Merge pull request #359 from dilallkx/kd_sp49_fix_k8s

K8s v1.22+ support
InterDigitalInc · Nov 7, 2022 · 2e487fc · 2e487fc
2 parents 8b488b7 + 5736e73
commit 2e487fc
Show file tree

Hide file tree

Showing 454 changed files with 65,438 additions and 30,026 deletions.
diff --git a/.meepctl-repocfg.yaml b/.meepctl-repocfg.yaml
@@ -887,17 +887,6 @@ repo:
       chart: charts/kube-state-metrics
       # user supplied value file located @ .meep/user/values (use below file name)
       chart-user-values: meep-kube-state-metrics.yaml
-    meep-minio:
-      # enable meepctl build -> deps are never built
-      build: false
-      # enable meepctl dockerize -> deps are never dockerized
-      dockerize: false
-      # enable meepctl deploy/delete
-      deploy: false
-      # location of deployment chart
-      chart: charts/minio
-      # user supplied value file located @ .meep/user/values (use below file name)
-      chart-user-values: meep-minio.yaml
     meep-open-map-tiles:
       # enable meepctl build -> deps are never built
       build: false

diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml
@@ -1,17 +1,22 @@
+annotations:
+  artifacthub.io/prerelease: "false"
+  artifacthub.io/signKey: |
+    fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E
+    url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg
 apiVersion: v1
-appVersion: v1.0.3
+appVersion: v1.8.0
 description: A Helm chart for cert-manager
-home: https://github.com/jetstack/cert-manager
+home: https://github.com/cert-manager/cert-manager
 icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png
 keywords:
 - cert-manager
 - kube-lego
 - letsencrypt
 - tls
 maintainers:
-- email: [email protected]
-  name: munnerz
+- email: [email protected]
+  name: cert-manager-maintainers
 name: cert-manager
 sources:
-- https://github.com/jetstack/cert-manager
-version: v1.0.3
+- https://github.com/cert-manager/cert-manager
+version: v1.8.0
diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md
diff --git a/charts/cert-manager/templates/NOTES.txt b/charts/cert-manager/templates/NOTES.txt
@@ -1,4 +1,4 @@
-cert-manager has been deployed successfully!
+cert-manager {{ .Chart.AppVersion }} has been deployed successfully!
 
 In order to begin issuing certificates, you will need to set up a ClusterIssuer
 or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

diff --git a/charts/cert-manager/templates/_helpers.tpl b/charts/cert-manager/templates/_helpers.tpl
@@ -23,13 +23,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "cert-manager.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}
@@ -65,14 +58,7 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 
 {{- define "webhook.caRef" -}}
-{{ .Release.Namespace}}/{{ template "webhook.fullname" . }}-ca
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "webhook.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca
 {{- end -}}
 
 {{/*
@@ -109,13 +95,6 @@ If release name contains chart name it will be used as a full name.
 {{- printf "%s-cainjector" $trimmedName | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "cainjector.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
 {{/*
 Create the name of the service account to use
 */}}
@@ -126,3 +105,55 @@ Create the name of the service account to use
     {{ default "default" .Values.cainjector.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+startupapicheck templates
+*/}}
+
+{{/*
+Expand the name of the chart.
+Manually fix the 'app' and 'name' labels to 'startupapicheck' to maintain
+compatibility with the v0.9 deployment selector.
+*/}}
+{{- define "startupapicheck.name" -}}
+{{- printf "startupapicheck" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "startupapicheck.fullname" -}}
+{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}
+{{- printf "%s-startupapicheck" $trimmedName | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "startupapicheck.serviceAccountName" -}}
+{{- if .Values.startupapicheck.serviceAccount.create -}}
+    {{ default (include "startupapicheck.fullname" .) .Values.startupapicheck.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.startupapicheck.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chartName" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Labels that should be added on each resource
+*/}}
+{{- define "labels" -}}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- if eq (default "helm" .Values.creator) "helm" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "chartName" . }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/templates/cainjector-deployment.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.cainjector.enabled -}}
+{{- if .Values.cainjector.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -8,12 +8,11 @@ metadata:
     app: {{ include "cainjector.name" . }}
     app.kubernetes.io/name: {{ include "cainjector.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/component: "cainjector"
-    helm.sh/chart: {{ include "cainjector.chart" . }}
-  {{- if .Values.cainjector.deploymentAnnotations }}
+    {{- include "labels" . | nindent 4 }}
+  {{- with .Values.cainjector.deploymentAnnotations }}
   annotations:
-{{ toYaml .Values.cainjector.deploymentAnnotations | indent 4 }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
   replicas: {{ .Values.cainjector.replicaCount }}
@@ -24,65 +23,80 @@ spec:
       app.kubernetes.io/component: "cainjector"
   {{- with .Values.cainjector.strategy }}
   strategy:
-    {{- . | toYaml | nindent 4 }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
   template:
     metadata:
       labels:
         app: {{ include "cainjector.name" . }}
         app.kubernetes.io/name: {{ include "cainjector.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/managed-by: {{ .Release.Service }}
         app.kubernetes.io/component: "cainjector"
-        helm.sh/chart: {{ include "cainjector.chart" . }}
-      {{- if .Values.cainjector.podAnnotations }}
+        {{- include "labels" . | nindent 8 }}
+        {{- with .Values.cainjector.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.cainjector.podAnnotations }}
       annotations:
-{{ toYaml .Values.cainjector.podAnnotations | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
       serviceAccountName: {{ template "cainjector.serviceAccountName" . }}
-      {{- if .Values.global.priorityClassName }}
-      priorityClassName: {{ .Values.global.priorityClassName | quote }}
+      {{- with .Values.global.priorityClassName }}
+      priorityClassName: {{ . | quote }}
       {{- end }}
-      {{- if .Values.cainjector.securityContext}}
+      {{- with .Values.cainjector.securityContext }}
       securityContext:
-{{ toYaml .Values.cainjector.securityContext | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           {{- with .Values.cainjector.image }}
-          image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{.digest}}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
+          image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
           {{- end }}
           imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }}
           args:
           {{- if .Values.global.logLevel }}
           - --v={{ .Values.global.logLevel }}
           {{- end }}
-          - --leader-election-namespace={{ .Values.global.leaderElection.namespace }}
-          {{- if .Values.cainjector.extraArgs }}
-{{ toYaml .Values.cainjector.extraArgs | indent 10 }}
+          {{- with .Values.global.leaderElection }}
+          - --leader-election-namespace={{ .namespace }}
+          {{- if .leaseDuration }}
+          - --leader-election-lease-duration={{ .leaseDuration }}
+          {{- end }}
+          {{- if .renewDeadline }}
+          - --leader-election-renew-deadline={{ .renewDeadline }}
+          {{- end }}
+          {{- if .retryPeriod }}
+          - --leader-election-retry-period={{ .retryPeriod }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.cainjector.extraArgs }}
+          {{- toYaml . | nindent 10 }}
           {{- end }}
           env:
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          {{- if .Values.cainjector.containerSecurityContext }}
+          {{- with .Values.cainjector.containerSecurityContext }}
           securityContext:
-            {{- toYaml .Values.cainjector.containerSecurityContext | nindent 12 }}
+            {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.cainjector.resources }}
           resources:
-{{ toYaml .Values.cainjector.resources | indent 12 }}
-    {{- with .Values.cainjector.nodeSelector }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.cainjector.nodeSelector }}
       nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.cainjector.affinity }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.cainjector.affinity }}
       affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.cainjector.tolerations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.cainjector.tolerations }}
       tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-{{- end -}}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml b/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.cainjector.enabled -}}
+{{- if .Values.cainjector.enabled }}
 {{- if .Values.global.podSecurityPolicy.enabled }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -8,9 +8,8 @@ metadata:
     app: {{ include "cainjector.name" . }}
     app.kubernetes.io/name: {{ include "cainjector.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/component: "cainjector"
-    helm.sh/chart: {{ include "cainjector.chart" . }}
+    {{- include "labels" . | nindent 4 }}
 rules:
 - apiGroups: ['policy']
   resources: ['podsecuritypolicies']

diff --git a/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml b/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.cainjector.enabled -}}
+{{- if .Values.cainjector.enabled }}
 {{- if .Values.global.podSecurityPolicy.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -8,9 +8,8 @@ metadata:
     app: {{ include "cainjector.name" . }}
     app.kubernetes.io/name: {{ include "cainjector.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/component: "cainjector"
-    helm.sh/chart: {{ include "cainjector.chart" . }}
+    {{- include "labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/charts/cert-manager/templates/cainjector-psp.yaml b/charts/cert-manager/templates/cainjector-psp.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.cainjector.enabled -}}
+{{- if .Values.cainjector.enabled }}
 {{- if .Values.global.podSecurityPolicy.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
@@ -8,9 +8,8 @@ metadata:
     app: {{ include "cainjector.name" . }}
     app.kubernetes.io/name: {{ include "cainjector.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/component: "cainjector"
-    helm.sh/chart: {{ include "cainjector.chart" . }}
+    {{- include "labels" . | nindent 4 }}
   annotations:
     seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
     seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
@@ -48,5 +47,5 @@ spec:
     ranges:
     - min: 1000
       max: 1000
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{- end }}