From d23be9cc45c0e6df5f7aef222b7fbcb514827575 Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Mon, 9 Mar 2026 12:43:37 +0600 Subject: [PATCH 1/7] add chart for GCP-cred less Signed-off-by: Anisur Rahman --- charts/gcp-credential-manager/.helmignore | 23 + charts/gcp-credential-manager/Chart.yaml | 13 + charts/gcp-credential-manager/README.md | 113 ++ charts/gcp-credential-manager/doc.yaml | 18 + .../templates/NOTES.txt | 3 + .../templates/_helpers.tpl | 125 ++ .../templates/cert.yaml | 16 + .../templates/deployment.yaml | 88 + .../templates/mutating-webhook.yaml | 33 + .../templates/rbac.yaml | 135 ++ .../templates/service.yaml | 14 + .../templates/serviceaccount.yaml | 14 + .../values.openapiv3_schema.yaml | 1671 +++++++++++++++++ charts/gcp-credential-manager/values.yaml | 128 ++ 14 files changed, 2394 insertions(+) create mode 100644 charts/gcp-credential-manager/.helmignore create mode 100644 charts/gcp-credential-manager/Chart.yaml create mode 100644 charts/gcp-credential-manager/README.md create mode 100644 charts/gcp-credential-manager/doc.yaml create mode 100644 charts/gcp-credential-manager/templates/NOTES.txt create mode 100644 charts/gcp-credential-manager/templates/_helpers.tpl create mode 100644 charts/gcp-credential-manager/templates/cert.yaml create mode 100644 charts/gcp-credential-manager/templates/deployment.yaml create mode 100644 charts/gcp-credential-manager/templates/mutating-webhook.yaml create mode 100644 charts/gcp-credential-manager/templates/rbac.yaml create mode 100644 charts/gcp-credential-manager/templates/service.yaml create mode 100644 charts/gcp-credential-manager/templates/serviceaccount.yaml create mode 100644 charts/gcp-credential-manager/values.openapiv3_schema.yaml create mode 100644 charts/gcp-credential-manager/values.yaml diff --git a/charts/gcp-credential-manager/.helmignore b/charts/gcp-credential-manager/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/gcp-credential-manager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/gcp-credential-manager/Chart.yaml b/charts/gcp-credential-manager/Chart.yaml new file mode 100644 index 00000000..27f393a6 --- /dev/null +++ b/charts/gcp-credential-manager/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: gcp-credential-manager +description: A Helm chart for AWS Credential Manager +type: application +version: v2026.1.20 +appVersion: v0.0.3 +home: https://github.com/appscode-cloud +icon: https://cdn.appscode.com/images/products/bytebuilders/icons/android-icon-192x192.png +sources: +- https://github.com/appscode-cloud +maintainers: +- name: appscode + email: support@appscode.com diff --git a/charts/gcp-credential-manager/README.md b/charts/gcp-credential-manager/README.md new file mode 100644 index 00000000..18f5d447 --- /dev/null +++ b/charts/gcp-credential-manager/README.md @@ -0,0 +1,113 @@ +# AWS Credential Manager + +[AWS Credential Manager by AppsCode](https://github.com/appscode-cloud) - AWS Credential Manager + +## TL;DR; + +```bash +$ helm repo add appscode https://charts.appscode.com/stable +$ helm repo update +$ helm search repo appscode/gcp-credential-manager --version=v2026.1.20 +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 +``` + +## Introduction + +This chart deploys a AWS Credential Manager on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.29+ + +## Installing the Chart + +To install/upgrade the chart with the release name `gcp-credential-manager`: + +```bash +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 +``` + +The command deploys a AWS Credential Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall the `gcp-credential-manager`: + +```bash +$ helm uninstall gcp-credential-manager -n kubeops +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `gcp-credential-manager` chart and their default values. + +| Parameter | Description | Default | +|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| replicaCount | | 1 | +| registryFQDN | Docker registry fqdn used to pull app related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} | ghcr.io | +| image.registry | Docker registry used to pull app container image | appscode | +| image.repository | | gcp-credential-manager | +| image.pullPolicy | | IfNotPresent | +| image.tag | Overrides the image tag whose default is the chart appVersion. | "" | +| imagePullSecrets | | [] | +| nameOverride | | "" | +| fullnameOverride | | "" | +| serviceAccount.create | Specifies whether a service account should be created | true | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" | +| podAnnotations | | {} | +| podLabels | | {} | +| podSecurityContext | | {} | +| securityContext | | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}} | +| service.type | | ClusterIP | +| service.port | | 8081 | +| resources | | {} | +| livenessProbe.httpGet.path | | /healthz | +| livenessProbe.httpGet.port | | 8081 | +| livenessProbe.httpGet.scheme | | HTTP | +| livenessProbe.initialDelaySeconds | | 15 | +| livenessProbe.periodSeconds | | 20 | +| readinessProbe.httpGet.path | | /readyz | +| readinessProbe.httpGet.port | | 8081 | +| readinessProbe.httpGet.scheme | | HTTP | +| readinessProbe.initialDelaySeconds | | 5 | +| readinessProbe.periodSeconds | | 10 | +| volumes | Additional volumes on the output Deployment definition. | [] | +| volumeMounts | Additional volumeMounts on the output Deployment definition. | [] | +| nodeSelector | | {} | +| tolerations | | [] | +| affinity | | {} | +| distro.openshift | Set true, if installed in OpenShift | false | +| distro.ubi | Set operator or all to use ubi images | "" | +| bucketAccessor.awsMaxIntervalSeconds | | "5" | +| bucketAccessor.awsMaxWaitSeconds | | "300" | +| apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | 10000 | +| apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | true | +| apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. | not-ca-cert | +| apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | false | +| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | true | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | true | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: + +```bash +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```bash +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 --values values.yaml +``` diff --git a/charts/gcp-credential-manager/doc.yaml b/charts/gcp-credential-manager/doc.yaml new file mode 100644 index 00000000..ed244532 --- /dev/null +++ b/charts/gcp-credential-manager/doc.yaml @@ -0,0 +1,18 @@ +project: + name: AWS Credential Manager by AppsCode + shortName: AWS Credential Manager + url: https://github.com/appscode-cloud + description: AWS Credential Manager + app: a AWS Credential Manager +repository: + url: https://charts.appscode.com/stable + name: appscode +chart: + name: gcp-credential-manager + values: -- generate from values file -- + valuesExample: -- generate from values file -- +prerequisites: +- Kubernetes 1.29+ +release: + name: gcp-credential-manager + namespace: kubeops diff --git a/charts/gcp-credential-manager/templates/NOTES.txt b/charts/gcp-credential-manager/templates/NOTES.txt new file mode 100644 index 00000000..f8535e76 --- /dev/null +++ b/charts/gcp-credential-manager/templates/NOTES.txt @@ -0,0 +1,3 @@ +Application deployed. Find pods by running the following command: + +kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gcp-credential-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/charts/gcp-credential-manager/templates/_helpers.tpl b/charts/gcp-credential-manager/templates/_helpers.tpl new file mode 100644 index 00000000..1ba7a9e6 --- /dev/null +++ b/charts/gcp-credential-manager/templates/_helpers.tpl @@ -0,0 +1,125 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gcp-credential-manager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gcp-credential-manager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gcp-credential-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gcp-credential-manager.labels" -}} +helm.sh/chart: {{ include "gcp-credential-manager.chart" . }} +{{ include "gcp-credential-manager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gcp-credential-manager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gcp-credential-manager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gcp-credential-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gcp-credential-manager.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Returns the registry used for image docker image +*/}} +{{- define "image.registry" -}} +{{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }} +{{- end }} + +{{- define "appscode.imagePullSecrets" -}} +{{- with .Values.imagePullSecrets -}} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} + +{{/* +Returns whether the OpenShift distribution is used +*/}} +{{- define "distro.openshift" -}} +{{- or (.Capabilities.APIVersions.Has "project.openshift.io/v1/Project") .Values.distro.openshift -}} +{{- end }} + +{{/* +Returns if ubi images are to be used +*/}} +{{- define "operator.ubi" -}} +{{ ternary "-ubi" "" (list "operator" "all" | has .Values.distro.ubi) }} +{{- end }} + + +{{ define "gcp-credential-manager.webhookServiceName" -}} +{{- printf "%s-webhook" (include "gcp-credential-manager.fullname" . ) | trunc 63 | trimPrefix "-" -}} +{{- end -}} + +{{/* +Prepare certs +*/}} +{{- define "gcp-credential-manager.prepare-certs" -}} +{{- if not ._caCrt }} +{{- $caCrt := "" }} +{{- $serverCrt := "" }} +{{- $serverKey := "" }} +{{- if .Values.apiserver.servingCerts.generate }} +{{- $ca := genCA "ca" 3650 }} +{{ $cn := include "gcp-credential-manager.webhookServiceName" . -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +{{- $caCrt = b64enc $ca.Cert }} +{{- $serverCrt = b64enc $server.Cert }} +{{- $serverKey = b64enc $server.Key }} +{{- else }} +{{- $caCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.caCrt }} +{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }} +{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }} +{{- end }} + +{{ $_ := set $ "_caCrt" $caCrt }} +{{ $_ := set $ "_serverCrt" $serverCrt }} +{{ $_ := set $ "_serverKey" $serverKey }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gcp-credential-manager/templates/cert.yaml b/charts/gcp-credential-manager/templates/cert.yaml new file mode 100644 index 00000000..b8c65115 --- /dev/null +++ b/charts/gcp-credential-manager/templates/cert.yaml @@ -0,0 +1,16 @@ +{{ template "gcp-credential-manager.prepare-certs" $ }} + +{{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}-apiserver-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +type: Opaque +data: + ca.crt: {{ $._caCrt }} + tls.crt: {{ $._serverCrt }} + tls.key: {{ $._serverKey }} +{{- end }} \ No newline at end of file diff --git a/charts/gcp-credential-manager/templates/deployment.yaml b/charts/gcp-credential-manager/templates/deployment.yaml new file mode 100644 index 00000000..b9b9ad45 --- /dev/null +++ b/charts/gcp-credential-manager/templates/deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gcp-credential-manager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "gcp-credential-manager.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "appscode.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "gcp-credential-manager.serviceAccountName" . }} + {{- if eq "true" ( include "distro.openshift" . ) }} + securityContext: + {{- toYaml (omit .Values.podSecurityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 8 }} + {{- else }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- if eq "true" ( include "distro.openshift" . ) }} + securityContext: + {{- toYaml (omit .Values.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 12 }} + {{- else }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{ include "operator.ubi" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - run + - --metrics-bind-address=:8443 + - --leader-elect=false + - --health-probe-bind-address=:{{ .Values.service.port }} + - --webhook-cert-path=/var/serving-cert + - --gcs-max-interval-seconds={{ .Values.bucketAccessor.gcsMaxIntervalSeconds }} + - --gcs-max-wait-seconds={{ .Values.bucketAccessor.gcsMaxWaitSeconds }} + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /var/serving-cert + name: serving-cert + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: serving-cert + secret: + defaultMode: 420 + secretName: {{ include "gcp-credential-manager.fullname" . }}-apiserver-cert + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gcp-credential-manager/templates/mutating-webhook.yaml b/charts/gcp-credential-manager/templates/mutating-webhook.yaml new file mode 100644 index 00000000..35fd575b --- /dev/null +++ b/charts/gcp-credential-manager/templates/mutating-webhook.yaml @@ -0,0 +1,33 @@ +{{ template "gcp-credential-manager.prepare-certs" $ }} + +{{- if .Values.apiserver.enableMutatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "gcp-credential-manager.fullname" . }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +webhooks: + - name: vjob-v1.kb.io + admissionReviewVersions: + - v1 + failurePolicy: Fail + sideEffects: None + rules: + - operations: + - CREATE + - UPDATE + - DELETE + apiGroups: + - batch + apiVersions: + - v1 + resources: + - jobs + clientConfig: + service: + namespace: {{ .Release.Namespace }} + name: {{ include "gcp-credential-manager.webhookServiceName" . }} + path: /mutate-batch-v1-job + caBundle: {{ $._caCrt }} +{{- end }} diff --git a/charts/gcp-credential-manager/templates/rbac.yaml b/charts/gcp-credential-manager/templates/rbac.yaml new file mode 100644 index 00000000..5ce28184 --- /dev/null +++ b/charts/gcp-credential-manager/templates/rbac.yaml @@ -0,0 +1,135 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}:manager + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - serviceaccounts/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}:leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gcp-credential-manager.fullname" . }}:leader-election +subjects: +- kind: ServiceAccount + name: {{ include "gcp-credential-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}:manager + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "gcp-credential-manager.fullname" . }}:manager +subjects: +- kind: ServiceAccount + name: {{ include "gcp-credential-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "gcp-credential-manager.fullname" . }}:metrics-auth + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ include "gcp-credential-manager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/gcp-credential-manager/templates/service.yaml b/charts/gcp-credential-manager/templates/service.yaml new file mode 100644 index 00000000..7b617ca9 --- /dev/null +++ b/charts/gcp-credential-manager/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gcp-credential-manager.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} diff --git a/charts/gcp-credential-manager/templates/serviceaccount.yaml b/charts/gcp-credential-manager/templates/serviceaccount.yaml new file mode 100644 index 00000000..bb96876a --- /dev/null +++ b/charts/gcp-credential-manager/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gcp-credential-manager + namespace: {{ .Release.Namespace }} + labels: + {{- include "gcp-credential-manager.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: true +{{- end }} diff --git a/charts/gcp-credential-manager/values.openapiv3_schema.yaml b/charts/gcp-credential-manager/values.openapiv3_schema.yaml new file mode 100644 index 00000000..8530324f --- /dev/null +++ b/charts/gcp-credential-manager/values.openapiv3_schema.yaml @@ -0,0 +1,1671 @@ +properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + fullnameOverride: + type: string + image: + properties: + pullPolicy: + type: string + registry: + type: string + repository: + type: string + tag: + type: string + required: + - pullPolicy + - registry + - repository + - tag + type: object + imagePullSecrets: + items: + type: string + type: array + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + service: + properties: + port: + type: integer + type: + type: string + required: + - port + - type + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: '' + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: '' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array +required: +- image +- replicaCount +- service +- serviceAccount +- volumeMounts +- volumes +type: object diff --git a/charts/gcp-credential-manager/values.yaml b/charts/gcp-credential-manager/values.yaml new file mode 100644 index 00000000..8e09cca2 --- /dev/null +++ b/charts/gcp-credential-manager/values.yaml @@ -0,0 +1,128 @@ +# Default values for gcp-credential-manager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 +# Docker registry fqdn used to pull app related images. +# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image} +registryFQDN: ghcr.io +image: + # Docker registry used to pull app container image + registry: appscode + repository: gcp-credential-manager + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +podAnnotations: {} +podLabels: {} +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: # +doc-gen:break + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault +service: + type: ClusterIP + port: 8081 +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 +readinessProbe: + httpGet: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} +tolerations: [] +affinity: {} + +distro: + # Set true, if installed in OpenShift + openshift: false + # Set operator or all to use ubi images + ubi: "" + +bucketAccessor: + gcsMaxIntervalSeconds: "5" + gcsMaxWaitSeconds: "300" + +apiserver: + # The minimum priority the webhook api group should have at least. Please see + # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 + # for more information on proper values of this field. + groupPriorityMinimum: 10000 + # The ordering of the webhook api inside of the group. Please see + # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 + # for more information on proper values of this field + versionPriority: 15 + # If true, mutating webhook is configured for Kubernetes workloads + enableMutatingWebhook: true + # If true, validating webhook is configured for Stash CRDss + enableValidatingWebhook: true + # CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. + ca: not-ca-cert + # If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. + bypassValidatingWebhookXray: false + # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) + useKubeapiserverFqdnForAks: true + healthcheck: + # If true, enables the readiness and liveliness probes for the operator pod. + enabled: false + servingCerts: + # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) + # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. + generate: true + # CA certficate used by serving certificate of webhook server. + caCrt: "" + # Serving certficate used by webhook server. + serverCrt: "" + # Private key for the serving certificate used by webhook server. + serverKey: "" \ No newline at end of file From a750dd0ddc8257a8abeb8a4bebf842d740cfe09c Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Mon, 9 Mar 2026 12:53:05 +0600 Subject: [PATCH 2/7] make gen Signed-off-by: Anisur Rahman --- .../values.openapiv3_schema.yaml | 729 -------------- .../values.openapiv3_schema.yaml | 907 ------------------ .../values.openapiv3_schema.yaml | 729 -------------- charts/gcp-credential-manager/README.md | 4 +- 4 files changed, 2 insertions(+), 2367 deletions(-) diff --git a/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml b/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml index 432e0f3b..e69de29b 100644 --- a/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml +++ b/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml @@ -1,729 +0,0 @@ -properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - distro: - properties: - openshift: - type: boolean - ubi: - enum: - - all - - catalog - - operator - type: string - required: - - openshift - - ubi - type: object - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - resources: - properties: - claims: - items: - properties: - name: - type: string - request: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - capabilities: - properties: - add: - items: - type: string - type: array - x-kubernetes-list-type: atomic - drop: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - properties: - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxChangePolicy: - type: string - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - type: string - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array -required: -- image -- imagePullPolicy -- monitoring -- registryFQDN -- replicaCount -- serviceAccount -type: object diff --git a/charts/capi-ops-manager/values.openapiv3_schema.yaml b/charts/capi-ops-manager/values.openapiv3_schema.yaml index 32b21f2b..e69de29b 100644 --- a/charts/capi-ops-manager/values.openapiv3_schema.yaml +++ b/charts/capi-ops-manager/values.openapiv3_schema.yaml @@ -1,907 +0,0 @@ -properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - apiserver: - properties: - bypassValidatingWebhookXray: - type: boolean - ca: - type: string - enableMutatingWebhook: - type: boolean - enableValidatingWebhook: - type: boolean - groupPriorityMinimum: - type: integer - healthcheck: - properties: - enabled: - type: boolean - type: object - servingCerts: - properties: - caCrt: - type: string - generate: - type: boolean - serverCrt: - type: string - serverKey: - type: string - required: - - generate - type: object - useKubeapiserverFqdnForAks: - type: boolean - versionPriority: - type: integer - required: - - bypassValidatingWebhookXray - - ca - - enableMutatingWebhook - - enableValidatingWebhook - - groupPriorityMinimum - - healthcheck - - servingCerts - - useKubeapiserverFqdnForAks - - versionPriority - type: object - criticalAddon: - type: boolean - distro: - properties: - openshift: - type: boolean - ubi: - enum: - - all - - catalog - - operator - type: string - required: - - openshift - - ubi - type: object - fullnameOverride: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - logLevel: - format: int32 - type: integer - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - operator: - properties: - registry: - type: string - repository: - type: string - resources: - properties: - claims: - items: - properties: - name: - type: string - request: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - capabilities: - properties: - add: - items: - type: string - type: array - x-kubernetes-list-type: atomic - drop: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podLabels: - additionalProperties: - type: string - type: object - podSecurityContext: - properties: - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxChangePolicy: - type: string - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - type: string - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - rbacproxy: - properties: - registry: - type: string - repository: - type: string - resources: - properties: - claims: - items: - properties: - name: - type: string - request: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - capabilities: - properties: - add: - items: - type: string - type: array - x-kubernetes-list-type: atomic - drop: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - registryFQDN: - type: string - replicaCount: - format: int32 - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array -required: -- imagePullPolicy -- monitoring -- operator -- rbacproxy -- registryFQDN -- replicaCount -- serviceAccount -type: object diff --git a/charts/docker-machine-operator/values.openapiv3_schema.yaml b/charts/docker-machine-operator/values.openapiv3_schema.yaml index 432e0f3b..e69de29b 100644 --- a/charts/docker-machine-operator/values.openapiv3_schema.yaml +++ b/charts/docker-machine-operator/values.openapiv3_schema.yaml @@ -1,729 +0,0 @@ -properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - distro: - properties: - openshift: - type: boolean - ubi: - enum: - - all - - catalog - - operator - type: string - required: - - openshift - - ubi - type: object - fullnameOverride: - type: string - image: - properties: - registry: - type: string - repository: - type: string - resources: - properties: - claims: - items: - properties: - name: - type: string - request: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - capabilities: - properties: - add: - items: - type: string - type: array - x-kubernetes-list-type: atomic - drop: - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tag: - type: string - required: - - registry - - repository - - tag - type: object - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - monitoring: - properties: - agent: - enum: - - prometheus.io - - prometheus.io/operator - - prometheus.io/builtin - type: string - serviceMonitor: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - required: - - agent - - serviceMonitor - type: object - nameOverride: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - podAnnotations: - additionalProperties: - type: string - type: object - podSecurityContext: - properties: - appArmorProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxChangePolicy: - type: string - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - type: string - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - registryFQDN: - type: string - replicaCount: - type: integer - serviceAccount: - properties: - annotations: - additionalProperties: - type: string - type: object - create: - type: boolean - name: - type: string - required: - - create - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array -required: -- image -- imagePullPolicy -- monitoring -- registryFQDN -- replicaCount -- serviceAccount -type: object diff --git a/charts/gcp-credential-manager/README.md b/charts/gcp-credential-manager/README.md index 18f5d447..de4b9cab 100644 --- a/charts/gcp-credential-manager/README.md +++ b/charts/gcp-credential-manager/README.md @@ -83,8 +83,8 @@ The following table lists the configurable parameters of the `gcp-credential-man | affinity | | {} | | distro.openshift | Set true, if installed in OpenShift | false | | distro.ubi | Set operator or all to use ubi images | "" | -| bucketAccessor.awsMaxIntervalSeconds | | "5" | -| bucketAccessor.awsMaxWaitSeconds | | "300" | +| bucketAccessor.gcsMaxIntervalSeconds | | "5" | +| bucketAccessor.gcsMaxWaitSeconds | | "300" | | apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | 10000 | | apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 | | apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true | From bd54182cc44d16610509c9e5d5d45cb06d22623e Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Mon, 9 Mar 2026 12:57:15 +0600 Subject: [PATCH 3/7] fix typo Signed-off-by: Anisur Rahman --- charts/gcp-credential-manager/Chart.yaml | 2 +- charts/gcp-credential-manager/README.md | 8 ++++---- charts/gcp-credential-manager/doc.yaml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/gcp-credential-manager/Chart.yaml b/charts/gcp-credential-manager/Chart.yaml index 27f393a6..449a66be 100644 --- a/charts/gcp-credential-manager/Chart.yaml +++ b/charts/gcp-credential-manager/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: gcp-credential-manager -description: A Helm chart for AWS Credential Manager +description: A Helm chart for GCP Credential Manager type: application version: v2026.1.20 appVersion: v0.0.3 diff --git a/charts/gcp-credential-manager/README.md b/charts/gcp-credential-manager/README.md index de4b9cab..c42b2628 100644 --- a/charts/gcp-credential-manager/README.md +++ b/charts/gcp-credential-manager/README.md @@ -1,6 +1,6 @@ -# AWS Credential Manager +# GCP Credential Manager -[AWS Credential Manager by AppsCode](https://github.com/appscode-cloud) - AWS Credential Manager +[GCP Credential Manager by AppsCode](https://github.com/appscode-cloud) - GCP Credential Manager ## TL;DR; @@ -13,7 +13,7 @@ $ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kube ## Introduction -This chart deploys a AWS Credential Manager on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart deploys a GCP Credential Manager on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. ## Prerequisites @@ -27,7 +27,7 @@ To install/upgrade the chart with the release name `gcp-credential-manager`: $ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 ``` -The command deploys a AWS Credential Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The command deploys a GCP Credential Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. > **Tip**: List all releases using `helm list` diff --git a/charts/gcp-credential-manager/doc.yaml b/charts/gcp-credential-manager/doc.yaml index ed244532..e4b4decf 100644 --- a/charts/gcp-credential-manager/doc.yaml +++ b/charts/gcp-credential-manager/doc.yaml @@ -1,9 +1,9 @@ project: - name: AWS Credential Manager by AppsCode - shortName: AWS Credential Manager + name: GCP Credential Manager by AppsCode + shortName: GCP Credential Manager url: https://github.com/appscode-cloud - description: AWS Credential Manager - app: a AWS Credential Manager + description: GCP Credential Manager + app: a GCP Credential Manager repository: url: https://charts.appscode.com/stable name: appscode From 45e858294d84cf65a35119f4a15f418c1f2def1e Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Mon, 9 Mar 2026 13:37:10 +0600 Subject: [PATCH 4/7] remove example Signed-off-by: Anisur Rahman --- charts/gcp-credential-manager/values.yaml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/charts/gcp-credential-manager/values.yaml b/charts/gcp-credential-manager/values.yaml index 8e09cca2..dd2045f9 100644 --- a/charts/gcp-credential-manager/values.yaml +++ b/charts/gcp-credential-manager/values.yaml @@ -42,16 +42,6 @@ service: type: ClusterIP port: 8081 resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi livenessProbe: httpGet: @@ -67,19 +57,8 @@ readinessProbe: scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 -# Additional volumes on the output Deployment definition. volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false - -# Additional volumeMounts on the output Deployment definition. volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true - nodeSelector: {} tolerations: [] affinity: {} From 046203133c23eb875257f7ba0597547408605e37 Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Mon, 9 Mar 2026 13:39:44 +0600 Subject: [PATCH 5/7] fix ci Signed-off-by: Anisur Rahman --- .../values.openapiv3_schema.yaml | 729 ++++++++++++++ .../values.openapiv3_schema.yaml | 907 ++++++++++++++++++ .../values.openapiv3_schema.yaml | 729 ++++++++++++++ charts/gcp-credential-manager/README.md | 4 +- 4 files changed, 2367 insertions(+), 2 deletions(-) diff --git a/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml b/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml index e69de29b..432e0f3b 100644 --- a/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml +++ b/charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml @@ -0,0 +1,729 @@ +properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + distro: + properties: + openshift: + type: boolean + ubi: + enum: + - all + - catalog + - operator + type: string + required: + - openshift + - ubi + type: object + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array +required: +- image +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/charts/capi-ops-manager/values.openapiv3_schema.yaml b/charts/capi-ops-manager/values.openapiv3_schema.yaml index e69de29b..32b21f2b 100644 --- a/charts/capi-ops-manager/values.openapiv3_schema.yaml +++ b/charts/capi-ops-manager/values.openapiv3_schema.yaml @@ -0,0 +1,907 @@ +properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + apiserver: + properties: + bypassValidatingWebhookXray: + type: boolean + ca: + type: string + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + type: integer + required: + - bypassValidatingWebhookXray + - ca + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + type: object + criticalAddon: + type: boolean + distro: + properties: + openshift: + type: boolean + ubi: + enum: + - all + - catalog + - operator + type: string + required: + - openshift + - ubi + type: object + fullnameOverride: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + logLevel: + format: int32 + type: integer + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + operator: + properties: + registry: + type: string + repository: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podLabels: + additionalProperties: + type: string + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + rbacproxy: + properties: + registry: + type: string + repository: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + registryFQDN: + type: string + replicaCount: + format: int32 + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array +required: +- imagePullPolicy +- monitoring +- operator +- rbacproxy +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/charts/docker-machine-operator/values.openapiv3_schema.yaml b/charts/docker-machine-operator/values.openapiv3_schema.yaml index e69de29b..432e0f3b 100644 --- a/charts/docker-machine-operator/values.openapiv3_schema.yaml +++ b/charts/docker-machine-operator/values.openapiv3_schema.yaml @@ -0,0 +1,729 @@ +properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + distro: + properties: + openshift: + type: boolean + ubi: + enum: + - all + - catalog + - operator + type: string + required: + - openshift + - ubi + type: object + fullnameOverride: + type: string + image: + properties: + registry: + type: string + repository: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + tag: + type: string + required: + - registry + - repository + - tag + type: object + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string + type: array + monitoring: + properties: + agent: + enum: + - prometheus.io + - prometheus.io/operator + - prometheus.io/builtin + type: string + serviceMonitor: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + required: + - agent + - serviceMonitor + type: object + nameOverride: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + registryFQDN: + type: string + replicaCount: + type: integer + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + create: + type: boolean + name: + type: string + required: + - create + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array +required: +- image +- imagePullPolicy +- monitoring +- registryFQDN +- replicaCount +- serviceAccount +type: object diff --git a/charts/gcp-credential-manager/README.md b/charts/gcp-credential-manager/README.md index c42b2628..8de0fd2a 100644 --- a/charts/gcp-credential-manager/README.md +++ b/charts/gcp-credential-manager/README.md @@ -76,8 +76,8 @@ The following table lists the configurable parameters of the `gcp-credential-man | readinessProbe.httpGet.scheme | | HTTP | | readinessProbe.initialDelaySeconds | | 5 | | readinessProbe.periodSeconds | | 10 | -| volumes | Additional volumes on the output Deployment definition. | [] | -| volumeMounts | Additional volumeMounts on the output Deployment definition. | [] | +| volumes | | [] | +| volumeMounts | | [] | | nodeSelector | | {} | | tolerations | | [] | | affinity | | {} | From 8281ed44bcd2377728d130587160ca61ab1082ab Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Wed, 11 Mar 2026 00:52:42 +0600 Subject: [PATCH 6/7] Add GCP credential manager API types and tests Signed-off-by: Tamal Saha --- Makefile | 6 +- .../v1alpha1/aws_credential_manager_types.go | 1 - .../v1alpha1/gcp_credential_manager_types.go | 118 +++++++++++ apis/installer/v1alpha1/register.go | 2 + apis/installer/v1alpha1/types_test.go | 1 + .../v1alpha1/zz_generated.deepcopy.go | 184 ++++++++++++++++++ ...ng-webhook.yaml => mutating-webhook.yaml} | 0 .../values.openapiv3_schema.yaml | 111 +++++++++++ charts/aws-credential-manager/values.yaml | 2 +- charts/gcp-credential-manager/Chart.yaml | 4 +- charts/gcp-credential-manager/README.md | 10 +- .../values.openapiv3_schema.yaml | 111 +++++++++++ charts/gcp-credential-manager/values.yaml | 2 +- 13 files changed, 538 insertions(+), 14 deletions(-) create mode 100644 apis/installer/v1alpha1/gcp_credential_manager_types.go rename charts/aws-credential-manager/templates/{mutating-webhook.yaml => mutating-webhook.yaml} (100%) diff --git a/Makefile b/Makefile index 9a457aca..d49a7117 100644 --- a/Makefile +++ b/Makefile @@ -134,7 +134,6 @@ openapi: $(addprefix openapi-, $(subst :,_, $(API_GROUPS))) -w $(DOCKER_REPO_ROOT) \ --env HTTP_PROXY=$(HTTP_PROXY) \ --env HTTPS_PROXY=$(HTTPS_PROXY) \ - --env GO111MODULE=on \ --env GOFLAGS="-mod=vendor" \ $(BUILD_IMAGE) \ go run hack/gencrd/main.go @@ -381,7 +380,6 @@ lint: $(BUILD_DIRS) -v $$(pwd)/.go/cache:/.cache \ --env HTTP_PROXY=$(HTTP_PROXY) \ --env HTTPS_PROXY=$(HTTPS_PROXY) \ - --env GO111MODULE=on \ --env GOFLAGS="-mod=vendor" \ $(BUILD_IMAGE) \ golangci-lint run @@ -397,8 +395,8 @@ verify: verify-gen verify-modules .PHONY: verify-modules verify-modules: - GO111MODULE=on go mod tidy - GO111MODULE=on go mod vendor + go mod tidy + go mod vendor @if !(git diff --exit-code HEAD); then \ echo "go module files are out of date"; exit 1; \ fi diff --git a/apis/installer/v1alpha1/aws_credential_manager_types.go b/apis/installer/v1alpha1/aws_credential_manager_types.go index ce381a80..8ebb7327 100644 --- a/apis/installer/v1alpha1/aws_credential_manager_types.go +++ b/apis/installer/v1alpha1/aws_credential_manager_types.go @@ -36,7 +36,6 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true -// +kubebuilder:resource:path=aceshifters,singular=aceshifter,categories={kubeops,appscode} type AwsCredentialManager struct { metav1.TypeMeta `json:",inline,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/installer/v1alpha1/gcp_credential_manager_types.go b/apis/installer/v1alpha1/gcp_credential_manager_types.go new file mode 100644 index 00000000..60c95a14 --- /dev/null +++ b/apis/installer/v1alpha1/gcp_credential_manager_types.go @@ -0,0 +1,118 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the AppsCode Community License 1.0.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://github.com/appscode/licenses/raw/1.0.0/AppsCode-Community-1.0.0.md + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "kmodules.xyz/resource-metadata/apis/shared" +) + +const ( + ResourceKindGcpCredentialManager = "GcpCredentialManager" + ResourceGcpCredentialManager = "gcpcredentialmanager" + ResourceGcpCredentialManagers = "gcpcredentialmanagers" +) + +// GcpCredentialManager defines the schema for GcpCredentialManager operator installer. + +// +genclient +// +genclient:skipVerbs=updateStatus +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// +kubebuilder:object:root=true +type GcpCredentialManager struct { + metav1.TypeMeta `json:",inline,omitempty"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec GcpCredentialManagerSpec `json:"spec,omitempty"` +} + +// GcpCredentialManagerSpec is the schema for GCP Credential Manager values file. +type GcpCredentialManagerSpec struct { + //+optional + NameOverride string `json:"nameOverride"` + //+optional + FullnameOverride string `json:"fullnameOverride"` + //+optional + RegistryFQDN string `json:"registryFQDN"` + ReplicaCount int32 `json:"replicaCount"` + Image ImageReference `json:"image"` + //+optional + ImagePullSecrets []string `json:"imagePullSecrets"` + //+optional + PodAnnotations map[string]string `json:"podAnnotations"` + //+optional + PodLabels map[string]string `json:"podLabels"` + // PodSecurityContext holds pod-level security attributes and common container settings. + // Optional: Defaults to empty. See type description for default values of each field. + // +optional + PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"` + //+optional + SecurityContext *core.SecurityContext `json:"securityContext"` + //+optional + Resources core.ResourceRequirements `json:"resources"` + //+optional + NodeSelector map[string]string `json:"nodeSelector"` + // If specified, the pod's tolerations. + // +optional + Tolerations []core.Toleration `json:"tolerations"` + // If specified, the pod's scheduling constraints. + // +optional + Affinity *core.Affinity `json:"affinity"` + // +optional + LivenessProbe *core.Probe `json:"livenessProbe"` + // +optional + ReadinessProbe *core.Probe `json:"readinessProbe"` + Service ServiceSpec `json:"service"` + ServiceAccount ServiceAccountSpec `json:"serviceAccount"` + Volumes []core.Volume `json:"volumes"` + VolumeMounts []core.VolumeMount `json:"volumeMounts"` + // +optional + Distro shared.DistroSpec `json:"distro"` + // +optional + Apiserver GcpCredentialManagerApiserver `json:"apiserver"` + // +optional + BucketAccessor GcpBucketAccessor `json:"bucketAccessor"` +} + +type GcpCredentialManagerApiserver struct { + GroupPriorityMinimum int `json:"groupPriorityMinimum"` + VersionPriority int `json:"versionPriority"` + EnableMutatingWebhook bool `json:"enableMutatingWebhook"` + EnableValidatingWebhook bool `json:"enableValidatingWebhook"` + Ca string `json:"ca"` + BypassValidatingWebhookXray bool `json:"bypassValidatingWebhookXray"` + UseKubeapiserverFqdnForAks bool `json:"useKubeapiserverFqdnForAks"` + Healthcheck HealthcheckSpec `json:"healthcheck"` + ServingCerts ServingCerts `json:"servingCerts"` +} + +type GcpBucketAccessor struct { + GcsMaxIntervalSeconds string `json:"gcsMaxIntervalSeconds"` + GcsMaxWaitSeconds string `json:"gcsMaxWaitSeconds"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// GcpCredentialManagerList is a list of GcpCredentialManagers. +type GcpCredentialManagerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + // Items is a list of GcpCredentialManager CRD objects. + Items []GcpCredentialManager `json:"items,omitempty"` +} diff --git a/apis/installer/v1alpha1/register.go b/apis/installer/v1alpha1/register.go index 5b7faf45..e02347f0 100644 --- a/apis/installer/v1alpha1/register.go +++ b/apis/installer/v1alpha1/register.go @@ -56,6 +56,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &AwsCredentialManager{}, &AwsCredentialManagerList{}, + &GcpCredentialManager{}, + &GcpCredentialManagerList{}, &CapaVpcPeeringOperator{}, &CapaVpcPeeringOperatorList{}, &CapiOpsManager{}, diff --git a/apis/installer/v1alpha1/types_test.go b/apis/installer/v1alpha1/types_test.go index ea099b0d..47d24d8f 100644 --- a/apis/installer/v1alpha1/types_test.go +++ b/apis/installer/v1alpha1/types_test.go @@ -28,6 +28,7 @@ import ( func TestDefaultValues(t *testing.T) { checker := sc.New(os.DirFS("../../.."), sc.TestCase{Obj: v1alpha1.AwsCredentialManagerSpec{}}, + sc.TestCase{Obj: v1alpha1.GcpCredentialManagerSpec{}}, sc.TestCase{Obj: v1alpha1.CapaVpcPeeringOperatorSpec{}}, sc.TestCase{Obj: v1alpha1.CapiOpsManagerSpec{}}, sc.TestCase{Obj: v1alpha1.DockerMachineOperatorSpec{}}, diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go index a951ff64..81f87f99 100644 --- a/apis/installer/v1alpha1/zz_generated.deepcopy.go +++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go @@ -603,6 +603,190 @@ func (in *DockerMachineOperatorSpec) DeepCopy() *DockerMachineOperatorSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpBucketAccessor) DeepCopyInto(out *GcpBucketAccessor) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpBucketAccessor. +func (in *GcpBucketAccessor) DeepCopy() *GcpBucketAccessor { + if in == nil { + return nil + } + out := new(GcpBucketAccessor) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpCredentialManager) DeepCopyInto(out *GcpCredentialManager) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpCredentialManager. +func (in *GcpCredentialManager) DeepCopy() *GcpCredentialManager { + if in == nil { + return nil + } + out := new(GcpCredentialManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GcpCredentialManager) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpCredentialManagerApiserver) DeepCopyInto(out *GcpCredentialManagerApiserver) { + *out = *in + out.Healthcheck = in.Healthcheck + out.ServingCerts = in.ServingCerts +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpCredentialManagerApiserver. +func (in *GcpCredentialManagerApiserver) DeepCopy() *GcpCredentialManagerApiserver { + if in == nil { + return nil + } + out := new(GcpCredentialManagerApiserver) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpCredentialManagerList) DeepCopyInto(out *GcpCredentialManagerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GcpCredentialManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpCredentialManagerList. +func (in *GcpCredentialManagerList) DeepCopy() *GcpCredentialManagerList { + if in == nil { + return nil + } + out := new(GcpCredentialManagerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GcpCredentialManagerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpCredentialManagerSpec) DeepCopyInto(out *GcpCredentialManagerSpec) { + *out = *in + out.Image = in.Image + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PodAnnotations != nil { + in, out := &in.PodAnnotations, &out.PodAnnotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.PodLabels != nil { + in, out := &in.PodLabels, &out.PodLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.PodSecurityContext != nil { + in, out := &in.PodSecurityContext, &out.PodSecurityContext + *out = new(v1.PodSecurityContext) + (*in).DeepCopyInto(*out) + } + if in.SecurityContext != nil { + in, out := &in.SecurityContext, &out.SecurityContext + *out = new(v1.SecurityContext) + (*in).DeepCopyInto(*out) + } + in.Resources.DeepCopyInto(&out.Resources) + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(v1.Affinity) + (*in).DeepCopyInto(*out) + } + if in.LivenessProbe != nil { + in, out := &in.LivenessProbe, &out.LivenessProbe + *out = new(v1.Probe) + (*in).DeepCopyInto(*out) + } + if in.ReadinessProbe != nil { + in, out := &in.ReadinessProbe, &out.ReadinessProbe + *out = new(v1.Probe) + (*in).DeepCopyInto(*out) + } + out.Service = in.Service + in.ServiceAccount.DeepCopyInto(&out.ServiceAccount) + if in.Volumes != nil { + in, out := &in.Volumes, &out.Volumes + *out = make([]v1.Volume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeMounts != nil { + in, out := &in.VolumeMounts, &out.VolumeMounts + *out = make([]v1.VolumeMount, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Distro = in.Distro + out.Apiserver = in.Apiserver + out.BucketAccessor = in.BucketAccessor +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpCredentialManagerSpec. +func (in *GcpCredentialManagerSpec) DeepCopy() *GcpCredentialManagerSpec { + if in == nil { + return nil + } + out := new(GcpCredentialManagerSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthcheckSpec) DeepCopyInto(out *HealthcheckSpec) { *out = *in diff --git a/charts/aws-credential-manager/templates/mutating-webhook.yaml b/charts/aws-credential-manager/templates/mutating-webhook.yaml similarity index 100% rename from charts/aws-credential-manager/templates/mutating-webhook.yaml rename to charts/aws-credential-manager/templates/mutating-webhook.yaml diff --git a/charts/aws-credential-manager/values.openapiv3_schema.yaml b/charts/aws-credential-manager/values.openapiv3_schema.yaml index 8530324f..3125a200 100644 --- a/charts/aws-credential-manager/values.openapiv3_schema.yaml +++ b/charts/aws-credential-manager/values.openapiv3_schema.yaml @@ -438,6 +438,75 @@ properties: x-kubernetes-list-type: atomic type: object type: object + apiserver: + properties: + bypassValidatingWebhookXray: + type: boolean + ca: + type: string + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + type: integer + required: + - bypassValidatingWebhookXray + - ca + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + type: object + bucketAccessor: + properties: + awsMaxIntervalSeconds: + type: string + awsMaxWaitSeconds: + type: string + required: + - awsMaxIntervalSeconds + - awsMaxWaitSeconds + type: object + distro: + properties: + openshift: + type: boolean + ubi: + enum: + - all + - catalog + - operator + type: string + required: + - openshift + - ubi + type: object fullnameOverride: type: string image: @@ -479,6 +548,7 @@ properties: format: int32 type: integer service: + default: '' type: string required: - port @@ -578,6 +648,8 @@ properties: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -604,6 +676,8 @@ properties: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -648,6 +722,7 @@ properties: format: int32 type: integer service: + default: '' type: string required: - port @@ -721,6 +796,8 @@ properties: properties: name: type: string + request: + type: string required: - name type: object @@ -904,10 +981,12 @@ properties: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1284,6 +1363,13 @@ properties: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -1297,6 +1383,7 @@ properties: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1479,6 +1566,25 @@ properties: type: array x-kubernetes-list-type: atomic type: object + podCertificate: + properties: + certificateChainPath: + type: string + credentialBundlePath: + type: string + keyPath: + type: string + keyType: + type: string + maxExpirationSeconds: + format: int32 + type: integer + signerName: + type: string + required: + - keyType + - signerName + type: object secret: properties: items: @@ -1545,6 +1651,7 @@ properties: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1552,6 +1659,7 @@ properties: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1563,6 +1671,7 @@ properties: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1571,6 +1680,7 @@ properties: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1588,6 +1698,7 @@ properties: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/charts/aws-credential-manager/values.yaml b/charts/aws-credential-manager/values.yaml index 8a1742d8..1313bce2 100644 --- a/charts/aws-credential-manager/values.yaml +++ b/charts/aws-credential-manager/values.yaml @@ -125,4 +125,4 @@ apiserver: # Serving certficate used by webhook server. serverCrt: "" # Private key for the serving certificate used by webhook server. - serverKey: "" \ No newline at end of file + serverKey: "" diff --git a/charts/gcp-credential-manager/Chart.yaml b/charts/gcp-credential-manager/Chart.yaml index 449a66be..310db739 100644 --- a/charts/gcp-credential-manager/Chart.yaml +++ b/charts/gcp-credential-manager/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: gcp-credential-manager description: A Helm chart for GCP Credential Manager type: application -version: v2026.1.20 -appVersion: v0.0.3 +version: v2026.3.11 +appVersion: v0.1.0 home: https://github.com/appscode-cloud icon: https://cdn.appscode.com/images/products/bytebuilders/icons/android-icon-192x192.png sources: diff --git a/charts/gcp-credential-manager/README.md b/charts/gcp-credential-manager/README.md index 8de0fd2a..513b2876 100644 --- a/charts/gcp-credential-manager/README.md +++ b/charts/gcp-credential-manager/README.md @@ -7,8 +7,8 @@ ```bash $ helm repo add appscode https://charts.appscode.com/stable $ helm repo update -$ helm search repo appscode/gcp-credential-manager --version=v2026.1.20 -$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 +$ helm search repo appscode/gcp-credential-manager --version=v2026.3.11 +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.3.11 ``` ## Introduction @@ -24,7 +24,7 @@ This chart deploys a GCP Credential Manager on a [Kubernetes](http://kubernetes. To install/upgrade the chart with the release name `gcp-credential-manager`: ```bash -$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.3.11 ``` The command deploys a GCP Credential Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -102,12 +102,12 @@ The following table lists the configurable parameters of the `gcp-credential-man Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: ```bash -$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 --set replicaCount=1 +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.3.11 --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.1.20 --values values.yaml +$ helm upgrade -i gcp-credential-manager appscode/gcp-credential-manager -n kubeops --create-namespace --version=v2026.3.11 --values values.yaml ``` diff --git a/charts/gcp-credential-manager/values.openapiv3_schema.yaml b/charts/gcp-credential-manager/values.openapiv3_schema.yaml index 8530324f..01cbc7d5 100644 --- a/charts/gcp-credential-manager/values.openapiv3_schema.yaml +++ b/charts/gcp-credential-manager/values.openapiv3_schema.yaml @@ -438,6 +438,75 @@ properties: x-kubernetes-list-type: atomic type: object type: object + apiserver: + properties: + bypassValidatingWebhookXray: + type: boolean + ca: + type: string + enableMutatingWebhook: + type: boolean + enableValidatingWebhook: + type: boolean + groupPriorityMinimum: + type: integer + healthcheck: + properties: + enabled: + type: boolean + type: object + servingCerts: + properties: + caCrt: + type: string + generate: + type: boolean + serverCrt: + type: string + serverKey: + type: string + required: + - generate + type: object + useKubeapiserverFqdnForAks: + type: boolean + versionPriority: + type: integer + required: + - bypassValidatingWebhookXray + - ca + - enableMutatingWebhook + - enableValidatingWebhook + - groupPriorityMinimum + - healthcheck + - servingCerts + - useKubeapiserverFqdnForAks + - versionPriority + type: object + bucketAccessor: + properties: + gcsMaxIntervalSeconds: + type: string + gcsMaxWaitSeconds: + type: string + required: + - gcsMaxIntervalSeconds + - gcsMaxWaitSeconds + type: object + distro: + properties: + openshift: + type: boolean + ubi: + enum: + - all + - catalog + - operator + type: string + required: + - openshift + - ubi + type: object fullnameOverride: type: string image: @@ -479,6 +548,7 @@ properties: format: int32 type: integer service: + default: '' type: string required: - port @@ -578,6 +648,8 @@ properties: runAsUser: format: int64 type: integer + seLinuxChangePolicy: + type: string seLinuxOptions: properties: level: @@ -604,6 +676,8 @@ properties: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -648,6 +722,7 @@ properties: format: int32 type: integer service: + default: '' type: string required: - port @@ -721,6 +796,8 @@ properties: properties: name: type: string + request: + type: string required: - name type: object @@ -904,10 +981,12 @@ properties: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -1284,6 +1363,13 @@ properties: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -1297,6 +1383,7 @@ properties: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -1479,6 +1566,25 @@ properties: type: array x-kubernetes-list-type: atomic type: object + podCertificate: + properties: + certificateChainPath: + type: string + credentialBundlePath: + type: string + keyPath: + type: string + keyType: + type: string + maxExpirationSeconds: + format: int32 + type: integer + signerName: + type: string + required: + - keyType + - signerName + type: object secret: properties: items: @@ -1545,6 +1651,7 @@ properties: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -1552,6 +1659,7 @@ properties: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -1563,6 +1671,7 @@ properties: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -1571,6 +1680,7 @@ properties: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -1588,6 +1698,7 @@ properties: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string diff --git a/charts/gcp-credential-manager/values.yaml b/charts/gcp-credential-manager/values.yaml index dd2045f9..4cb62a5f 100644 --- a/charts/gcp-credential-manager/values.yaml +++ b/charts/gcp-credential-manager/values.yaml @@ -104,4 +104,4 @@ apiserver: # Serving certficate used by webhook server. serverCrt: "" # Private key for the serving certificate used by webhook server. - serverKey: "" \ No newline at end of file + serverKey: "" From 34a125423e38198d79ea99d6299f51ff39262240 Mon Sep 17 00:00:00 2001 From: Anisur Rahman Date: Wed, 11 Mar 2026 11:14:16 +0600 Subject: [PATCH 7/7] Add condition for secret creation & mount Signed-off-by: Anisur Rahman --- .../templates/deployment.yaml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/charts/gcp-credential-manager/templates/deployment.yaml b/charts/gcp-credential-manager/templates/deployment.yaml index b9b9ad45..6236075d 100644 --- a/charts/gcp-credential-manager/templates/deployment.yaml +++ b/charts/gcp-credential-manager/templates/deployment.yaml @@ -47,7 +47,9 @@ spec: - --metrics-bind-address=:8443 - --leader-elect=false - --health-probe-bind-address=:{{ .Values.service.port }} + {{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} - --webhook-cert-path=/var/serving-cert + {{- end }} - --gcs-max-interval-seconds={{ .Values.bucketAccessor.gcsMaxIntervalSeconds }} - --gcs-max-wait-seconds={{ .Values.bucketAccessor.gcsMaxWaitSeconds }} ports: @@ -61,16 +63,20 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - mountPath: /var/serving-cert - name: serving-cert + {{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} + - mountPath: /var/serving-cert + name: serving-cert + {{- end }} {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} volumes: - - name: serving-cert - secret: - defaultMode: 420 - secretName: {{ include "gcp-credential-manager.fullname" . }}-apiserver-cert + {{- if or .Values.apiserver.enableMutatingWebhook .Values.apiserver.enableValidatingWebhook }} + - name: serving-cert + secret: + defaultMode: 420 + secretName: {{ include "gcp-credential-manager.fullname" . }}-apiserver-cert + {{- end }} {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }}