diff --git a/charts/keptn-lifecycle-toolkit/Chart.yaml b/charts/keptn-lifecycle-toolkit/Chart.yaml index 16460b2..4b3c34d 100644 --- a/charts/keptn-lifecycle-toolkit/Chart.yaml +++ b/charts/keptn-lifecycle-toolkit/Chart.yaml @@ -41,10 +41,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.2 +version: 0.2.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.7.0" # x-release-please-version +appVersion: "v0.7.1" # x-release-please-version diff --git a/charts/keptn-lifecycle-toolkit/README.md b/charts/keptn-lifecycle-toolkit/README.md index be42df5..5da5d16 100644 --- a/charts/keptn-lifecycle-toolkit/README.md +++ b/charts/keptn-lifecycle-toolkit/README.md @@ -8,23 +8,23 @@ checks ### Keptn Scheduler -| Name | Description | Value | -| -------------------------------------------------------------------------------- | -------------------------------------------------------------- | ------------------------- | -| `scheduler.scheduler.containerSecurityContext` | Sets security context | | -| `scheduler.scheduler.env.otelCollectorUrl` | sets url for open telemetry collector | `otel-collector:4317` | -| `scheduler.scheduler.image.repository` | set image repository for scheduler | `ghcr.keptn.sh/scheduler` | -| `scheduler.scheduler.image.tag` | set image tag for scheduler | `v0.7.0` | -| `scheduler.scheduler.imagePullPolicy` | set image pull policy for scheduler | `Always` | -| `scheduler.scheduler.livenessProbe` | customizable liveness probe for the scheduler | | -| `scheduler.scheduler.readinessProbe` | customizable readiness probe for the scheduler | | -| `scheduler.scheduler.resources` | sets cpu and memory resurces/limits for scheduler | | -| `schedulerConfig.schedulerConfigYaml.leaderElection.leaderElect` | enables leader election for multiple replicas of the scheduler | `false` | -| `schedulerConfig.schedulerConfigYaml.profiles[0].plugins.permit.enabled[0].name` | enables permit plugin | `KLCPermit` | -| `schedulerConfig.schedulerConfigYaml.profiles[0].schedulerName` | changes scheduler name | `keptn-scheduler` | -| `scheduler.nodeSelector` | adds node selectors for scheduler | `{}` | -| `scheduler.replicas` | modifies replicas | `1` | -| `scheduler.tolerations` | adds tolerations for scheduler | `[]` | -| `scheduler.topologySpreadConstraints` | add topology constraints for scheduler | `[]` | +| Name | Description | Value | +| -------------------------------------------------------------------------------- | -------------------------------------------------------------- | ------------------------------- | +| `scheduler.scheduler.containerSecurityContext` | Sets security context | | +| `scheduler.scheduler.env.otelCollectorUrl` | sets url for open telemetry collector | `otel-collector:4317` | +| `scheduler.scheduler.image.repository` | set image repository for scheduler | `ghcr.keptn.sh/keptn/scheduler` | +| `scheduler.scheduler.image.tag` | set image tag for scheduler | `v0.7.1` | +| `scheduler.scheduler.imagePullPolicy` | set image pull policy for scheduler | `Always` | +| `scheduler.scheduler.livenessProbe` | customizable liveness probe for the scheduler | | +| `scheduler.scheduler.readinessProbe` | customizable readiness probe for the scheduler | | +| `scheduler.scheduler.resources` | sets cpu and memory resurces/limits for scheduler | | +| `schedulerConfig.schedulerConfigYaml.leaderElection.leaderElect` | enables leader election for multiple replicas of the scheduler | `false` | +| `schedulerConfig.schedulerConfigYaml.profiles[0].plugins.permit.enabled[0].name` | enables permit plugin | `KLCPermit` | +| `schedulerConfig.schedulerConfigYaml.profiles[0].schedulerName` | changes scheduler name | `keptn-scheduler` | +| `scheduler.nodeSelector` | adds node selectors for scheduler | `{}` | +| `scheduler.replicas` | modifies replicas | `1` | +| `scheduler.tolerations` | adds tolerations for scheduler | `[]` | +| `scheduler.topologySpreadConstraints` | add topology constraints for scheduler | `[]` | ### Keptn Certificate Operator common @@ -42,15 +42,17 @@ checks ### Keptn Certificate Operator controller -| Name | Description | Value | -| ------------------------------------------------------ | ------------------------------------------------ | ------------------------------------ | -| `certificateOperator.manager.containerSecurityContext` | Sets security context for the cert manager | | -| `certificateOperator.manager.image.repository` | specify repo for manager image | `ghcr.keptn.sh/certificate-operator` | -| `certificateOperator.manager.image.tag` | select tag for manager container | `v0.7.0` | -| `certificateOperator.manager.imagePullPolicy` | select image pull policy for manager container | `Always` | -| `certificateOperator.manager.livenessProbe` | custom RBAC proxy liveness probe | | -| `certificateOperator.manager.readinessProbe` | custom manager readiness probe | | -| `certificateOperator.manager.resources` | custom limits and requests for manager container | | +| Name | Description | Value | +| ------------------------------------------------------ | ------------------------------------------------------------------------- | ------------------------------------------ | +| `certificateOperator.manager.containerSecurityContext` | Sets security context for the cert manager | | +| `certificateOperator.manager.image.repository` | specify repo for manager image | `ghcr.keptn.sh/keptn/certificate-operator` | +| `certificateOperator.manager.image.tag` | select tag for manager container | `v0.7.1` | +| `certificateOperator.manager.imagePullPolicy` | select image pull policy for manager container | `Always` | +| `certificateOperator.manager.env.labelSelectorKey` | specify the label selector to find resources to generate certificates for | `keptn.sh/inject-cert` | +| `certificateOperator.manager.env.labelSelectorValue` | specify the value for the label selector | `true` | +| `certificateOperator.manager.livenessProbe` | custom RBAC proxy liveness probe | | +| `certificateOperator.manager.readinessProbe` | custom manager readiness probe | | +| `certificateOperator.manager.resources` | custom limits and requests for manager container | | ### Keptn Lifecycle Operator common @@ -69,32 +71,33 @@ checks ### Keptn Lifecycle Operator controller -| Name | Description | Value | -| ----------------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------- | -| `lifecycleOperator.manager.containerSecurityContext` | Sets security context privileges | | -| `lifecycleOperator.manager.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `lifecycleOperator.manager.containerSecurityContext.capabilities.drop` | | `["ALL"]` | -| `lifecycleOperator.manager.containerSecurityContext.privileged` | | `false` | -| `lifecycleOperator.manager.containerSecurityContext.runAsGroup` | | `65532` | -| `lifecycleOperator.manager.containerSecurityContext.runAsNonRoot` | | `true` | -| `lifecycleOperator.manager.containerSecurityContext.runAsUser` | | `65532` | -| `lifecycleOperator.manager.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `lifecycleOperator.manager.env.keptnAppControllerLogLevel` | sets the log level of Keptn App Controller | `0` | -| `lifecycleOperator.manager.env.keptnAppVersionControllerLogLevel` | sets the log level of Keptn AppVersion Controller | `0` | -| `lifecycleOperator.manager.env.keptnEvaluationControllerLogLevel` | sets the log level of Keptn Evaluation Controller | `0` | -| `lifecycleOperator.manager.env.keptnTaskControllerLogLevel` | sets the log level of Keptn Task Controller | `0` | -| `lifecycleOperator.manager.env.keptnTaskDefinitionControllerLogLevel` | sets the log level of Keptn TaskDefinition Controller | `0` | -| `lifecycleOperator.manager.env.keptnWorkloadControllerLogLevel` | sets the log level of Keptn Workload Controller | `0` | -| `lifecycleOperator.manager.env.keptnWorkloadInstanceControllerLogLevel` | sets the log level of Keptn WorkloadInstance Controller | `0` | -| `lifecycleOperator.manager.env.optionsControllerLogLevel` | sets the log level of Keptn Options Controller | `0` | -| `lifecycleOperator.manager.env.otelCollectorUrl` | Sets the URL for the open telemetry collector | `otel-collector:4317` | -| `lifecycleOperator.manager.env.functionRunnerImage` | specify image for task runtime | `ghcr.keptn.sh/keptn/functions-runtime:v0.7.0` | -| `lifecycleOperator.manager.image.repository` | specify registry for manager image | `ghcr.keptn.sh/lifecycle-operator` | -| `lifecycleOperator.manager.image.tag` | select tag for manager image | `v0.7.0` | -| `lifecycleOperator.manager.imagePullPolicy` | specify pull policy for manager image | `Always` | -| `lifecycleOperator.manager.livenessProbe` | custom livenessprobe for manager container | | -| `lifecycleOperator.manager.readinessProbe` | custom readinessprobe for manager container | | -| `lifecycleOperator.manager.resources` | specify limits and requests for manager container | | +| Name | Description | Value | +| ----------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------- | +| `lifecycleOperator.manager.containerSecurityContext` | Sets security context privileges | | +| `lifecycleOperator.manager.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `lifecycleOperator.manager.containerSecurityContext.capabilities.drop` | | `["ALL"]` | +| `lifecycleOperator.manager.containerSecurityContext.privileged` | | `false` | +| `lifecycleOperator.manager.containerSecurityContext.runAsGroup` | | `65532` | +| `lifecycleOperator.manager.containerSecurityContext.runAsNonRoot` | | `true` | +| `lifecycleOperator.manager.containerSecurityContext.runAsUser` | | `65532` | +| `lifecycleOperator.manager.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `lifecycleOperator.manager.env.keptnAppControllerLogLevel` | sets the log level of Keptn App Controller | `0` | +| `lifecycleOperator.manager.env.keptnAppCreationRequestControllerLogLevel` | sets the log level of Keptn App Creation Request Controller | `0` | +| `lifecycleOperator.manager.env.keptnAppVersionControllerLogLevel` | sets the log level of Keptn AppVersion Controller | `0` | +| `lifecycleOperator.manager.env.keptnEvaluationControllerLogLevel` | sets the log level of Keptn Evaluation Controller | `0` | +| `lifecycleOperator.manager.env.keptnTaskControllerLogLevel` | sets the log level of Keptn Task Controller | `0` | +| `lifecycleOperator.manager.env.keptnTaskDefinitionControllerLogLevel` | sets the log level of Keptn TaskDefinition Controller | `0` | +| `lifecycleOperator.manager.env.keptnWorkloadControllerLogLevel` | sets the log level of Keptn Workload Controller | `0` | +| `lifecycleOperator.manager.env.keptnWorkloadInstanceControllerLogLevel` | sets the log level of Keptn WorkloadInstance Controller | `0` | +| `lifecycleOperator.manager.env.optionsControllerLogLevel` | sets the log level of Keptn Options Controller | `0` | +| `lifecycleOperator.manager.env.otelCollectorUrl` | Sets the URL for the open telemetry collector | `otel-collector:4317` | +| `lifecycleOperator.manager.env.functionRunnerImage` | specify image for task runtime | `ghcr.keptn.sh/keptn/functions-runtime:v0.7.1` | +| `lifecycleOperator.manager.image.repository` | specify registry for manager image | `ghcr.keptn.sh/keptn/lifecycle-operator` | +| `lifecycleOperator.manager.image.tag` | select tag for manager image | `v0.7.1` | +| `lifecycleOperator.manager.imagePullPolicy` | specify pull policy for manager image | `Always` | +| `lifecycleOperator.manager.livenessProbe` | custom livenessprobe for manager container | | +| `lifecycleOperator.manager.readinessProbe` | custom readinessprobe for manager container | | +| `lifecycleOperator.manager.resources` | specify limits and requests for manager container | | ### Keptn Metrics Operator common @@ -132,18 +135,23 @@ checks ### Keptn Metrics Operator controller -| Name | Description | Value | -| --------------------------------------------------------------------------- | ------------------------------------------------- | -------------------------------- | -| `metricsOperator.manager.containerSecurityContext` | Sets security context privileges | | -| `metricsOperator.manager.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `metricsOperator.manager.containerSecurityContext.capabilities.drop` | | `["ALL"]` | -| `metricsOperator.manager.image.repository` | specify registry for manager image | `ghcr.keptn.sh/metrics-operator` | -| `metricsOperator.manager.image.tag` | select tag for manager image | `v0.7.0` | -| `metricsOperator.manager.env.exposeKeptnMetrics` | enable metrics exporter | `true` | -| `metricsOperator.manager.env.metricsControllerLogLevel` | sets the log level of Metrics Controller | `0` | -| `metricsOperator.manager.livenessProbe` | custom livenessprobe for manager container | | -| `metricsOperator.manager.readinessProbe` | custom readinessprobe for manager container | | -| `metricsOperator.manager.resources` | specify limits and requests for manager container | | +| Name | Description | Value | +| --------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------- | +| `metricsOperator.manager.containerSecurityContext` | Sets security context privileges | | +| `metricsOperator.manager.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `metricsOperator.manager.containerSecurityContext.capabilities.drop` | | `["ALL"]` | +| `metricsOperator.manager.containerSecurityContext.privileged` | | `false` | +| `metricsOperator.manager.containerSecurityContext.runAsGroup` | | `65532` | +| `metricsOperator.manager.containerSecurityContext.runAsNonRoot` | | `true` | +| `metricsOperator.manager.containerSecurityContext.runAsUser` | | `65532` | +| `metricsOperator.manager.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `metricsOperator.manager.image.repository` | specify registry for manager image | `ghcr.keptn.sh/keptn/metrics-operator` | +| `metricsOperator.manager.image.tag` | select tag for manager image | `v0.7.1` | +| `metricsOperator.manager.env.exposeKeptnMetrics` | enable metrics exporter | `true` | +| `metricsOperator.manager.env.metricsControllerLogLevel` | sets the log level of Metrics Controller | `0` | +| `metricsOperator.manager.livenessProbe` | custom livenessprobe for manager container | | +| `metricsOperator.manager.readinessProbe` | custom readinessprobe for manager container | | +| `metricsOperator.manager.resources` | specify limits and requests for manager container | | ### Global diff --git a/charts/keptn-lifecycle-toolkit/doc.yaml b/charts/keptn-lifecycle-toolkit/doc.yaml index 4445d55..af7c3a9 100644 --- a/charts/keptn-lifecycle-toolkit/doc.yaml +++ b/charts/keptn-lifecycle-toolkit/doc.yaml @@ -1,3 +1,4 @@ +# yamllint disable rule:line-length ## @section Keptn Scheduler ## @extra scheduler.scheduler.containerSecurityContext Sets security context ## @skip scheduler.scheduler.containerSecurityContext.allowPrivilegeEscalation @@ -11,7 +12,7 @@ ## @param scheduler.scheduler.env.otelCollectorUrl sets url for open telemetry collector ## @param scheduler.scheduler.image.repository set image repository for scheduler -## @param scheduler.scheduler.image.tag set image tag for scheduler +## @param scheduler.scheduler.image.tag set image tag for scheduler ## @param scheduler.scheduler.imagePullPolicy set image pull policy for scheduler ## @extra scheduler.scheduler.livenessProbe customizable liveness probe for the scheduler @@ -65,9 +66,12 @@ ## @skip certificateOperator.manager.containerSecurityContext.seccompProfile.type ## @param certificateOperator.manager.image.repository specify repo for manager image -## @param certificateOperator.manager.image.tag select tag for manager container +## @param certificateOperator.manager.image.tag select tag for manager container ## @param certificateOperator.manager.imagePullPolicy select image pull policy for manager container +## @param certificateOperator.manager.env.labelSelectorKey specify the label selector to find resources to generate certificates for +## @param certificateOperator.manager.env.labelSelectorValue specify the value for the label selector + ## @extra certificateOperator.manager.livenessProbe custom RBAC proxy liveness probe ## @skip certificateOperator.manager.livenessProbe.httpGet.path ## @skip certificateOperator.manager.livenessProbe.httpGet.port @@ -118,6 +122,7 @@ ## @param lifecycleOperator.manager.containerSecurityContext.seccompProfile.type ## @param lifecycleOperator.manager.env.keptnAppControllerLogLevel sets the log level of Keptn App Controller +## @param lifecycleOperator.manager.env.keptnAppCreationRequestControllerLogLevel sets the log level of Keptn App Creation Request Controller ## @param lifecycleOperator.manager.env.keptnAppVersionControllerLogLevel sets the log level of Keptn AppVersion Controller ## @param lifecycleOperator.manager.env.keptnEvaluationControllerLogLevel sets the log level of Keptn Evaluation Controller ## @param lifecycleOperator.manager.env.keptnTaskControllerLogLevel sets the log level of Keptn Task Controller @@ -127,11 +132,11 @@ ## @param lifecycleOperator.manager.env.optionsControllerLogLevel sets the log level of Keptn Options Controller ## @param lifecycleOperator.manager.env.otelCollectorUrl Sets the URL for the open telemetry collector -## @param lifecycleOperator.manager.env.functionRunnerImage specify image for task runtime +## @param lifecycleOperator.manager.env.functionRunnerImage specify image for task runtime -## @param lifecycleOperator.manager.image.repository specify registry for manager image -## @param lifecycleOperator.manager.image.tag select tag for manager image -## @param lifecycleOperator.manager.imagePullPolicy specify pull policy for manager image +## @param lifecycleOperator.manager.image.repository specify registry for manager image +## @param lifecycleOperator.manager.image.tag select tag for manager image +## @param lifecycleOperator.manager.imagePullPolicy specify pull policy for manager image ## @extra lifecycleOperator.manager.livenessProbe custom livenessprobe for manager container ## @skip lifecycleOperator.manager.livenessProbe.httpGet.path @@ -192,10 +197,15 @@ ## @extra metricsOperator.manager.containerSecurityContext Sets security context privileges ## @param metricsOperator.manager.containerSecurityContext.allowPrivilegeEscalation ## @param metricsOperator.manager.containerSecurityContext.capabilities.drop +## @param metricsOperator.manager.containerSecurityContext.privileged +## @param metricsOperator.manager.containerSecurityContext.runAsGroup +## @param metricsOperator.manager.containerSecurityContext.runAsNonRoot +## @param metricsOperator.manager.containerSecurityContext.runAsUser +## @param metricsOperator.manager.containerSecurityContext.seccompProfile.type ## @param metricsOperator.manager.image.repository specify registry for manager image -## @param metricsOperator.manager.image.tag select tag for manager image +## @param metricsOperator.manager.image.tag select tag for manager image ## @param metricsOperator.manager.env.exposeKeptnMetrics enable metrics exporter ## @param metricsOperator.manager.env.metricsControllerLogLevel sets the log level of Metrics Controller diff --git a/charts/keptn-lifecycle-toolkit/templates/_helpers.tpl b/charts/keptn-lifecycle-toolkit/templates/_helpers.tpl index ac7e7c8..be11c00 100644 --- a/charts/keptn-lifecycle-toolkit/templates/_helpers.tpl +++ b/charts/keptn-lifecycle-toolkit/templates/_helpers.tpl @@ -48,7 +48,6 @@ Selector labels {{- define "chart.selectorLabels" -}} app.kubernetes.io/name: {{ include "chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- end }} {{/* diff --git a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-leader-election-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-leader-election-rbac.yaml index 2b64926..57a9cd0 100644 --- a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-leader-election-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-leader-election-rbac.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- include "chart.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-rbac.yaml index f311eec..0053fe0 100644 --- a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-rbac.yaml @@ -12,12 +12,18 @@ rules: - secrets verbs: - create - - delete - - get - list + - watch +- apiGroups: + - "" + resourceNames: + - klt-certs + resources: + - secrets + verbs: + - get - patch - update - - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -74,7 +80,7 @@ metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- include "chart.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-role-binding-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-role-binding-rbac.yaml index de4bb07..a17ed1d 100644 --- a/charts/keptn-lifecycle-toolkit/templates/certificate-operator-role-binding-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/certificate-operator-role-binding-rbac.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- include "chart.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/keptn-lifecycle-toolkit/templates/deployment.yaml b/charts/keptn-lifecycle-toolkit/templates/deployment.yaml index 0ae225b..471b8e3 100644 --- a/charts/keptn-lifecycle-toolkit/templates/deployment.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/deployment.yaml @@ -7,7 +7,7 @@ metadata: app.kuberentes.io/instance: certificate-operator app.kubernetes.io/component: rbac app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- include "chart.labels" . | nindent 4 }} --- apiVersion: v1 @@ -42,7 +42,7 @@ metadata: labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit control-plane: certificate-operator {{- include "chart.labels" . | nindent 4 }} spec: @@ -69,6 +69,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: LABEL_SELECTOR_KEY + value: {{ .Values.certificateOperator.manager.env.labelSelectorKey | quote }} + - name: LABEL_SELECTOR_VALUE + value: {{ .Values.certificateOperator.manager.env.labelSelectorValue | quote }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} image: {{ .Values.certificateOperator.manager.image.repository }}:{{ .Values.certificateOperator.manager.image.tag @@ -134,6 +138,7 @@ metadata: labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit control-plane: lifecycle-operator + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: replicas: {{ .Values.lifecycleOperator.replicas }} @@ -170,13 +175,16 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - - name: OTEL_COLLECTOR_URL - value: {{ .Values.lifecycleOperator.manager.env.otelCollectorUrl | quote }} - name: FUNCTION_RUNNER_IMAGE value: {{ .Values.lifecycleOperator.manager.env.functionRunnerImage | quote }} + - name: OTEL_COLLECTOR_URL + value: {{ .Values.lifecycleOperator.manager.env.otelCollectorUrl | quote }} - name: KEPTN_APP_CONTROLLER_LOG_LEVEL value: {{ .Values.lifecycleOperator.manager.env.keptnAppControllerLogLevel | quote }} + - name: KEPTN_APP_CREATION_REQUEST_CONTROLLER_LOG_LEVEL + value: {{ .Values.lifecycleOperator.manager.env.keptnAppCreationRequestControllerLogLevel + | quote }} - name: KEPTN_APP_VERSION_CONTROLLER_LOG_LEVEL value: {{ .Values.lifecycleOperator.manager.env.keptnAppVersionControllerLogLevel | quote }} @@ -281,6 +289,7 @@ metadata: labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit control-plane: metrics-operator + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: replicas: {{ .Values.metricsOperator.replicas }} @@ -341,6 +350,16 @@ spec: }} capabilities: {{- include "tplvalues.render" (dict "value" .Values.metricsOperator.manager.containerSecurityContext.capabilities "context" $) | nindent 12 }} + privileged: {{ .Values.metricsOperator.manager.containerSecurityContext.privileged + }} + runAsGroup: {{ .Values.metricsOperator.manager.containerSecurityContext.runAsGroup + }} + runAsNonRoot: {{ .Values.metricsOperator.manager.containerSecurityContext.runAsNonRoot + }} + runAsUser: {{ .Values.metricsOperator.manager.containerSecurityContext.runAsUser + }} + seccompProfile: {{- include "tplvalues.render" (dict "value" .Values.metricsOperator.manager.containerSecurityContext.seccompProfile + "context" $) | nindent 12 }} volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs/ name: certs-dir diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnapp-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnapp-crd.yaml index 6584039..f774f0d 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnapp-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnapp-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnapps.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: conversion: diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnappcreationrequest-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnappcreationrequest-crd.yaml new file mode 100644 index 0000000..767a268 --- /dev/null +++ b/charts/keptn-lifecycle-toolkit/templates/keptnappcreationrequest-crd.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keptnappcreationrequests.lifecycle.keptn.sh + annotations: + controller-gen.kubebuilder.io/version: v0.11.4 + labels: + app.kubernetes.io/part-of: keptn-lifecycle-toolkit + crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" + {{- include "chart.labels" . | nindent 4 }} +spec: + group: lifecycle.keptn.sh + names: + kind: KeptnAppCreationRequest + listKind: KeptnAppCreationRequestList + plural: keptnappcreationrequests + singular: keptnappcreationrequest + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: KeptnAppCreationRequest is the Schema for the keptnappcreationrequests + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnAppCreationRequestSpec defines the desired state of KeptnAppCreationRequest + properties: + appName: + description: AppName is the name of the KeptnApp the KeptnAppCreationRequest + should create if no user-defined object with that name is found. + type: string + required: + - appName + type: object + status: + description: KeptnAppCreationRequestStatus defines the observed state of + KeptnAppCreationRequest + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnappversion-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnappversion-crd.yaml index ee8fc1c..75ced92 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnappversion-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnappversion-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnappversions.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: conversion: diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnconfig-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnconfig-crd.yaml index 074c859..5501985 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnconfig-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnconfig-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnconfigs.options.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: options.keptn.sh @@ -41,11 +42,11 @@ spec: description: OTelCollectorUrl can be used to set the Open Telemetry collector that the operator should use type: string - keptnAppCreationRequestTimeout: + keptnAppCreationRequestTimeoutSeconds: default: 30 - description: KeptnAppCreationRequestTimeout is used to set the interval - in which automatic app discovery searches for workload to put into - the same auto-generated KeptnApp + description: KeptnAppCreationRequestTimeoutSeconds is used to set the + interval in which automatic app discovery searches for workload to + put into the same auto-generated KeptnApp type: integer type: object status: diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnevaluation-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnevaluation-crd.yaml index 3e3dbef..4fbb4d6 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnevaluation-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnevaluation-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: lifecycle.keptn.sh diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnevaluationdefinition-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnevaluationdefinition-crd.yaml index c629f90..4783784 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnevaluationdefinition-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnevaluationdefinition-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: lifecycle.keptn.sh diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnevaluationprovider-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnevaluationprovider-crd.yaml index a37c4fe..2fcfa2f 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnevaluationprovider-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnevaluationprovider-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnevaluationproviders.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: conversion: diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnmetric-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnmetric-crd.yaml index 1527705..0f672c8 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnmetric-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnmetric-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnmetrics.metrics.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: conversion: @@ -176,6 +177,82 @@ spec: type: object type: object served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.provider.name + name: Provider + type: string + - jsonPath: .spec.query + name: Query + type: string + - jsonPath: .status.value + name: Value + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: KeptnMetric is the Schema for the keptnmetrics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricSpec defines the desired state of KeptnMetric + properties: + fetchIntervalSeconds: + description: FetchIntervalSeconds represents the update frequency in + seconds that is used to update the metric + type: integer + provider: + description: Provider represents the provider object + properties: + name: + description: Name of the provider + type: string + required: + - name + type: object + query: + description: Query represents the query to be run + type: string + required: + - fetchIntervalSeconds + - provider + - query + type: object + status: + description: KeptnMetricStatus defines the observed state of KeptnMetric + properties: + lastUpdated: + description: LastUpdated represents the time when the status data was + last updated + format: date-time + type: string + rawValue: + description: RawValue represents the resulting value in raw format + format: byte + type: string + value: + description: Value represents the resulting value + type: string + required: + - lastUpdated + - rawValue + - value + type: object + type: object + served: true storage: true subresources: status: {} diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnmetricsprovider-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnmetricsprovider-crd.yaml index 6e9d45a..316dad3 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnmetricsprovider-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnmetricsprovider-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: metrics.keptn.sh @@ -68,6 +69,66 @@ spec: type: object type: object served: true + storage: false + subresources: + status: {} + - name: v1alpha3 + schema: + openAPIV3Schema: + description: KeptnMetricsProvider is the Schema for the keptnmetricsproviders + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeptnMetricsProviderSpec defines the desired state of KeptnMetricsProvider + properties: + secretKeyRef: + description: SecretKeyRef defines an optional secret for access credentials + to the metrics provider. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + targetServer: + description: TargetServer defined the URL at which the metrics provider + is reachable with included port and protocol. + type: string + type: + description: Type represents the provider type. This can be one of prometheus, + dynatrace, datadog, dql. + pattern: prometheus|dynatrace|datadog|dql + type: string + required: + - targetServer + type: object + status: + description: KeptnMetricsProviderStatus defines the observed state of KeptnMetricsProvider + type: object + type: object + served: true storage: true subresources: status: {} diff --git a/charts/keptn-lifecycle-toolkit/templates/keptntask-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptntask-crd.yaml index 6167fd2..cc3048a 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptntask-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptntask-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptntasks.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: lifecycle.keptn.sh @@ -321,6 +322,10 @@ spec: type: string type: object type: object + retries: + default: 10 + format: int32 + type: integer secureParameters: properties: secret: @@ -328,6 +333,10 @@ spec: type: object taskDefinition: type: string + timeout: + default: 5m + pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string workload: type: string workloadVersion: @@ -350,6 +359,8 @@ spec: type: string message: type: string + reason: + type: string startTime: format: date-time type: string diff --git a/charts/keptn-lifecycle-toolkit/templates/keptntaskdefinition-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptntaskdefinition-crd.yaml index 2eacb07..64ae17f 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptntaskdefinition-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptntaskdefinition-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: lifecycle.keptn.sh @@ -227,6 +228,14 @@ spec: type: string type: object type: object + retries: + default: 10 + format: int32 + type: integer + timeout: + default: 5m + pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string type: object status: description: KeptnTaskDefinitionStatus defines the observed state of KeptnTaskDefinition diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnworkload-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnworkload-crd.yaml index 28721ef..c839fbd 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnworkload-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnworkload-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: group: lifecycle.keptn.sh diff --git a/charts/keptn-lifecycle-toolkit/templates/keptnworkloadinstance-crd.yaml b/charts/keptn-lifecycle-toolkit/templates/keptnworkloadinstance-crd.yaml index a2c51cb..d1775e0 100644 --- a/charts/keptn-lifecycle-toolkit/templates/keptnworkloadinstance-crd.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/keptnworkloadinstance-crd.yaml @@ -3,10 +3,11 @@ kind: CustomResourceDefinition metadata: name: keptnworkloadinstances.lifecycle.keptn.sh annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.11.4 labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} spec: conversion: diff --git a/charts/keptn-lifecycle-toolkit/templates/leader-election-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/leader-election-rbac.yaml index bb92087..066755f 100644 --- a/charts/keptn-lifecycle-toolkit/templates/leader-election-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/leader-election-rbac.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: certificate-operator - app.kubernetes.io/part-of: certificate-operator + app.kubernetes.io/part-of: keptn-lifecycle-toolkit {{- include "chart.labels" . | nindent 4 }} rules: - apiGroups: diff --git a/charts/keptn-lifecycle-toolkit/templates/lifecycle-mutating-webhook-configuration.yaml b/charts/keptn-lifecycle-toolkit/templates/lifecycle-mutating-webhook-configuration.yaml index 9c010aa..7010178 100644 --- a/charts/keptn-lifecycle-toolkit/templates/lifecycle-mutating-webhook-configuration.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/lifecycle-mutating-webhook-configuration.yaml @@ -5,6 +5,8 @@ metadata: annotations: cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "chart.fullname" . }}- labels: + app.kubernetes.io/part-of: "keptn-lifecycle-toolkit" + keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} webhooks: - admissionReviewVersions: diff --git a/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-metrics-service.yaml b/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-metrics-service.yaml index 50c8602..aa3b41a 100644 --- a/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-metrics-service.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-metrics-service.yaml @@ -12,4 +12,4 @@ spec: control-plane: lifecycle-operator {{- include "chart.selectorLabels" . | nindent 4 }} ports: - {{- .Values.lifecycleOperatorMetricsService.ports | toYaml | nindent 2 -}} + {{- .Values.lifecycleOperatorMetricsService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-rbac.yaml index b5743d0..7c9a455 100644 --- a/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/lifecycle-operator-rbac.yaml @@ -17,6 +17,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - rollouts + verbs: + - get + - list + - watch - apiGroups: - batch resources: @@ -86,6 +94,32 @@ rules: - secrets verbs: - get +- apiGroups: + - lifecycle.keptn.sh + resources: + - keptnappcreationrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lifecycle.keptn.sh + resources: + - keptnappcreationrequests/finalizers + verbs: + - update +- apiGroups: + - lifecycle.keptn.sh + resources: + - keptnappcreationrequests/status + verbs: + - get + - patch + - update - apiGroups: - lifecycle.keptn.sh resources: @@ -323,27 +357,15 @@ rules: resources: - keptnconfigs verbs: - - create - - delete - get - list - - patch - - update - watch -- apiGroups: - - options.keptn.sh - resources: - - keptnconfigs/finalizers - verbs: - - update - apiGroups: - options.keptn.sh resources: - keptnconfigs/status verbs: - get - - patch - - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/keptn-lifecycle-toolkit/templates/metrics-operator-server-resources-rbac.yaml b/charts/keptn-lifecycle-toolkit/templates/metrics-operator-server-resources-rbac.yaml index de8beed..8359948 100644 --- a/charts/keptn-lifecycle-toolkit/templates/metrics-operator-server-resources-rbac.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/metrics-operator-server-resources-rbac.yaml @@ -11,4 +11,6 @@ rules: resources: - '*' verbs: - - '*' \ No newline at end of file + - get + - list + - watch \ No newline at end of file diff --git a/charts/keptn-lifecycle-toolkit/templates/metrics-operator-service.yaml b/charts/keptn-lifecycle-toolkit/templates/metrics-operator-service.yaml index 2ba1768..7bfbce4 100644 --- a/charts/keptn-lifecycle-toolkit/templates/metrics-operator-service.yaml +++ b/charts/keptn-lifecycle-toolkit/templates/metrics-operator-service.yaml @@ -12,4 +12,4 @@ spec: control-plane: metrics-operator {{- include "chart.selectorLabels" . | nindent 4 }} ports: - {{- .Values.metricsOperatorService.ports | toYaml | nindent 2 -}} + {{- .Values.metricsOperatorService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/keptn-lifecycle-toolkit/values.yaml b/charts/keptn-lifecycle-toolkit/values.yaml index 32a4ded..3249d73 100644 --- a/charts/keptn-lifecycle-toolkit/values.yaml +++ b/charts/keptn-lifecycle-toolkit/values.yaml @@ -10,9 +10,12 @@ certificateOperator: runAsUser: 65532 seccompProfile: type: RuntimeDefault + env: + labelSelectorKey: keptn.sh/inject-cert + labelSelectorValue: "true" image: repository: ghcr.keptn.sh/keptn/certificate-operator - tag: v0.7.0 + tag: v0.7.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -64,8 +67,9 @@ lifecycleOperator: seccompProfile: type: RuntimeDefault env: - functionRunnerImage: ghcr.keptn.sh/keptn/functions-runtime:v0.7.0 + functionRunnerImage: ghcr.keptn.sh/keptn/functions-runtime:v0.7.1 keptnAppControllerLogLevel: "0" + keptnAppCreationRequestControllerLogLevel: "0" keptnAppVersionControllerLogLevel: "0" keptnEvaluationControllerLogLevel: "0" keptnTaskControllerLogLevel: "0" @@ -76,7 +80,7 @@ lifecycleOperator: otelCollectorUrl: otel-collector:4317 image: repository: ghcr.keptn.sh/keptn/lifecycle-operator - tag: v0.7.0 + tag: v0.7.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -132,12 +136,18 @@ metricsOperator: capabilities: drop: - ALL + privileged: false + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault env: exposeKeptnMetrics: "true" metricsControllerLogLevel: "0" image: repository: ghcr.keptn.sh/keptn/metrics-operator - tag: v0.7.0 + tag: v0.7.1 livenessProbe: httpGet: path: /healthz @@ -200,7 +210,7 @@ scheduler: otelCollectorUrl: otel-collector:4317 image: repository: ghcr.keptn.sh/keptn/scheduler - tag: v0.7.0 + tag: v0.7.1 imagePullPolicy: Always livenessProbe: httpGet: