --url $(GH_URL); \ 65 | fi 66 | 67 | .PHONY: release helm-docs 68 | 69 | else 70 | 71 | # Not running in Dapper 72 | 73 | Makefile.dapper: 74 | @echo Downloading $@ 75 | @curl -sfLO https://raw.githubusercontent.com/submariner-io/shipyard/$(BASE_BRANCH)/$@ 76 | 77 | include Makefile.dapper 78 | 79 | endif 80 | 81 | # Disable rebuilding Makefile 82 | Makefile Makefile.inc: ; 83 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # submariner-charts 2 | 3 | 4 | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4865/badge)](https://bestpractices.coreinfrastructure.org/projects/4865) 5 | [![Release Charts](https://github.com/submariner-io/submariner-charts/workflows/Release%20Charts/badge.svg)](https://github.com/submariner-io/submariner-charts/actions?query=workflow%3A%22Release+Charts%22) 6 | [![Periodic](https://github.com/submariner-io/submariner-charts/workflows/Periodic/badge.svg)](https://github.com/submariner-io/submariner-charts/actions?query=workflow%3APeriodic) 7 | [![Flake Finder](https://github.com/submariner-io/submariner-charts/workflows/Flake%20Finder/badge.svg)](https://github.com/submariner-io/submariner-charts/actions?query=workflow%3A%22Flake+Finder%22) 8 | 9 | 10 | Please see the [Helm docs on Submariner's website](https://submariner.io/operations/deployment/helm/). 11 | 12 | ## Development workflow 13 | 14 | ### Prerequisites 15 | 16 | - [Helm] v3 17 | - [Docker] or [Podman] 18 | 19 | ### Create a fork and checkout 20 | 21 | [Create a fork] of the original repository, clone it locally and checkout a new branch from master. 22 | 23 | Example: 24 | 25 | ```bash 26 | git clone https://github.com/myuser/submariner-charts.git 27 | cd submariner-charts 28 | git checkout -b new-feature 29 | ``` 30 | 31 | Now you can modify the Helm charts according to your needs. 32 | 33 | ### Use the modified charts 34 | 35 | Locally-modified charts can be installed using `helm install`, 36 | referring to the local path; for example: 37 | 38 | ```bash 39 | helm install submariner-k8s-broker ./submariner-k8s-broker ... 40 | ``` 41 | 42 | In the base directory of this repository, a local deployment using the 43 | local charts can be obtained by running the following command: 44 | 45 | ```bash 46 | make deploy 47 | ``` 48 | 49 | This will start two kind clusters and deploy Submariner using the 50 | Broker and Operator charts. 51 | 52 | ```bash 53 | make e2e 54 | ``` 55 | 56 | will run the end-to-end test suite used to validate that Submariner is 57 | working correctly. 58 | 59 | 60 | [Helm]: https://helm.sh/docs/using_helm/#installing-helm 61 | [Docker]: https://docs.docker.com/install/ 62 | [Podman]: https://podman.io/getting-started/installation 63 | [Create a fork]: https://docs.github.com/en/get-started/quickstart/fork-a-repo 64 | -------------------------------------------------------------------------------- /ct.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | charts: 3 | - ./helm_repo/submariner-operator 4 | - ./helm_repo/submariner-k8s-broker 5 | # Tests that maintainer name is valid GitHub account, which isn't what we want 6 | # See: https://github.com/helm/chart-testing/issues/192 7 | validate-maintainers: false 8 | -------------------------------------------------------------------------------- /extract-yamls: -------------------------------------------------------------------------------- 1 | #!/usr/bin/awk -f 2 | 3 | # Start of a file entry 4 | /= `/ { 5 | outfile = gensub("_yaml$", ".yaml", "1", $1) 6 | print "Writing " outfile 7 | firstline = substr($0, index($0, "`") + 1) 8 | if (firstline !~ "^---") 9 | firstline = "---\n"firstline 10 | print firstline > outfile 11 | next 12 | } 13 | 14 | /^`$/ { 15 | outfile = "" 16 | next 17 | } 18 | 19 | outfile != "" { 20 | print >> outfile 21 | } 22 | -------------------------------------------------------------------------------- /generate-yamls.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | BROKER_ROLE_TPL=submariner-k8s-broker/templates/_role.tpl 6 | OPERATOR_RBAC_YAML=submariner-operator/templates/operator-rbac.yaml 7 | GATEWAY_RBAC_YAML=submariner-operator/templates/gateway-rbac.yaml 8 | ROUTE_AGENT_RBAC_YAML=submariner-operator/templates/routeagent-rbac.yaml 9 | GLOBALNET_RBAC_YAML=submariner-operator/templates/globalnet-rbac.yaml 10 | SERVICE_DISC_RBAC_YAML=submariner-operator/templates/service-discovery-rbac.yaml 11 | OPENSHIFT_MONITORING_YAML=submariner-operator/templates/openshift-monitoring-rbac.yaml 12 | 13 | function add_service_acct_ns() { 14 | sed -i '/- kind: ServiceAccount/a \ \ \ \ namespace: {{ .Release.Namespace }}' $1 15 | } 16 | 17 | mkdir -p yamls 18 | cd yamls 19 | curl -L https://raw.githubusercontent.com/submariner-io/submariner-operator/refs/heads/$1/pkg/embeddedyamls/yamls.go | ../extract-yamls 20 | cd - 21 | 22 | # Generate the CRDs for the broker chart 23 | mkdir -p submariner-k8s-broker/crds 24 | cat yamls/Deploy_submariner_crds_submariner_io_endpoints.yaml \ 25 | yamls/Deploy_submariner_crds_submariner_io_clusters.yaml \ 26 | yamls/Deploy_submariner_crds_submariner_io_gateways.yaml \ 27 | yamls/Deploy_mcsapi_crds_multicluster_x_k8s_io_serviceexports.yaml \ 28 | yamls/Deploy_mcsapi_crds_multicluster_x_k8s_io_serviceimports.yaml > submariner-k8s-broker/crds/crd.yaml 29 | 30 | # Generate the client role yaml for the broker chart 31 | echo '{{- define "broker-role" -}}' > ${BROKER_ROLE_TPL} 32 | cat yamls/Config_broker_broker_client_role.yaml >> ${BROKER_ROLE_TPL} 33 | echo '{{- end -}}' >> ${BROKER_ROLE_TPL} 34 | sed -i -e 's/name:.*/name: {{ template "submariner-k8s-broker.fullname" \. }}-cluster/' ${BROKER_ROLE_TPL} 35 | 36 | # Generate the CRDs for the operator chart 37 | mkdir -p submariner-operator/crds 38 | cat yamls/Deploy_crds_submariner_io_submariners.yaml \ 39 | yamls/Deploy_crds_submariner_io_servicediscoveries.yaml \ 40 | yamls/Deploy_crds_submariner_io_brokers.yaml > submariner-operator/crds/crd.yaml 41 | 42 | # Generate the operator RBAC yaml for the operator chart 43 | add_service_acct_ns yamls/Config_rbac_submariner_operator_cluster_role_binding.yaml 44 | cat yamls/Config_rbac_submariner_operator_service_account.yaml \ 45 | yamls/Config_rbac_submariner_operator_role.yaml \ 46 | yamls/Config_rbac_submariner_operator_role_binding.yaml \ 47 | yamls/Config_rbac_submariner_operator_cluster_role.yaml \ 48 | yamls/Config_rbac_submariner_operator_cluster_role_binding.yaml > ${OPERATOR_RBAC_YAML} 49 | 50 | # Generate the gateway RBAC yaml for the operator chart 51 | add_service_acct_ns yamls/Config_rbac_submariner_gateway_cluster_role_binding.yaml 52 | cat yamls/Config_rbac_submariner_gateway_service_account.yaml \ 53 | yamls/Config_rbac_submariner_gateway_role.yaml \ 54 | yamls/Config_rbac_submariner_gateway_role_binding.yaml \ 55 | yamls/Config_rbac_submariner_gateway_cluster_role.yaml \ 56 | yamls/Config_rbac_submariner_gateway_cluster_role_binding.yaml > ${GATEWAY_RBAC_YAML} 57 | 58 | # Generate the routeagent RBAC yaml for the operator chart 59 | add_service_acct_ns yamls/Config_rbac_submariner_route_agent_cluster_role_binding.yaml 60 | cat yamls/Config_rbac_submariner_route_agent_service_account.yaml \ 61 | yamls/Config_rbac_submariner_route_agent_role.yaml \ 62 | yamls/Config_rbac_submariner_route_agent_role_binding.yaml \ 63 | yamls/Config_rbac_submariner_route_agent_cluster_role.yaml \ 64 | yamls/Config_rbac_submariner_route_agent_cluster_role_binding.yaml > ${ROUTE_AGENT_RBAC_YAML} 65 | 66 | # Generate the globalnet RBAC yaml for the operator chart 67 | echo '{{- if .Values.broker.globalnet }}' > ${GLOBALNET_RBAC_YAML} 68 | add_service_acct_ns yamls/Config_rbac_submariner_globalnet_cluster_role_binding.yaml 69 | cat yamls/Config_rbac_submariner_globalnet_service_account.yaml \ 70 | yamls/Config_rbac_submariner_globalnet_role.yaml \ 71 | yamls/Config_rbac_submariner_globalnet_role_binding.yaml \ 72 | yamls/Config_rbac_submariner_globalnet_cluster_role.yaml \ 73 | yamls/Config_rbac_submariner_globalnet_cluster_role_binding.yaml >> ${GLOBALNET_RBAC_YAML} 74 | echo '{{- end -}}' >> ${GLOBALNET_RBAC_YAML} 75 | 76 | # Generate the service discovery RBAC yaml for the operator chart 77 | echo '{{- if .Values.submariner.serviceDiscovery }}' > ${SERVICE_DISC_RBAC_YAML} 78 | add_service_acct_ns yamls/Config_rbac_lighthouse_agent_cluster_role_binding.yaml 79 | add_service_acct_ns yamls/Config_rbac_lighthouse_coredns_cluster_role_binding.yaml 80 | cat yamls/Config_rbac_lighthouse_agent_service_account.yaml \ 81 | yamls/Config_rbac_lighthouse_agent_cluster_role.yaml \ 82 | yamls/Config_rbac_lighthouse_agent_cluster_role_binding.yaml \ 83 | yamls/Config_rbac_lighthouse_coredns_service_account.yaml \ 84 | yamls/Config_rbac_lighthouse_coredns_cluster_role.yaml \ 85 | yamls/Config_rbac_lighthouse_coredns_cluster_role_binding.yaml >> ${SERVICE_DISC_RBAC_YAML} 86 | echo '{{- end -}}' >> ${SERVICE_DISC_RBAC_YAML} 87 | 88 | # Generate the openshift monitoring rbac yaml for the operator chart 89 | cat yamls/Config_openshift_rbac_submariner_metrics_reader_role.yaml \ 90 | yamls/Config_openshift_rbac_submariner_metrics_reader_role_binding.yaml > ${OPENSHIFT_MONITORING_YAML} 91 | -------------------------------------------------------------------------------- /submariner-k8s-broker/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /submariner-k8s-broker/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: submariner-k8s-broker 3 | version: 0.0.0 4 | apiVersion: v2 5 | description: Submariner Kubernetes Broker 6 | keywords: 7 | home: https://submariner-io.github.io/ 8 | sources: 9 | - https://submariner-io.github.io/submariner-charts/charts 10 | maintainers: 11 | - name: Contributors to the Submariner project 12 | email: submariner-dev@googlegroups.com 13 | url: https://submariner.io/ 14 | -------------------------------------------------------------------------------- /submariner-k8s-broker/README.md: -------------------------------------------------------------------------------- 1 | # submariner-k8s-broker 2 | 3 | Submariner Kubernetes Broker 4 | 5 | **Homepage:** 6 | 7 | ## Maintainers 8 | 9 | | Name | Email | Url | 10 | | ---- | ------ | --- | 11 | | Contributors to the Submariner project | submariner-dev@googlegroups.com | https://submariner.io/ | 12 | 13 | ## Source Code 14 | 15 | * 16 | -------------------------------------------------------------------------------- /submariner-k8s-broker/app-readme.md: -------------------------------------------------------------------------------- 1 | # Submariner Kubernetes Broker 2 | 3 | [Submariner](https://submariner.io) is a cross-cluster networking tool. 4 | 5 | This chart creates a service account and role/role binding for use by Submariner to share cluster/endpoint information between clusters. 6 | -------------------------------------------------------------------------------- /submariner-k8s-broker/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The Submariner Kubernetes Broker is now setup. 2 | 3 | You can retrieve the server URL by running 4 | 5 | $ SUBMARINER_BROKER_URL=$(kubectl -n default get endpoints kubernetes -o jsonpath="{.subsets[0].addresses[0].ip}:{.subsets[0].ports[?(@.name=='https')].port}") 6 | 7 | The broker client token and CA can be retrieved by running 8 | 9 | $ SUBMARINER_BROKER_CA=$(kubectl -n "${BROKER_NS}" get secrets "${BROKER_NS}-client-token" -o jsonpath="{.data['ca\.crt']}") 10 | $ SUBMARINER_BROKER_TOKEN=$(kubectl -n "${BROKER_NS}" get secrets "${BROKER_NS}-client-token" -o jsonpath="{.data.token}"|base64 --decode) 11 | -------------------------------------------------------------------------------- /submariner-k8s-broker/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "submariner-k8s-broker.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "submariner-k8s-broker.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "submariner-k8s-broker.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Create the name of the submariner-client service account to use 36 | */}} 37 | {{- define "submariner-k8s-broker.clientServiceAccountName" -}} 38 | {{- printf "%s-client" (include "submariner-k8s-broker.fullname" .)}} 39 | {{- end -}} -------------------------------------------------------------------------------- /submariner-k8s-broker/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{ include "broker-role" $ }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ template "submariner-k8s-broker.fullname" . }}-cluster 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: {{ template "submariner-k8s-broker.fullname" . }}-cluster 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "submariner-k8s-broker.clientServiceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} 15 | -------------------------------------------------------------------------------- /submariner-k8s-broker/templates/svc-acct.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ template "submariner-k8s-broker.clientServiceAccountName" . }} 5 | labels: 6 | heritage: {{ .Release.Service | quote }} 7 | release: {{ .Release.Name | quote }} 8 | chart: {{ template "submariner-k8s-broker.chart" . }} 9 | app: {{ template "submariner-k8s-broker.name" . }} 10 | --- 11 | apiVersion: v1 12 | kind: Secret 13 | metadata: 14 | name: {{ template "submariner-k8s-broker.clientServiceAccountName" . }}-token 15 | annotations: 16 | kubernetes.io/service-account.name: {{ template "submariner-k8s-broker.clientServiceAccountName" . }} 17 | type: kubernetes.io/service-account-token 18 | -------------------------------------------------------------------------------- /submariner-k8s-broker/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /submariner-operator/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /submariner-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | name: submariner-operator 3 | version: 0.0.0 4 | apiVersion: v2 5 | description: Submariner enables direct networking between Pods and Services in different Kubernetes clusters 6 | keywords: 7 | home: https://submariner-io.github.io/ 8 | sources: 9 | - https://submariner-io.github.io/submariner-charts/charts 10 | maintainers: 11 | - name: Contributors to the Submariner project 12 | email: submariner-dev@googlegroups.com 13 | url: https://submariner.io/ 14 | -------------------------------------------------------------------------------- /submariner-operator/README.md: -------------------------------------------------------------------------------- 1 | # submariner-operator 2 | 3 | Submariner enables direct networking between Pods and Services in different Kubernetes clusters 4 | 5 | **Homepage:** 6 | 7 | ## Maintainers 8 | 9 | | Name | Email | Url | 10 | | ---- | ------ | --- | 11 | | Contributors to the Submariner project | submariner-dev@googlegroups.com | https://submariner.io/ | 12 | 13 | ## Source Code 14 | 15 | * 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | broker.ca | string | `""` | | 22 | | broker.globalnet | bool | `false` | | 23 | | broker.insecure | bool | `false` | | 24 | | broker.namespace | string | `"xyz"` | | 25 | | broker.server | string | `"example.k8s.apiserver"` | | 26 | | broker.token | string | `"test"` | | 27 | | ipsec.debug | bool | `false` | | 28 | | ipsec.forceUDPEncaps | bool | `false` | | 29 | | ipsec.ikePort | int | `500` | | 30 | | ipsec.natPort | int | `4500` | | 31 | | ipsec.psk | string | `""` | | 32 | | leadership.leaseDuration | int | `10` | | 33 | | leadership.renewDeadline | int | `5` | | 34 | | leadership.retryPeriod | int | `2` | | 35 | | operator.affinity | object | `{}` | | 36 | | operator.image.pullPolicy | string | `"IfNotPresent"` | | 37 | | operator.image.repository | string | `"quay.io/submariner/submariner-operator"` | | 38 | | operator.image.tag | string | `"0.14.0"` | | 39 | | operator.resources | object | `{}` | | 40 | | operator.tolerations | list | `[]` | | 41 | | submariner.cableDriver | string | `"libreswan"` | | 42 | | submariner.clusterCidr | string | `""` | | 43 | | submariner.clusterId | string | `""` | | 44 | | submariner.colorCodes | string | `"blue"` | | 45 | | submariner.coreDNSCustomConfig | object | `{}` | | 46 | | submariner.debug | bool | `false` | | 47 | | submariner.globalCidr | string | `""` | | 48 | | submariner.clustersetIpCidr | string | `""` | | 49 | | submariner.clustersetIpEnabled | bool | `false` | | 50 | | submariner.healthcheckEnabled | bool | `true` | | 51 | | submariner.images.repository | string | `"quay.io/submariner"` | | 52 | | submariner.images.tag | string | `"0.14.0"` | | 53 | | submariner.natEnabled | bool | `false` | | 54 | | submariner.serviceCidr | string | `""` | | 55 | | submariner.serviceDiscovery | bool | `true` | | 56 | | submariner.token | string | `""` | | 57 | -------------------------------------------------------------------------------- /submariner-operator/app-readme.md: -------------------------------------------------------------------------------- 1 | # Submariner 2 | 3 | [Submariner](https://submariner.io) is a cross-cluster networking tool. 4 | 5 | This chart creates the required components in this cluster to deploy the Submariner operator. 6 | -------------------------------------------------------------------------------- /submariner-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Submariner is now installed. 2 | 3 | By default, Submariner runs with 1 replica. If you have more than one Gateway host, you can scale Submariner to N replicas, and the other Submariner pods will simply join the leader election pool. 4 | -------------------------------------------------------------------------------- /submariner-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Create a default fully qualified app name. 4 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 5 | If release name contains chart name it will be used as a full name. 6 | */}} 7 | {{- define "submariner.fullname" -}} 8 | {{- if .Values.fullnameOverride -}} 9 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 10 | {{- else -}} 11 | {{- $name := default .Chart.Name .Values.nameOverride -}} 12 | {{- if contains $name .Release.Name -}} 13 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 14 | {{- else -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | {{- end -}} 18 | {{- end -}} 19 | 20 | {{/* 21 | Create chart name and version as used by the chart label. 22 | */}} 23 | {{- define "submariner.chart" -}} 24 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 25 | {{- end -}} 26 | 27 | -------------------------------------------------------------------------------- /submariner-operator/templates/operator-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | heritage: {{ .Release.Service | quote }} 6 | release: {{ .Release.Name | quote }} 7 | chart: {{ template "submariner.chart" . }} 8 | app: {{ template "submariner.fullname" . }} 9 | name: {{ template "submariner.fullname" . }} 10 | spec: 11 | progressDeadlineSeconds: 600 12 | replicas: 1 13 | revisionHistoryLimit: 10 14 | selector: 15 | matchLabels: 16 | name: {{ template "submariner.fullname" . }} 17 | strategy: 18 | rollingUpdate: 19 | maxSurge: 25% 20 | maxUnavailable: 25% 21 | type: RollingUpdate 22 | template: 23 | metadata: 24 | creationTimestamp: null 25 | labels: 26 | name: {{ template "submariner.fullname" . }} 27 | spec: 28 | containers: 29 | - args: 30 | - --leader-elect 31 | env: 32 | - name: WATCH_NAMESPACE 33 | valueFrom: 34 | fieldRef: 35 | apiVersion: v1 36 | fieldPath: metadata.namespace 37 | - name: POD_NAME 38 | valueFrom: 39 | fieldRef: 40 | apiVersion: v1 41 | fieldPath: metadata.name 42 | - name: OPERATOR_NAME 43 | value: submariner-operator 44 | image: {{ .Values.operator.image.repository }}:{{ default .Chart.AppVersion .Values.operator.image.tag }} 45 | imagePullPolicy: {{ .Values.operator.image.pullPolicy }} 46 | name: submariner-operator 47 | resources: {} 48 | terminationMessagePath: /dev/termination-log 49 | terminationMessagePolicy: File 50 | dnsPolicy: ClusterFirst 51 | restartPolicy: Always 52 | schedulerName: default-scheduler 53 | securityContext: {} 54 | serviceAccountName: submariner-operator 55 | terminationGracePeriodSeconds: 30 56 | -------------------------------------------------------------------------------- /submariner-operator/templates/submariner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: submariner.io/v1alpha1 2 | kind: Submariner 3 | metadata: 4 | name: submariner 5 | namespace: submariner-operator 6 | spec: 7 | broker: k8s 8 | brokerK8sApiServer: {{ .Values.broker.server }} 9 | brokerK8sApiServerToken: {{ .Values.broker.token }} 10 | brokerK8sCA: {{ .Values.broker.ca }} 11 | brokerK8sRemoteNamespace: {{ .Values.broker.namespace }} 12 | brokerK8sInsecure: {{ .Values.broker.insecure }} 13 | ceIPSecDebug: {{ .Values.ipsec.debug }} 14 | ceIPSecForceUDPEncaps: {{ .Values.ipsec.forceUDPEncaps }} 15 | ceIPSecIKEPort: {{ .Values.ipsec.ikePort }} 16 | ceIPSecNATTPort: {{ .Values.ipsec.natPort }} 17 | ceIPSecPSK: {{ .Values.ipsec.psk }} 18 | clusterCIDR: "{{ .Values.submariner.clusterCidr }}" 19 | clusterID: {{ .Values.submariner.clusterId }} 20 | colorCodes: {{ .Values.submariner.colorCodes }} 21 | debug: {{ .Values.submariner.debug }} 22 | loadBalancerEnabled: {{ .Values.submariner.loadBalancerEnabled }} 23 | namespace: {{ .Release.Namespace }} 24 | natEnabled: {{ .Values.submariner.natEnabled }} 25 | repository: {{ .Values.submariner.images.repository }} 26 | version: {{ default .Chart.AppVersion .Values.submariner.images.tag }} 27 | {{- with .Values.images }} 28 | {{- if . }} 29 | imageOverrides: 30 | {{- if index . "submariner-operator" }} 31 | submariner-operator: {{ index . "submariner-operator" }} 32 | {{- end }} 33 | {{- if index . "submariner-gateway" }} 34 | submariner-gateway: {{ index . "submariner-gateway" }} 35 | {{- end }} 36 | {{- if index . "submariner-route-agent" }} 37 | submariner-routeagent: {{ index . "submariner-route-agent" }} 38 | {{- end }} 39 | {{- if index . "submariner-globalnet" }} 40 | submariner-globalnet: {{ index . "submariner-globalnet" }} 41 | {{- end }} 42 | {{- if index . "submariner-networkplugin-syncer" }} 43 | submariner-networkplugin-syncer: {{ index . "submariner-networkplugin-syncer" }} 44 | {{- end }} 45 | {{- if index . "lighthouse-agent" }} 46 | submariner-lighthouse-agent: {{ index . "lighthouse-agent" }} 47 | {{- end }} 48 | {{- if index . "lighthouse-coredns" }} 49 | submariner-lighthouse-coredns: {{ index . "lighthouse-coredns" }} 50 | {{- end }} 51 | {{- end }} 52 | {{- end }} 53 | serviceCIDR: "{{ .Values.submariner.serviceCidr }}" 54 | globalCIDR: "{{ .Values.submariner.globalCidr }}" 55 | clustersetIPCIDR: "{{ .Values.submariner.clustersetIpCidr }}" 56 | clustersetIPEnabled: {{ .Values.submariner.clustersetIpEnabled }} 57 | serviceDiscoveryEnabled: {{ .Values.submariner.serviceDiscovery }} 58 | cableDriver: {{ .Values.submariner.cableDriver }} 59 | connectionHealthCheck: 60 | enabled: {{ .Values.submariner.healthcheckEnabled }} 61 | intervalSeconds: 1 62 | maxPacketLossCount: 5 63 | {{- with .Values.submariner.coreDNSCustomConfig }} 64 | coreDNSCustomConfig: 65 | configMapName: {{ .configMapName }} 66 | namespace: {{ .namespace }} 67 | {{- end }} 68 | -------------------------------------------------------------------------------- /submariner-operator/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | submariner: 3 | clusterId: "" 4 | token: "" 5 | clusterCidr: "" 6 | serviceCidr: "" 7 | globalCidr: "" 8 | clustersetIpCidr: "" 9 | clustersetIpEnabled: false 10 | loadBalancerEnabled: false 11 | natEnabled: false 12 | colorCodes: blue 13 | debug: false 14 | serviceDiscovery: true 15 | cableDriver: "libreswan" 16 | healthcheckEnabled: true 17 | coreDNSCustomConfig: {} 18 | images: 19 | repository: quay.io/submariner 20 | tag: "" 21 | broker: 22 | server: example.k8s.apiserver 23 | token: test 24 | namespace: xyz 25 | insecure: false 26 | ca: "" 27 | globalnet: false 28 | images: {} 29 | ipsec: 30 | psk: "" 31 | debug: false 32 | forceUDPEncaps: false 33 | ikePort: 500 34 | natPort: 4500 35 | leadership: 36 | leaseDuration: 10 37 | renewDeadline: 5 38 | retryPeriod: 2 39 | operator: 40 | image: 41 | repository: quay.io/submariner/submariner-operator 42 | tag: "" 43 | pullPolicy: IfNotPresent 44 | resources: {} 45 | tolerations: [] 46 | affinity: {} 47 | --------------------------------------------------------------------------------