diff --git a/Taskfile.yaml b/Taskfile.yaml index 08dcccec6a..f15bbf1aac 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -184,7 +184,7 @@ tasks: sync:operator:chart: - task: sync:chart vars: - REF: operator/v25.1.1-beta1 + REF: operator/v25.1.1-beta2 LOCAL_DIR: charts/operator REMOTE_DIR: operator/chart diff --git a/charts/operator/Chart.yaml b/charts/operator/Chart.yaml index 8b917517a2..95d5625ce1 100644 --- a/charts/operator/Chart.yaml +++ b/charts/operator/Chart.yaml @@ -5,8 +5,8 @@ type: application # The operator helm chart is considered part of the operator itself. Therefore # version == appVersion. -version: v25.1.1-beta1 -appVersion: v25.1.1-beta1 +version: v25.1.1-beta2 +appVersion: v25.1.1-beta2 kubeVersion: ">= 1.25.0-0" sources: @@ -25,7 +25,7 @@ annotations: url: https://helm.sh/docs/intro/install/ artifacthub.io/images: | - name: redpanda-operator - image: docker.redpanda.com/redpandadata/redpanda-operator:v25.1.1-beta1 + image: docker.redpanda.com/redpandadata/redpanda-operator:v25.1.1-beta2 - name: redpanda image: docker.redpanda.com/redpandadata/redpanda:v25.1.1 artifacthub.io/crds: | diff --git a/charts/operator/README.md b/charts/operator/README.md index 29d801d57f..13b35fce68 100644 --- a/charts/operator/README.md +++ b/charts/operator/README.md @@ -3,7 +3,7 @@ description: Find the default values and descriptions of settings in the Redpanda Operator Helm chart. --- -![Version: v25.1.1-beta1](https://img.shields.io/badge/Version-v25.1.1--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.1-beta1](https://img.shields.io/badge/AppVersion-v25.1.1--beta1-informational?style=flat-square) +![Version: v25.1.1-beta2](https://img.shields.io/badge/Version-v25.1.1--beta2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v25.1.1-beta2](https://img.shields.io/badge/AppVersion-v25.1.1--beta2-informational?style=flat-square) This page describes the official Redpanda Operator Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](./values.yaml). Each of the settings is listed and described on this page, along with any default values. @@ -273,7 +273,7 @@ Role-based Access Control (RBAC) configuration for the Redpanda Operator. **Default:** ``` -{"create":true,"createAdditionalControllerCRs":false,"createRPKBundleCRs":false} +{"create":true,"createAdditionalControllerCRs":false,"createRPKBundleCRs":true} ``` ### [rbac.create](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=rbac.create) @@ -292,7 +292,7 @@ Creates additional RBAC cluster roles that are needed to run additional controll Create RBAC cluster roles needed for the Redpanda Helm chart's 'rbac.enabled' feature. -**Default:** `false` +**Default:** `true` ### [replicaCount](https://artifacthub.io/packages/helm/redpanda-data/operator?modal=values&path=replicaCount) diff --git a/charts/operator/ci/02-cluster-values.yaml b/charts/operator/ci/02-cluster-values.yaml index e40af90673..930bf92157 100644 --- a/charts/operator/ci/02-cluster-values.yaml +++ b/charts/operator/ci/02-cluster-values.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -# scope: Cluster -# webhook: -# enabled: true -# logLevel: debug +scope: Cluster +webhook: + enabled: true +logLevel: debug diff --git a/charts/operator/files/rbac/decommission.ClusterRole.yaml b/charts/operator/files/rbac/decommission.ClusterRole.yaml new file mode 100644 index 0000000000..9f83f89653 --- /dev/null +++ b/charts/operator/files/rbac/decommission.ClusterRole.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: decommission +rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - patch diff --git a/charts/operator/files/rbac/decommission.Role.yaml b/charts/operator/files/rbac/decommission.Role.yaml new file mode 100644 index 0000000000..053fde21fc --- /dev/null +++ b/charts/operator/files/rbac/decommission.Role.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: decommission + namespace: default +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch diff --git a/charts/operator/files/rbac/leader-election.ClusterRole.yaml b/charts/operator/files/rbac/leader-election.ClusterRole.yaml new file mode 100644 index 0000000000..9c41474869 --- /dev/null +++ b/charts/operator/files/rbac/leader-election.ClusterRole.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: leader-election +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/charts/operator/files/rbac/leader-election.Role.yaml b/charts/operator/files/rbac/leader-election.Role.yaml new file mode 100644 index 0000000000..ca88452b9b --- /dev/null +++ b/charts/operator/files/rbac/leader-election.Role.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/operator/files/rbac/managed-decommission.ClusterRole.yaml b/charts/operator/files/rbac/managed-decommission.ClusterRole.yaml new file mode 100644 index 0000000000..ec4d147159 --- /dev/null +++ b/charts/operator/files/rbac/managed-decommission.ClusterRole.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managed-decommission +rules: + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch diff --git a/charts/operator/files/rbac/managed-decommission.Role.yaml b/charts/operator/files/rbac/managed-decommission.Role.yaml new file mode 100644 index 0000000000..4398b19d0d --- /dev/null +++ b/charts/operator/files/rbac/managed-decommission.Role.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: managed-decommission + namespace: default +rules: + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - update diff --git a/charts/operator/files/rbac/node-watcher.ClusterRole.yaml b/charts/operator/files/rbac/node-watcher.ClusterRole.yaml new file mode 100644 index 0000000000..b50e457583 --- /dev/null +++ b/charts/operator/files/rbac/node-watcher.ClusterRole.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: node-watcher +rules: + - apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - delete + - get + - list + - patch + - update + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch diff --git a/charts/operator/files/rbac/node-watcher.Role.yaml b/charts/operator/files/rbac/node-watcher.Role.yaml new file mode 100644 index 0000000000..3a249ddb12 --- /dev/null +++ b/charts/operator/files/rbac/node-watcher.Role.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: node-watcher + namespace: default +rules: + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update diff --git a/charts/operator/files/rbac/old-decommission.ClusterRole.yaml b/charts/operator/files/rbac/old-decommission.ClusterRole.yaml new file mode 100644 index 0000000000..6cf56c5679 --- /dev/null +++ b/charts/operator/files/rbac/old-decommission.ClusterRole.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: old-decommission +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - get + - list + - watch diff --git a/charts/operator/files/rbac/old-decommission.Role.yaml b/charts/operator/files/rbac/old-decommission.Role.yaml new file mode 100644 index 0000000000..720c564ce1 --- /dev/null +++ b/charts/operator/files/rbac/old-decommission.Role.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: old-decommission + namespace: default +rules: + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - patch + - update diff --git a/charts/operator/files/rbac/pvcunbinder.ClusterRole.yaml b/charts/operator/files/rbac/pvcunbinder.ClusterRole.yaml new file mode 100644 index 0000000000..6d831ae37c --- /dev/null +++ b/charts/operator/files/rbac/pvcunbinder.ClusterRole.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pvcunbinder +rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - patch + - watch diff --git a/charts/operator/files/rbac/pvcunbinder.Role.yaml b/charts/operator/files/rbac/pvcunbinder.Role.yaml new file mode 100644 index 0000000000..c3e0fa90d6 --- /dev/null +++ b/charts/operator/files/rbac/pvcunbinder.Role.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pvcunbinder + namespace: default +rules: + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + verbs: + - delete + - get + - list + - watch diff --git a/charts/operator/files/rbac/rack-awareness.ClusterRole.yaml b/charts/operator/files/rbac/rack-awareness.ClusterRole.yaml new file mode 100644 index 0000000000..ebf5bed8ba --- /dev/null +++ b/charts/operator/files/rbac/rack-awareness.ClusterRole.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rack-awareness +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get diff --git a/charts/operator/files/rbac/rpk-debug-bundle.Role.yaml b/charts/operator/files/rbac/rpk-debug-bundle.Role.yaml new file mode 100644 index 0000000000..540c36e883 --- /dev/null +++ b/charts/operator/files/rbac/rpk-debug-bundle.Role.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rpk-debug-bundle + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list diff --git a/charts/operator/files/rbac/sidecar.Role.yaml b/charts/operator/files/rbac/sidecar.Role.yaml new file mode 100644 index 0000000000..61f4a4328f --- /dev/null +++ b/charts/operator/files/rbac/sidecar.Role.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sidecar + namespace: default +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/operator/files/rbac/v1-manager.ClusterRole.yaml b/charts/operator/files/rbac/v1-manager.ClusterRole.yaml new file mode 100644 index 0000000000..c6f86ad097 --- /dev/null +++ b/charts/operator/files/rbac/v1-manager.ClusterRole.yaml @@ -0,0 +1,169 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: v1-manager +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + - secrets + - serviceaccounts + - services + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/finalizers + - pods/status + verbs: + - patch + - update + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + - clusterissuers + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - redpanda.vectorized.io + resources: + - clusters + - consoles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - redpanda.vectorized.io + resources: + - clusters/finalizers + - consoles/finalizers + verbs: + - patch + - update + - apiGroups: + - redpanda.vectorized.io + resources: + - clusters/status + - consoles/status + verbs: + - get + - patch + - update + - apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - get + - list + - watch diff --git a/charts/operator/files/rbac/v2-manager.ClusterRole.yaml b/charts/operator/files/rbac/v2-manager.ClusterRole.yaml new file mode 100644 index 0000000000..1370691d33 --- /dev/null +++ b/charts/operator/files/rbac/v2-manager.ClusterRole.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: v2-manager +rules: + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas/finalizers + - schemas/finalizers + - topics/finalizers + - users/finalizers + verbs: + - update + - apiGroups: + - cluster.redpanda.com + resources: + - redpandas/status + - schemas/status + - topics/status + - users/status + verbs: + - get + - patch + - update + - apiGroups: + - cluster.redpanda.com + resources: + - schemas + - topics + - users + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/operator/files/rbac/v2-manager.Role.yaml b/charts/operator/files/rbac/v2-manager.Role.yaml new file mode 100644 index 0000000000..e189ee1d6c --- /dev/null +++ b/charts/operator/files/rbac/v2-manager.Role.yaml @@ -0,0 +1,142 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: v2-manager + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/operator/templates/_certificates.go.tpl b/charts/operator/templates/_certificates.go.tpl index ccf98657bd..5b00796331 100644 --- a/charts/operator/templates/_certificates.go.tpl +++ b/charts/operator/templates/_certificates.go.tpl @@ -11,7 +11,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" "redpanda-serving-cert" "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "dnsNames" (list (printf "%s-webhook-service.%s.svc" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r") $dot.Release.Namespace) (printf "%s-webhook-service.%s.svc.%s" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r") $dot.Release.Namespace $values.clusterDomain)) "issuerRef" (mustMergeOverwrite (dict "name" "" ) (dict "kind" "Issuer" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "selfsigned-issuer") ))) "r") )) "secretName" $values.webhookSecretName "privateKey" (mustMergeOverwrite (dict ) (dict "rotationPolicy" "Never" )) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "secretName" "" "issuerRef" (dict "name" "")) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" "redpanda-serving-cert" "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "")) (dict "dnsNames" (list (printf "%s-webhook-service.%s.svc" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r") $dot.Release.Namespace) (printf "%s-webhook-service.%s.svc.%s" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r") $dot.Release.Namespace $values.clusterDomain)) "issuerRef" (mustMergeOverwrite (dict "name" "") (dict "kind" "Issuer" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "selfsigned-issuer")))) "r"))) "secretName" $values.webhookSecretName "privateKey" (mustMergeOverwrite (dict) (dict "rotationPolicy" "Never"))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "selfsigned-issuer") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "selfSigned" (mustMergeOverwrite (dict ) (dict )) )) (dict )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "selfsigned-issuer")))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "selfSigned" (mustMergeOverwrite (dict) (dict)))) (dict))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_chart.go.tpl b/charts/operator/templates/_chart.go.tpl index 521b9ed7ba..5ab51c2b8b 100644 --- a/charts/operator/templates/_chart.go.tpl +++ b/charts/operator/templates/_chart.go.tpl @@ -4,27 +4,27 @@ {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $manifests := (list (get (fromJson (include "operator.Issuer" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.Certificate" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.ConfigMap" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.MetricsService" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.WebhookService" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.MutatingWebhookConfiguration" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.ValidatingWebhookConfiguration" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.ServiceAccount" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.ServiceMonitor" (dict "a" (list $dot) ))) "r") (get (fromJson (include "operator.Deployment" (dict "a" (list $dot) ))) "r")) -}} -{{- range $_, $role := (get (fromJson (include "operator.Roles" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $role)) -}} +{{- $manifests := (list (get (fromJson (include "operator.Issuer" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.Certificate" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ConfigMap" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.MetricsService" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.WebhookService" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.MutatingWebhookConfiguration" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ValidatingWebhookConfiguration" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ServiceAccount" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.ServiceMonitor" (dict "a" (list $dot)))) "r") (get (fromJson (include "operator.Deployment" (dict "a" (list $dot)))) "r")) -}} +{{- range $_, $role := (get (fromJson (include "operator.Roles" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $role)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $cr := (get (fromJson (include "operator.ClusterRoles" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $cr)) -}} +{{- range $_, $cr := (get (fromJson (include "operator.ClusterRoles" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $cr)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $rb := (get (fromJson (include "operator.RoleBindings" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $rb)) -}} +{{- range $_, $rb := (get (fromJson (include "operator.RoleBindings" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $rb)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- range $_, $crb := (get (fromJson (include "operator.ClusterRoleBindings" (dict "a" (list $dot) ))) "r") -}} -{{- $manifests = (concat (default (list ) $manifests) (list $crb)) -}} +{{- range $_, $crb := (get (fromJson (include "operator.ClusterRoleBindings" (dict "a" (list $dot)))) "r") -}} +{{- $manifests = (concat (default (list) $manifests) (list $crb)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} diff --git a/charts/operator/templates/_configmap.go.tpl b/charts/operator/templates/_configmap.go.tpl index 7405669d21..454b517a8f 100644 --- a/charts/operator/templates/_configmap.go.tpl +++ b/charts/operator/templates/_configmap.go.tpl @@ -6,7 +6,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "ConfigMap" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "config") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "data" (dict "controller_manager_config.yaml" (toYaml $values.config) ) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "ConfigMap")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "config")))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "data" (dict "controller_manager_config.yaml" (toYaml $values.config))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_deployment.go.tpl b/charts/operator/templates/_deployment.go.tpl index 1e2f07a0b6..43f43eca6d 100644 --- a/charts/operator/templates/_deployment.go.tpl +++ b/charts/operator/templates/_deployment.go.tpl @@ -5,7 +5,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $dep := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "Deployment" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) (dict "replicas" ($values.replicaCount | int) "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot) ))) "r") )) "strategy" $values.strategy "template" (get (fromJson (include "operator.StrategicMergePatch" (dict "a" (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "labels" $values.podTemplate.metadata.labels "annotations" $values.podTemplate.metadata.annotations )) "spec" $values.podTemplate.spec )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "annotations" $values.podAnnotations "labels" (merge (dict ) (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot) ))) "r") $values.podLabels) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "automountServiceAccountToken" false "terminationGracePeriodSeconds" ((10 | int64) | int64) "imagePullSecrets" $values.imagePullSecrets "serviceAccountName" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "nodeSelector" $values.nodeSelector "tolerations" $values.tolerations "volumes" (get (fromJson (include "operator.operatorPodVolumes" (dict "a" (list $dot) ))) "r") "containers" (get (fromJson (include "operator.operatorContainers" (dict "a" (list $dot (coalesce nil)) ))) "r") )) ))) ))) "r") )) )) -}} +{{- $dep := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) "strategy" (dict)) "status" (dict)) (mustMergeOverwrite (dict) (dict "apiVersion" "apps/v1" "kind" "Deployment")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) "strategy" (dict)) (dict "replicas" ($values.replicaCount | int) "selector" (mustMergeOverwrite (dict) (dict "matchLabels" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot)))) "r"))) "strategy" $values.strategy "template" (get (fromJson (include "operator.StrategicMergePatch" (dict "a" (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "labels" $values.podTemplate.metadata.labels "annotations" $values.podTemplate.metadata.annotations)) "spec" $values.podTemplate.spec)) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "containers" (coalesce nil))) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "annotations" $values.podAnnotations "labels" (merge (dict) (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot)))) "r") $values.podLabels))) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil)) (dict "automountServiceAccountToken" false "terminationGracePeriodSeconds" ((10 | int64) | int64) "imagePullSecrets" $values.imagePullSecrets "serviceAccountName" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "nodeSelector" $values.nodeSelector "tolerations" $values.tolerations "volumes" (get (fromJson (include "operator.operatorPodVolumes" (dict "a" (list $dot)))) "r") "containers" (get (fromJson (include "operator.operatorContainers" (dict "a" (list $dot (coalesce nil))))) "r"))))))))) "r"))))) -}} {{- if (not (empty $values.affinity)) -}} {{- $_ := (set $dep.spec.template.spec "affinity" $values.affinity) -}} {{- end -}} @@ -22,7 +22,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "manager" "image" (get (fromJson (include "operator.containerImage" (dict "a" (list $dot) ))) "r") "imagePullPolicy" $values.image.pullPolicy "command" (list "/manager") "args" (get (fromJson (include "operator.operatorArguments" (dict "a" (list $dot) ))) "r") "securityContext" (mustMergeOverwrite (dict ) (dict "allowPrivilegeEscalation" false )) "ports" (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "webhook-server" "containerPort" (9443 | int) "protocol" "TCP" ))) "volumeMounts" (get (fromJson (include "operator.operatorPodVolumesMounts" (dict "a" (list $dot) ))) "r") "livenessProbe" (get (fromJson (include "operator.livenessProbe" (dict "a" (list $dot $podTerminationGracePeriodSeconds) ))) "r") "readinessProbe" (get (fromJson (include "operator.readinessProbe" (dict "a" (list $dot $podTerminationGracePeriodSeconds) ))) "r") "resources" $values.resources )))) | toJson -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" "resources" (dict)) (dict "name" "manager" "image" (get (fromJson (include "operator.containerImage" (dict "a" (list $dot)))) "r") "imagePullPolicy" $values.image.pullPolicy "command" (list "/manager") "args" (get (fromJson (include "operator.operatorArguments" (dict "a" (list $dot)))) "r") "securityContext" (mustMergeOverwrite (dict) (dict "allowPrivilegeEscalation" false)) "ports" (list (mustMergeOverwrite (dict "containerPort" 0) (dict "name" "webhook-server" "containerPort" (9443 | int) "protocol" "TCP"))) "volumeMounts" (get (fromJson (include "operator.operatorPodVolumesMounts" (dict "a" (list $dot)))) "r") "livenessProbe" (get (fromJson (include "operator.livenessProbe" (dict "a" (list $dot $podTerminationGracePeriodSeconds)))) "r") "readinessProbe" (get (fromJson (include "operator.readinessProbe" (dict "a" (list $dot $podTerminationGracePeriodSeconds)))) "r") "resources" $values.resources)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -35,11 +35,11 @@ {{- $values := $dot.Values.AsMap -}} {{- if (ne (toJson $values.livenessProbe) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/healthz/" "port" (8081 | int) )) )) (dict "initialDelaySeconds" (default (15 | int) ($values.livenessProbe.initialDelaySeconds | int)) "periodSeconds" (default (20 | int) ($values.livenessProbe.periodSeconds | int)) "timeoutSeconds" ($values.livenessProbe.timeoutSeconds | int) "successThreshold" ($values.livenessProbe.successThreshold | int) "failureThreshold" ($values.livenessProbe.failureThreshold | int) "terminationGracePeriodSeconds" (default $podTerminationGracePeriodSeconds $values.livenessProbe.terminationGracePeriodSeconds) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "httpGet" (mustMergeOverwrite (dict "port" 0) (dict "path" "/healthz/" "port" (8081 | int))))) (dict "initialDelaySeconds" (default (15 | int) ($values.livenessProbe.initialDelaySeconds | int)) "periodSeconds" (default (20 | int) ($values.livenessProbe.periodSeconds | int)) "timeoutSeconds" ($values.livenessProbe.timeoutSeconds | int) "successThreshold" ($values.livenessProbe.successThreshold | int) "failureThreshold" ($values.livenessProbe.failureThreshold | int) "terminationGracePeriodSeconds" (default $podTerminationGracePeriodSeconds $values.livenessProbe.terminationGracePeriodSeconds)))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/healthz/" "port" (8081 | int) )) )) (dict "initialDelaySeconds" (15 | int) "periodSeconds" (20 | int) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "httpGet" (mustMergeOverwrite (dict "port" 0) (dict "path" "/healthz/" "port" (8081 | int))))) (dict "initialDelaySeconds" (15 | int) "periodSeconds" (20 | int)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -52,25 +52,38 @@ {{- $values := $dot.Values.AsMap -}} {{- if (ne (toJson $values.livenessProbe) "null") -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/readyz" "port" (8081 | int) )) )) (dict "initialDelaySeconds" (default (5 | int) ($values.readinessProbe.initialDelaySeconds | int)) "periodSeconds" (default (10 | int) ($values.readinessProbe.periodSeconds | int)) "timeoutSeconds" ($values.readinessProbe.timeoutSeconds | int) "successThreshold" ($values.readinessProbe.successThreshold | int) "failureThreshold" ($values.readinessProbe.failureThreshold | int) "terminationGracePeriodSeconds" (default $podTerminationGracePeriodSeconds $values.readinessProbe.terminationGracePeriodSeconds) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "httpGet" (mustMergeOverwrite (dict "port" 0) (dict "path" "/readyz" "port" (8081 | int))))) (dict "initialDelaySeconds" (default (5 | int) ($values.readinessProbe.initialDelaySeconds | int)) "periodSeconds" (default (10 | int) ($values.readinessProbe.periodSeconds | int)) "timeoutSeconds" ($values.readinessProbe.timeoutSeconds | int) "successThreshold" ($values.readinessProbe.successThreshold | int) "failureThreshold" ($values.readinessProbe.failureThreshold | int) "terminationGracePeriodSeconds" (default $podTerminationGracePeriodSeconds $values.readinessProbe.terminationGracePeriodSeconds)))) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/readyz" "port" (8081 | int) )) )) (dict "initialDelaySeconds" (5 | int) "periodSeconds" (10 | int) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "httpGet" (mustMergeOverwrite (dict "port" 0) (dict "path" "/readyz" "port" (8081 | int))))) (dict "initialDelaySeconds" (5 | int) "periodSeconds" (10 | int)))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "operator.containerImage" -}} +{{- define "operator.containerTag" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $tag := $dot.Chart.AppVersion -}} {{- if (not (empty $values.image.tag)) -}} -{{- $tag = $values.image.tag -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.image.tag) | toJson -}} +{{- break -}} {{- end -}} {{- $_is_returning = true -}} +{{- (dict "r" $dot.Chart.AppVersion) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "operator.containerImage" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tag := (get (fromJson (include "operator.containerTag" (dict "a" (list $dot)))) "r") -}} +{{- $_is_returning = true -}} {{- (dict "r" (printf "%s:%s" $values.image.repository $tag)) | toJson -}} {{- break -}} {{- end -}} @@ -92,16 +105,16 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $vol := (list ) -}} +{{- $vol := (list) -}} {{- if $values.serviceAccount.create -}} -{{- $vol = (concat (default (list ) $vol) (list (get (fromJson (include "operator.kubeTokenAPIVolume" (dict "a" (list "kube-api-access") ))) "r"))) -}} +{{- $vol = (concat (default (list) $vol) (list (get (fromJson (include "operator.kubeTokenAPIVolume" (dict "a" (list "kube-api-access")))) "r"))) -}} {{- end -}} -{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $vol) | toJson -}} {{- break -}} {{- end -}} -{{- $vol = (concat (default (list ) $vol) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" ((420 | int) | int) "secretName" $values.webhookSecretName )) )) (dict "name" "cert" )))) -}} +{{- $vol = (concat (default (list) $vol) (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (dict "defaultMode" ((420 | int) | int) "secretName" $values.webhookSecretName)))) (dict "name" "cert")))) -}} {{- $_is_returning = true -}} {{- (dict "r" $vol) | toJson -}} {{- break -}} @@ -113,7 +126,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil) ) (dict "defaultMode" (420 | int) "sources" (list (mustMergeOverwrite (dict ) (dict "serviceAccountToken" (mustMergeOverwrite (dict "path" "" ) (dict "path" "token" "expirationSeconds" ((3607 | int) | int64) )) )) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" "kube-root-ca.crt" )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" "ca.crt" "path" "ca.crt" ))) )) )) (mustMergeOverwrite (dict ) (dict "downwardAPI" (mustMergeOverwrite (dict ) (dict "items" (list (mustMergeOverwrite (dict "path" "" ) (dict "path" "namespace" "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "apiVersion" "v1" "fieldPath" "metadata.namespace" )) ))) )) ))) )) )) (dict "name" $name ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil)) (dict "defaultMode" (420 | int) "sources" (list (mustMergeOverwrite (dict) (dict "serviceAccountToken" (mustMergeOverwrite (dict "path" "") (dict "path" "token" "expirationSeconds" ((3607 | int) | int64))))) (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" "kube-root-ca.crt")) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" "ca.crt" "path" "ca.crt"))))))) (mustMergeOverwrite (dict) (dict "downwardAPI" (mustMergeOverwrite (dict) (dict "items" (list (mustMergeOverwrite (dict "path" "") (dict "path" "namespace" "fieldRef" (mustMergeOverwrite (dict "fieldPath" "") (dict "apiVersion" "v1" "fieldPath" "metadata.namespace")))))))))))))) (dict "name" $name))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -123,10 +136,10 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $volMount := (list ) -}} +{{- $volMount := (list) -}} {{- if $values.serviceAccount.create -}} {{- $mountName := "kube-api-access" -}} -{{- range $_, $vol := (get (fromJson (include "operator.operatorPodVolumes" (dict "a" (list $dot) ))) "r") -}} +{{- range $_, $vol := (get (fromJson (include "operator.operatorPodVolumes" (dict "a" (list $dot)))) "r") -}} {{- if (hasPrefix $vol.name (printf "%s%s" "kube-api-access" "-")) -}} {{- $mountName = $vol.name -}} {{- end -}} @@ -134,14 +147,14 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $volMount = (concat (default (list ) $volMount) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" )))) -}} +{{- $volMount = (concat (default (list) $volMount) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount")))) -}} {{- end -}} -{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- if (not (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r")) -}} {{- $_is_returning = true -}} {{- (dict "r" $volMount) | toJson -}} {{- break -}} {{- end -}} -{{- $volMount = (concat (default (list ) $volMount) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "cert" "mountPath" "/tmp/k8s-webhook-server/serving-certs" "readOnly" true )))) -}} +{{- $volMount = (concat (default (list) $volMount) (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" "cert" "mountPath" "/tmp/k8s-webhook-server/serving-certs" "readOnly" true)))) -}} {{- $_is_returning = true -}} {{- (dict "r" $volMount) | toJson -}} {{- break -}} @@ -153,15 +166,34 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $args := (list "--health-probe-bind-address=:8081" "--metrics-bind-address=:8443" "--leader-elect" (printf "--webhook-enabled=%t" (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot) ))) "r"))) -}} -{{- if (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot) ))) "r") -}} -{{- $args = (concat (default (list ) $args) (list "--webhook-enabled=true" (printf "--webhook-cert-path=%s" "/tmp/k8s-webhook-server/serving-certs"))) -}} +{{- $args := (list "--health-probe-bind-address=:8081" "--metrics-bind-address=:8443" "--leader-elect" (printf "--webhook-enabled=%t" (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r"))) -}} +{{- if (get (fromJson (include "operator.isWebhookEnabled" (dict "a" (list $dot)))) "r") -}} +{{- $args = (concat (default (list) $args) (list "--webhook-enabled=true" (printf "--webhook-cert-path=%s" "/tmp/k8s-webhook-server/serving-certs"))) -}} {{- end -}} {{- if (eq $values.scope "Namespace") -}} -{{- $args = (concat (default (list ) $args) (list (printf "--namespace=%s" $dot.Release.Namespace) (printf "--log-level=%s" $values.logLevel))) -}} +{{- $args = (concat (default (list) $args) (list (printf "--namespace=%s" $dot.Release.Namespace) (printf "--log-level=%s" $values.logLevel))) -}} +{{- end -}} +{{- $hasConfiguratorTag := false -}} +{{- $hasConfiguratorImage := false -}} +{{- range $_, $flag := $values.additionalCmdFlags -}} +{{- if (contains "--configurator-tag" $flag) -}} +{{- $hasConfiguratorTag = true -}} +{{- end -}} +{{- if (contains "--configurator-base-image" $flag) -}} +{{- $hasConfiguratorImage = true -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (not $hasConfiguratorTag) -}} +{{- $args = (concat (default (list) $args) (list (printf "--configurator-tag=%s" (get (fromJson (include "operator.containerTag" (dict "a" (list $dot)))) "r")))) -}} +{{- end -}} +{{- if (not $hasConfiguratorImage) -}} +{{- $args = (concat (default (list) $args) (list (printf "--configurator-base-image=%s" $values.image.repository))) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $args) (default (list ) $values.additionalCmdFlags))) | toJson -}} +{{- (dict "r" (concat (default (list) $args) (default (list) $values.additionalCmdFlags))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_helpers.go.tpl b/charts/operator/templates/_helpers.go.tpl index 3e9eb18510..0781329f40 100644 --- a/charts/operator/templates/_helpers.go.tpl +++ b/charts/operator/templates/_helpers.go.tpl @@ -7,7 +7,7 @@ {{- $values := $dot.Values.AsMap -}} {{- $name := (default $dot.Chart.Name $values.nameOverride) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $name) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $name)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -19,17 +19,17 @@ {{- $values := $dot.Values.AsMap -}} {{- if (ne $values.fullnameOverride "") -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $values.fullnameOverride) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $values.fullnameOverride)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $name := (default $dot.Chart.Name $values.nameOverride) -}} {{- if (contains $name $dot.Release.Name) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $dot.Release.Name) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list $dot.Release.Name)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list (printf "%s-%s" $dot.Release.Name $name)) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list (printf "%s-%s" $dot.Release.Name $name))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -40,7 +40,7 @@ {{- $_is_returning := false -}} {{- $chart := (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version) -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list (replace "+" "_" $chart)) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.cleanForK8s" (dict "a" (list (replace "+" "_" $chart))))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -50,12 +50,12 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} -{{- $labels := (dict "helm.sh/chart" (get (fromJson (include "operator.ChartName" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service ) -}} +{{- $labels := (dict "helm.sh/chart" (get (fromJson (include "operator.ChartName" (dict "a" (list $dot)))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service) -}} {{- if (ne $dot.Chart.AppVersion "") -}} {{- $_ := (set $labels "app.kubernetes.io/version" $dot.Chart.AppVersion) -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (merge (dict ) $labels (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot) ))) "r") $values.commonLabels)) | toJson -}} +{{- (dict "r" (merge (dict) $labels (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot)))) "r") $values.commonLabels)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -65,7 +65,7 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (dict "app.kubernetes.io/name" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name )) | toJson -}} +{{- (dict "r" (dict "app.kubernetes.io/name" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r") "app.kubernetes.io/instance" $dot.Release.Name)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -85,7 +85,7 @@ {{- $suffix := (index .a 1) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $lengthToTruncate := ((sub (((add ((get (fromJson (include "_shims.len" (dict "a" (list $s) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $suffix) ))) "r") | int)) | int)) (63 | int)) | int) -}} +{{- $lengthToTruncate := ((sub (((add ((get (fromJson (include "_shims.len" (dict "a" (list $s)))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $suffix)))) "r") | int)) | int)) (63 | int)) | int) -}} {{- if (gt $lengthToTruncate (0 | int)) -}} {{- $s = (trunc $lengthToTruncate $s) -}} {{- end -}} @@ -101,35 +101,35 @@ {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} {{- if (ne (toJson $overrides.metadata.labels) "null") -}} -{{- $_ := (set $original.metadata "labels" (merge (dict ) $overrides.metadata.labels (default (dict ) $original.metadata.labels))) -}} +{{- $_ := (set $original.metadata "labels" (merge (dict) $overrides.metadata.labels (default (dict) $original.metadata.labels))) -}} {{- end -}} {{- if (ne (toJson $overrides.metadata.annotations) "null") -}} -{{- $_ := (set $original.metadata "annotations" (merge (dict ) $overrides.metadata.annotations (default (dict ) $original.metadata.annotations))) -}} +{{- $_ := (set $original.metadata "annotations" (merge (dict) $overrides.metadata.annotations (default (dict) $original.metadata.annotations))) -}} {{- end -}} {{- if (ne (toJson $overrides.spec.securityContext) "null") -}} -{{- $_ := (set $original.spec "securityContext" (merge (dict ) $overrides.spec.securityContext (default (mustMergeOverwrite (dict ) (dict )) $original.spec.securityContext))) -}} +{{- $_ := (set $original.spec "securityContext" (merge (dict) $overrides.spec.securityContext (default (mustMergeOverwrite (dict) (dict)) $original.spec.securityContext))) -}} {{- end -}} {{- if (not (empty $overrides.spec.automountServiceAccountToken)) -}} {{- $_ := (set $original.spec "automountServiceAccountToken" $overrides.spec.automountServiceAccountToken) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.imagePullSecrets) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.imagePullSecrets) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.imagePullSecrets) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.imagePullSecrets)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "imagePullSecrets" $overrides.spec.imagePullSecrets) -}} {{- end -}} {{- if (not (empty $overrides.spec.serviceAccountName)) -}} {{- $_ := (set $original.spec "serviceAccountName" $overrides.spec.serviceAccountName) -}} {{- end -}} {{- if (not (empty $overrides.spec.nodeSelector)) -}} -{{- $_ := (set $original.spec "nodeSelector" (merge (dict ) $overrides.spec.nodeSelector (default (dict ) $original.spec.nodeSelector))) -}} +{{- $_ := (set $original.spec "nodeSelector" (merge (dict) $overrides.spec.nodeSelector (default (dict) $original.spec.nodeSelector))) -}} {{- end -}} {{- if (ne (toJson $overrides.spec.affinity) "null") -}} -{{- $_ := (set $original.spec "affinity" (merge (dict ) $overrides.spec.affinity (default (mustMergeOverwrite (dict ) (dict )) $original.spec.affinity))) -}} +{{- $_ := (set $original.spec "affinity" (merge (dict) $overrides.spec.affinity (default (mustMergeOverwrite (dict) (dict)) $original.spec.affinity))) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.topologySpreadConstraints) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.topologySpreadConstraints) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.topologySpreadConstraints) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.topologySpreadConstraints)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "topologySpreadConstraints" $overrides.spec.topologySpreadConstraints) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.volumes) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.volumes) ))) "r") | int) (0 | int))) -}} -{{- $newVolumes := (list ) -}} -{{- $overrideVolumes := (dict ) -}} +{{- if (and (ne (toJson $overrides.spec.volumes) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.volumes)))) "r") | int) (0 | int))) -}} +{{- $newVolumes := (list) -}} +{{- $overrideVolumes := (dict) -}} {{- range $i, $_ := $overrides.spec.volumes -}} {{- $vol := (index $overrides.spec.volumes $i) -}} {{- $_ := (set $overrideVolumes $vol.name $vol) -}} @@ -138,28 +138,28 @@ {{- break -}} {{- end -}} {{- range $_, $vol := $original.spec.volumes -}} -{{- $_169_overrideVol_1_ok_2 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideVolumes $vol.name (dict "name" "" )) ))) "r") -}} +{{- $_169_overrideVol_1_ok_2 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideVolumes $vol.name (dict "name" ""))))) "r") -}} {{- $overrideVol_1 := (index $_169_overrideVol_1_ok_2 0) -}} {{- $ok_2 := (index $_169_overrideVol_1_ok_2 1) -}} {{- if $ok_2 -}} -{{- $newVolumes = (concat (default (list ) $newVolumes) (list $overrideVol_1)) -}} +{{- $newVolumes = (concat (default (list) $newVolumes) (list $overrideVol_1)) -}} {{- $_ := (unset $overrideVolumes $vol.name) -}} {{- continue -}} {{- end -}} -{{- $newVolumes = (concat (default (list ) $newVolumes) (list $vol)) -}} +{{- $newVolumes = (concat (default (list) $newVolumes) (list $vol)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- range $_, $vol := $overrideVolumes -}} -{{- $newVolumes = (concat (default (list ) $newVolumes) (list $vol)) -}} +{{- $newVolumes = (concat (default (list) $newVolumes) (list $vol)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_ := (set $original.spec "volumes" $newVolumes) -}} {{- end -}} -{{- $overrideContainers := (dict ) -}} +{{- $overrideContainers := (dict) -}} {{- range $i, $_ := $overrides.spec.containers -}} {{- $container := (index $overrides.spec.containers $i) -}} {{- $_ := (set $overrideContainers (toString $container.name) $container) -}} @@ -203,10 +203,10 @@ {{- if (not (empty $overrides.spec.schedulerName)) -}} {{- $_ := (set $original.spec "schedulerName" $overrides.spec.schedulerName) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.tolerations) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.tolerations) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.tolerations) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.tolerations)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "tolerations" $overrides.spec.tolerations) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.hostAliases) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.hostAliases) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.hostAliases) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.hostAliases)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "hostAliases" $overrides.spec.hostAliases) -}} {{- end -}} {{- if (not (empty $overrides.spec.priorityClassName)) -}} @@ -216,9 +216,9 @@ {{- $_ := (set $original.spec "priority" $overrides.spec.priority) -}} {{- end -}} {{- if (ne (toJson $overrides.spec.dnsConfig) "null") -}} -{{- $_ := (set $original.spec "dnsConfig" (merge (dict ) $overrides.spec.dnsConfig (default (mustMergeOverwrite (dict ) (dict )) $original.spec.dnsConfig))) -}} +{{- $_ := (set $original.spec "dnsConfig" (merge (dict) $overrides.spec.dnsConfig (default (mustMergeOverwrite (dict) (dict)) $original.spec.dnsConfig))) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.readinessGates) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.readinessGates) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.readinessGates) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.readinessGates)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "readinessGates" $overrides.spec.readinessGates) -}} {{- end -}} {{- if (not (empty $overrides.spec.runtimeClassName)) -}} @@ -236,32 +236,32 @@ {{- if (ne (toJson $overrides.spec.hostUsers) "null") -}} {{- $_ := (set $original.spec "hostUsers" $overrides.spec.hostUsers) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.schedulingGates) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.schedulingGates) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.schedulingGates) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.schedulingGates)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "schedulingGates" $overrides.spec.schedulingGates) -}} {{- end -}} -{{- if (and (ne (toJson $overrides.spec.resourceClaims) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.resourceClaims) ))) "r") | int) (0 | int))) -}} +{{- if (and (ne (toJson $overrides.spec.resourceClaims) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.resourceClaims)))) "r") | int) (0 | int))) -}} {{- $_ := (set $original.spec "resourceClaims" $overrides.spec.resourceClaims) -}} {{- end -}} {{- $merged := (coalesce nil) -}} {{- range $_, $container := $original.spec.containers -}} -{{- $_308_override_3_ok_4 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideContainers $container.name (coalesce nil)) ))) "r") -}} +{{- $_308_override_3_ok_4 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideContainers $container.name (coalesce nil))))) "r") -}} {{- $override_3 := (index $_308_override_3_ok_4 0) -}} {{- $ok_4 := (index $_308_override_3_ok_4 1) -}} {{- if $ok_4 -}} -{{- $env := (concat (default (list ) $container.env) (default (list ) $override_3.env)) -}} -{{- $container = (merge (dict ) $override_3 $container) -}} +{{- $env := (concat (default (list) $container.env) (default (list) $override_3.env)) -}} +{{- $container = (merge (dict) $override_3 $container) -}} {{- $_ := (set $container "env" $env) -}} {{- end -}} {{- if (eq (toJson $container.env) "null") -}} -{{- $_ := (set $container "env" (list )) -}} +{{- $_ := (set $container "env" (list)) -}} {{- end -}} -{{- $merged = (concat (default (list ) $merged) (list $container)) -}} +{{- $merged = (concat (default (list) $merged) (list $container)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_ := (set $original.spec "containers" $merged) -}} -{{- $overrideContainers = (dict ) -}} +{{- $overrideContainers = (dict) -}} {{- range $i, $_ := $overrides.spec.initContainers -}} {{- $container := (index $overrides.spec.initContainers $i) -}} {{- $_ := (set $overrideContainers (toString $container.name) $container) -}} @@ -269,26 +269,26 @@ {{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- $merged = (list ) -}} +{{- $merged = (list) -}} {{- range $_, $container := $original.spec.initContainers -}} -{{- $_339_override_5_ok_6 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideContainers $container.name (coalesce nil)) ))) "r") -}} +{{- $_339_override_5_ok_6 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideContainers $container.name (coalesce nil))))) "r") -}} {{- $override_5 := (index $_339_override_5_ok_6 0) -}} {{- $ok_6 := (index $_339_override_5_ok_6 1) -}} {{- if $ok_6 -}} -{{- $env := (concat (default (list ) $container.env) (default (list ) $override_5.env)) -}} -{{- $container = (merge (dict ) $override_5 $container) -}} +{{- $env := (concat (default (list) $container.env) (default (list) $override_5.env)) -}} +{{- $container = (merge (dict) $override_5 $container) -}} {{- $_ := (set $container "env" $env) -}} {{- end -}} {{- if (eq (toJson $container.env) "null") -}} -{{- $_ := (set $container "env" (list )) -}} +{{- $_ := (set $container "env" (list)) -}} {{- end -}} -{{- $merged = (concat (default (list ) $merged) (list $container)) -}} +{{- $merged = (concat (default (list) $merged) (list $container)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} {{- end -}} {{- $_ := (set $original.spec "initContainers" $merged) -}} -{{- $overrideEphemeralContainers := (dict ) -}} +{{- $overrideEphemeralContainers := (dict) -}} {{- range $i, $_ := $overrides.spec.ephemeralContainers -}} {{- $container := (index $overrides.spec.ephemeralContainers $i) -}} {{- $_ := (set $overrideEphemeralContainers (toString $container.name) $container) -}} @@ -298,18 +298,18 @@ {{- end -}} {{- $mergedEphemeralContainers := (coalesce nil) -}} {{- range $_, $container := $original.spec.ephemeralContainers -}} -{{- $_370_override_7_ok_8 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideEphemeralContainers $container.name (coalesce nil)) ))) "r") -}} +{{- $_370_override_7_ok_8 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideEphemeralContainers $container.name (coalesce nil))))) "r") -}} {{- $override_7 := (index $_370_override_7_ok_8 0) -}} {{- $ok_8 := (index $_370_override_7_ok_8 1) -}} {{- if $ok_8 -}} -{{- $env := (concat (default (list ) $container.env) (default (list ) $override_7.env)) -}} -{{- $container = (merge (dict ) $override_7 $container) -}} +{{- $env := (concat (default (list) $container.env) (default (list) $override_7.env)) -}} +{{- $container = (merge (dict) $override_7 $container) -}} {{- $_ := (set $container "env" $env) -}} {{- end -}} {{- if (eq (toJson $container.env) "null") -}} -{{- $_ := (set $container "env" (list )) -}} +{{- $_ := (set $container "env" (list)) -}} {{- end -}} -{{- $mergedEphemeralContainers = (concat (default (list ) $mergedEphemeralContainers) (list $container)) -}} +{{- $mergedEphemeralContainers = (concat (default (list) $mergedEphemeralContainers) (list $container)) -}} {{- end -}} {{- if $_is_returning -}} {{- break -}} diff --git a/charts/operator/templates/_rbac.go.tpl b/charts/operator/templates/_rbac.go.tpl index a4c497cf00..2bd0add161 100644 --- a/charts/operator/templates/_rbac.go.tpl +++ b/charts/operator/templates/_rbac.go.tpl @@ -10,25 +10,32 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $clusterRoles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "metrics-reader") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get") "nonResourceURLs" (list "/metrics") ))) ))) -}} -{{- if (eq $values.scope "Cluster") -}} -{{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $clusterRoles) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "events" "secrets" "serviceaccounts" "services") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch") "apiGroups" (list "") "resources" (list "nodes") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "") "resources" (list "pods/finalizers" "pods/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "deployments" "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "cert-manager.io") "resources" (list "certificates" "clusterissuers" "issuers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "networking.k8s.io") "resources" (list "ingresses") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "policy") "resources" (list "poddisruptionbudgets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "clusterroles" "clusterrolebindings") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "policy") "resources" (list "poddisruptionbudgets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "clusters" "consoles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update" "patch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "clusters/finalizers" "consoles/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "clusters/status" "consoles/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch") "apiGroups" (list "scheduling.k8s.io") "resources" (list "priorityclasses") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "watch") "apiGroups" (list "") "resources" (list "persistentvolumes") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create") "apiGroups" (list "authentication.k8s.io") "resources" (list "tokenreviews") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create") "apiGroups" (list "authorization.k8s.io") "resources" (list "subjectaccessreviews") ))) )))))) | toJson -}} +{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml" "files/rbac/v1-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/leader-election.ClusterRole.yaml" "files/rbac/v2-manager.ClusterRole.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "additional-controllers")))) "r") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.ClusterRole.yaml" "files/rbac/managed-decommission.ClusterRole.yaml" "files/rbac/node-watcher.ClusterRole.yaml" "files/rbac/old-decommission.ClusterRole.yaml" "files/rbac/pvcunbinder.ClusterRole.yaml")))) -}} +{{- $clusterRoles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "metrics-reader")))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil)) (dict "verbs" (list "get") "nonResourceURLs" (list "/metrics"))))))) -}} +{{- range $_, $bundle := $bundles -}} +{{- if (not $bundle.Enabled) -}} +{{- continue -}} +{{- end -}} +{{- $rules := (coalesce nil) -}} +{{- range $_, $file := $bundle.RuleFiles -}} +{{- $clusterRole := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} +{{- $rules = (concat (default (list) $rules) (default (list) $clusterRole.rules)) -}} +{{- end -}} +{{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- if (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) -}} -{{- $clusterRoles = (concat (default (list ) $clusterRoles) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "additional-controllers") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch") "apiGroups" (list "") "resources" (list "nodes") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch" "delete") "apiGroups" (list "") "resources" (list "persistentvolumes") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch") "apiGroups" (list "") "resources" (list "secrets" "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch") "apiGroups" (list "") "resources" (list "persistentvolumes") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "apps") "resources" (list "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "update" "patch" "delete") "apiGroups" (list "") "resources" (list "persistentvolumeclaims" "persistentvolumes") ))) ))))) -}} +{{- $clusterRoles = (concat (default (list) $clusterRoles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $bundle.Name "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" $rules)))) -}} {{- end -}} -{{- if $values.rbac.createRPKBundleCRs -}} -{{- $clusterRoles = (concat (default (list ) $clusterRoles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list") "apiGroups" (list "") "resources" (list "nodes" "configmaps" "endpoints" "events" "limitranges" "persistentvolumeclaims" "pods" "pods/log" "replicationcontrollers" "resourcequotas" "serviceaccounts" "services") ))) )))) -}} +{{- if $_is_returning -}} +{{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (concat (default (list ) $clusterRoles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (concat (default (list ) (get (fromJson (include "operator.v2CRDRules" (dict "a" (list ) ))) "r")) (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "get" "delete" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "clusterrolebindings" "clusterroles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create") "apiGroups" (list "authentication.k8s.io") "resources" (list "tokenreviews") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create") "apiGroups" (list "authorization.k8s.io") "resources" (list "subjectaccessreviews") )))) ))))) | toJson -}} +{{- (dict "r" $clusterRoles) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "operator.ClusterRoleBindings" -}} +{{- define "operator.Roles" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} @@ -38,20 +45,32 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $bindings := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) -}} -{{- if $values.rbac.createRPKBundleCRs -}} -{{- $bindings = (concat (default (list ) $bindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )))) -}} +{{- $bundles := (list (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "election-role")))) "r") "Enabled" true "RuleFiles" (list "files/rbac/leader-election.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Cluster") "RuleFiles" (list "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "Enabled" (eq $values.scope "Namespace") "RuleFiles" (list "files/rbac/rack-awareness.Role.yaml" "files/rbac/sidecar.Role.yaml" "files/rbac/v2-manager.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "-additional-controllers") "Enabled" (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) "RuleFiles" (list "files/rbac/decommission.Role.yaml" "files/rbac/node-watcher.Role.yaml" "files/rbac/old-decommission.Role.yaml" "files/rbac/managed-decommission.Role.yaml" "files/rbac/pvcunbinder.Role.yaml"))) (mustMergeOverwrite (dict "Enabled" false "RuleFiles" (coalesce nil) "Name" "") (dict "Name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "rpk-bundle")))) "r") "Enabled" $values.rbac.createRPKBundleCRs "RuleFiles" (list "files/rbac/rpk-debug-bundle.Role.yaml")))) -}} +{{- $roles := (coalesce nil) -}} +{{- range $_, $bundle := $bundles -}} +{{- if (not $bundle.Enabled) -}} +{{- continue -}} +{{- end -}} +{{- $rules := (coalesce nil) -}} +{{- range $_, $file := $bundle.RuleFiles -}} +{{- $clusterRole := (get (fromJson (include "_shims.fromYaml" (dict "a" (list ($dot.Files.Get $file))))) "r") -}} +{{- $rules = (concat (default (list) $rules) (default (list) $clusterRole.rules)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} {{- end -}} -{{- if (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) -}} -{{- $bindings = (concat (default (list ) $bindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "additional-controllers") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "additional-controllers") ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )))) -}} +{{- $roles = (concat (default (list) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "rules" (coalesce nil)) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $bundle.Name "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "rules" $rules)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $bindings) | toJson -}} +{{- (dict "r" $roles) | toJson -}} {{- break -}} {{- end -}} {{- end -}} -{{- define "operator.Roles" -}} +{{- define "operator.ClusterRoleBindings" -}} {{- $dot := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} @@ -61,21 +80,15 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $roles := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "election-role") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "") "resources" (list "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") ))) ))) -}} -{{- if (eq $values.scope "Namespace") -}} -{{- $roles = (concat (default (list ) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "autoscaling") "resources" (list "horizontalpodautoscalers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "deployments") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "list" "watch" "create" "delete" "get" "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "batch") "resources" (list "jobs") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update" "list" "watch") "apiGroups" (list "cert-manager.io") "resources" (list "certificates") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update" "list" "watch") "apiGroups" (list "cert-manager.io") "resources" (list "issuers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "secrets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "serviceaccounts") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "services") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "monitoring.coreos.com") "resources" (list "servicemonitors" "podmonitors") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "networking.k8s.io") "resources" (list "ingresses") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "policy") "resources" (list "poddisruptionbudgets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "rolebindings") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "roles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets/status") ))) )))) -}} -{{- if $values.rbac.createAdditionalControllerCRs -}} -{{- $roles = (concat (default (list ) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s%s" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "-additional-controllers") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "") "resources" (list "pods/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets/status") ))) )))) -}} -{{- end -}} -{{- if $values.rbac.createRPKBundleCRs -}} -{{- $roles = (concat (default (list ) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list") "apiGroups" (list "") "resources" (list "configmaps" "endpoints" "events" "limitranges" "persistentvolumeclaims" "pods" "pods/log" "replicationcontrollers" "resourcequotas" "serviceaccounts" "services") ))) )))) -}} -{{- end -}} -{{- else -}}{{- if (eq $values.scope "Cluster") -}} -{{- $roles = (concat (default (list ) $roles) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims" "pods") ))) )))) -}} +{{- $bindings := (coalesce nil) -}} +{{- range $_, $role := (mustSlice (get (fromJson (include "operator.ClusterRoles" (dict "a" (list $dot)))) "r") (1 | int)) -}} +{{- $bindings = (concat (default (list) $bindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "roleRef" (dict "apiGroup" "" "kind" "" "name" "")) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $role.metadata.name "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "") (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $role.metadata.name)) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "") (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace))))))) -}} {{- end -}} +{{- if $_is_returning -}} +{{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" $roles) | toJson -}} +{{- (dict "r" $bindings) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -90,24 +103,15 @@ {{- (dict "r" (coalesce nil)) | toJson -}} {{- break -}} {{- end -}} -{{- $binding := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "election-rolebinding") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "election-role") ))) "r") )) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) -}} -{{- if (and (eq $values.scope "Namespace") $values.rbac.createAdditionalControllerCRs) -}} -{{- $binding = (concat (default (list ) $binding) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "additional-controllers") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "additional-controllers") ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )))) -}} -{{- end -}} -{{- if (and (eq $values.scope "Namespace") $values.rbac.createRPKBundleCRs) -}} -{{- $binding = (concat (default (list ) $binding) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "rpk-bundle") ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )))) -}} +{{- $bindings := (coalesce nil) -}} +{{- range $_, $role := (get (fromJson (include "operator.Roles" (dict "a" (list $dot)))) "r") -}} +{{- $bindings = (concat (default (list) $bindings) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "roleRef" (dict "apiGroup" "" "kind" "" "name" "")) (mustMergeOverwrite (dict) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" $role.metadata.name "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "") (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" $role.metadata.name)) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "") (dict "kind" "ServiceAccount" "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace))))))) -}} {{- end -}} -{{- $_is_returning = true -}} -{{- (dict "r" $binding) | toJson -}} +{{- if $_is_returning -}} {{- break -}} {{- end -}} -{{- end -}} - -{{- define "operator.v2CRDRules" -}} -{{- range $_ := (list 1) -}} -{{- $_is_returning := false -}} {{- $_is_returning = true -}} -{{- (dict "r" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "schemas" "topics" "users") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "schemas/finalizers" "topics/finalizers" "users/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "schemas/status" "topics/status" "users/status") )))) | toJson -}} +{{- (dict "r" $bindings) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_service.go.tpl b/charts/operator/templates/_service.go.tpl index 5530f4fc20..3d555ae5d0 100644 --- a/charts/operator/templates/_service.go.tpl +++ b/charts/operator/templates/_service.go.tpl @@ -11,7 +11,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict ) (dict "selector" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot) ))) "r") "ports" (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "port" ((443 | int) | int) "targetPort" (9443 | int) ))) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "loadBalancer" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Service")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict) (dict "selector" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot)))) "r") "ports" (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "port" ((443 | int) | int) "targetPort" (9443 | int))))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -22,7 +22,7 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "metrics-service") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict ) (dict "selector" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot) ))) "r") "ports" (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "https" "port" ((8443 | int) | int) "targetPort" "https" ))) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict) "status" (dict "loadBalancer" (dict))) (mustMergeOverwrite (dict) (dict "apiVersion" "v1" "kind" "Service")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "metrics-service")))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict) (dict "selector" (get (fromJson (include "operator.SelectorLabels" (dict "a" (list $dot)))) "r") "ports" (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0) (dict "name" "https" "port" ((8443 | int) | int) "targetPort" "https")))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -38,7 +38,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "admissionregistration.k8s.io/v1" "kind" "MutatingWebhookConfiguration" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-mutating-webhook-configuration" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "annotations" (dict "cert-manager.io/inject-ca-from" (printf "%s/redpanda-serving-cert" $dot.Release.Namespace) ) )) "webhooks" (list (mustMergeOverwrite (dict "name" "" "clientConfig" (dict ) "sideEffects" (coalesce nil) "admissionReviewVersions" (coalesce nil) ) (dict "admissionReviewVersions" (list "v1" "v1beta1") "clientConfig" (mustMergeOverwrite (dict ) (dict "service" (mustMergeOverwrite (dict "namespace" "" "name" "" ) (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "path" "/mutate-redpanda-vectorized-io-v1alpha1-cluster" )) )) "failurePolicy" "Fail" "name" "mcluster.kb.io" "rules" (list (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "apiGroups" (list "redpanda.vectorized.io") "apiVersions" (list "v1alpha1") "resources" (list "clusters") )) (dict "operations" (list "CREATE" "UPDATE") ))) "sideEffects" "None" ))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "admissionregistration.k8s.io/v1" "kind" "MutatingWebhookConfiguration")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-mutating-webhook-configuration" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "annotations" (dict "cert-manager.io/inject-ca-from" (printf "%s/redpanda-serving-cert" $dot.Release.Namespace)))) "webhooks" (list (mustMergeOverwrite (dict "name" "" "clientConfig" (dict) "sideEffects" (coalesce nil) "admissionReviewVersions" (coalesce nil)) (dict "admissionReviewVersions" (list "v1" "v1beta1") "clientConfig" (mustMergeOverwrite (dict) (dict "service" (mustMergeOverwrite (dict "namespace" "" "name" "") (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "path" "/mutate-redpanda-vectorized-io-v1alpha1-cluster")))) "failurePolicy" "Fail" "name" "mcluster.kb.io" "rules" (list (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "apiGroups" (list "redpanda.vectorized.io") "apiVersions" (list "v1alpha1") "resources" (list "clusters"))) (dict "operations" (list "CREATE" "UPDATE")))) "sideEffects" "None")))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -54,7 +54,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "admissionregistration.k8s.io/v1" "kind" "ValidatingWebhookConfiguration" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-validating-webhook-configuration" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "annotations" (dict "cert-manager.io/inject-ca-from" (printf "%s/redpanda-serving-cert" $dot.Release.Namespace) ) )) "webhooks" (list (mustMergeOverwrite (dict "name" "" "clientConfig" (dict ) "sideEffects" (coalesce nil) "admissionReviewVersions" (coalesce nil) ) (dict "admissionReviewVersions" (list "v1" "v1beta1") "clientConfig" (mustMergeOverwrite (dict ) (dict "service" (mustMergeOverwrite (dict "namespace" "" "name" "" ) (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "path" "/validate-redpanda-vectorized-io-v1alpha1-cluster" )) )) "failurePolicy" "Fail" "name" "mcluster.kb.io" "rules" (list (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "apiGroups" (list "redpanda.vectorized.io") "apiVersions" (list "v1alpha1") "resources" (list "clusters") )) (dict "operations" (list "CREATE" "UPDATE") ))) "sideEffects" "None" ))) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "apiVersion" "admissionregistration.k8s.io/v1" "kind" "ValidatingWebhookConfiguration")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (printf "%s-validating-webhook-configuration" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "annotations" (dict "cert-manager.io/inject-ca-from" (printf "%s/redpanda-serving-cert" $dot.Release.Namespace)))) "webhooks" (list (mustMergeOverwrite (dict "name" "" "clientConfig" (dict) "sideEffects" (coalesce nil) "admissionReviewVersions" (coalesce nil)) (dict "admissionReviewVersions" (list "v1" "v1beta1") "clientConfig" (mustMergeOverwrite (dict) (dict "service" (mustMergeOverwrite (dict "namespace" "" "name" "") (dict "name" (printf "%s-webhook-service" (get (fromJson (include "operator.Name" (dict "a" (list $dot)))) "r")) "namespace" $dot.Release.Namespace "path" "/validate-redpanda-vectorized-io-v1alpha1-cluster")))) "failurePolicy" "Fail" "name" "mcluster.kb.io" "rules" (list (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "apiGroups" (list "redpanda.vectorized.io") "apiVersions" (list "v1alpha1") "resources" (list "clusters"))) (dict "operations" (list "CREATE" "UPDATE")))) "sideEffects" "None")))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_serviceaccount.go.tpl b/charts/operator/templates/_serviceaccount.go.tpl index f219a4d355..82de9e441b 100644 --- a/charts/operator/templates/_serviceaccount.go.tpl +++ b/charts/operator/templates/_serviceaccount.go.tpl @@ -6,17 +6,17 @@ {{- $_is_returning := false -}} {{- $values := $dot.Values.AsMap -}} {{- if $values.serviceAccount.create -}} -{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.name "") ))) "r") "") -}} +{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.name "")))) "r") "") -}} {{- $_is_returning = true -}} {{- (dict "r" $values.serviceAccount.name) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} +{{- (dict "r" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r")) | toJson -}} {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (default (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") $values.serviceAccount.name)) | toJson -}} +{{- (dict "r" (default (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") $values.serviceAccount.name)) | toJson -}} {{- break -}} {{- end -}} {{- end -}} @@ -32,7 +32,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ServiceAccount" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "annotations" $values.serviceAccount.annotations )) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil))) (mustMergeOverwrite (dict) (dict "kind" "ServiceAccount" "apiVersion" "v1")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.ServiceAccountName" (dict "a" (list $dot)))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "annotations" $values.serviceAccount.annotations)) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_servicemonitor.go.tpl b/charts/operator/templates/_servicemonitor.go.tpl index 5844882ac4..13ebb6d970 100644 --- a/charts/operator/templates/_servicemonitor.go.tpl +++ b/charts/operator/templates/_servicemonitor.go.tpl @@ -11,7 +11,7 @@ {{- break -}} {{- end -}} {{- $_is_returning = true -}} -{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ServiceMonitor" "apiVersion" "monitoring.coreos.com/v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "metrics-monitor") ))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) (dict "endpoints" (list (mustMergeOverwrite (dict ) (dict "port" "https" "path" "/metrics" "scheme" "https" "tlsConfig" (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (dict "insecureSkipVerify" true )) (dict )) "bearerTokenFile" "/var/run/secrets/kubernetes.io/serviceaccount/token" ))) "namespaceSelector" (mustMergeOverwrite (dict ) (dict "matchNames" (list $dot.Release.Namespace) )) "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") )) )) ))) | toJson -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil)) "spec" (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict))) (mustMergeOverwrite (dict) (dict "kind" "ServiceMonitor" "apiVersion" "monitoring.coreos.com/v1")) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil)) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot)))) "r") "metrics-monitor")))) "r") "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r") "namespace" $dot.Release.Namespace "annotations" $values.annotations)) "spec" (mustMergeOverwrite (dict "endpoints" (coalesce nil) "selector" (dict) "namespaceSelector" (dict)) (dict "endpoints" (list (mustMergeOverwrite (dict) (dict "port" "https" "path" "/metrics" "scheme" "https" "tlsConfig" (mustMergeOverwrite (dict "ca" (dict) "cert" (dict)) (mustMergeOverwrite (dict "ca" (dict) "cert" (dict)) (dict "insecureSkipVerify" true)) (dict)) "bearerTokenFile" "/var/run/secrets/kubernetes.io/serviceaccount/token"))) "namespaceSelector" (mustMergeOverwrite (dict) (dict "matchNames" (list $dot.Release.Namespace))) "selector" (mustMergeOverwrite (dict) (dict "matchLabels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot)))) "r")))))))) | toJson -}} {{- break -}} {{- end -}} {{- end -}} diff --git a/charts/operator/templates/_shims.tpl b/charts/operator/templates/_shims.tpl index 7fdd55a9e5..8bdb8a104f 100644 --- a/charts/operator/templates/_shims.tpl +++ b/charts/operator/templates/_shims.tpl @@ -143,6 +143,20 @@ {{- end -}} {{- end -}} +{{- define "_shims.fromYaml" -}} +{{- $in := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (fromYaml $in) -}} +{{- if (and (hasKey $result "Error") (eq (len $result) (1 | int))) -}} +{{- $_ := (fail (printf "fromYaml: unmarshalling failed: %s" (index $result "Error"))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + {{- define "_shims.asnumeric" -}} {{- $value := (index .a 0) -}} {{- range $_ := (list 1) -}} @@ -205,10 +219,10 @@ {{- end -}} {{- $reprStr := (toString $repr) -}} {{- $unit := (regexFind "(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)$" $repr) -}} -{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int)) | int) $reprStr)) -}} -{{- $_184_scale_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int) ) $unit (float64 0)) ))) "r") -}} -{{- $scale := ((index $_184_scale_ok 0) | float64) -}} -{{- $ok := (index $_184_scale_ok 1) -}} +{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr)))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit)))) "r") | int)) | int) $reprStr)) -}} +{{- $_196_scale_ok := (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int)) $unit (float64 0))))) "r") -}} +{{- $scale := ((index $_196_scale_ok 0) | float64) -}} +{{- $ok := (index $_196_scale_ok 1) -}} {{- if (not $ok) -}} {{- $_ := (fail (printf "unknown unit: %q" $unit)) -}} {{- end -}} @@ -222,9 +236,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_207_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_207_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_207_numeric_scale 1) | float64) -}} +{{- $_219_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_219_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_219_numeric_scale 1) | float64) -}} {{- $strs := (list "" "m" "k" "M" "G" "T" "P" "Ki" "Mi" "Gi" "Ti" "Pi") -}} {{- $scales := (list 1.0 0.001 (1000 | int) (1000000 | int) (1000000000 | int) (1000000000000 | int) (1000000000000000 | int) (1024 | int) (1048576 | int) (1073741824 | int) (1099511627776 | int) (1125899906842624 | int)) -}} {{- $idx := -1 -}} @@ -250,9 +264,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_234_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_234_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_234_numeric_scale 1) | float64) -}} +{{- $_246_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_246_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_246_numeric_scale 1) | float64) -}} {{- $_is_returning = true -}} {{- (dict "r" (int64 (ceil ((mulf $numeric $scale) | float64)))) | toJson -}} {{- break -}} @@ -263,9 +277,9 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $_239_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r") -}} -{{- $numeric := ((index $_239_numeric_scale 0) | float64) -}} -{{- $scale := ((index $_239_numeric_scale 1) | float64) -}} +{{- $_251_numeric_scale := (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr)))) "r") -}} +{{- $numeric := ((index $_251_numeric_scale 0) | float64) -}} +{{- $scale := ((index $_251_numeric_scale 1) | float64) -}} {{- $_is_returning = true -}} {{- (dict "r" (int64 (ceil ((mulf ((mulf $numeric 1000.0) | float64) $scale) | float64)))) | toJson -}} {{- break -}} @@ -276,7 +290,7 @@ {{- $repr := (index .a 0) -}} {{- range $_ := (list 1) -}} {{- $_is_returning := false -}} -{{- $unitMap := (dict "s" ((1000000000 | int64) | int64) "m" ((60000000000 | int64) | int64) "h" ((3600000000000 | int64) | int64) ) -}} +{{- $unitMap := (dict "s" ((1000000000 | int64) | int64) "m" ((60000000000 | int64) | int64) "h" ((3600000000000 | int64) | int64)) -}} {{- $original := $repr -}} {{- $value := ((0 | int64) | int64) -}} {{- if (eq $repr "") -}} @@ -295,12 +309,12 @@ {{- if (eq $n "") -}} {{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} {{- end -}} -{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n) ))) "r") | int) -1 $repr) -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n)))) "r") | int) -1 $repr) -}} {{- $unit := (regexFind `^(h|m|s)` $repr) -}} {{- if (eq $unit "") -}} {{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} {{- end -}} -{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int) -1 $repr) -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit)))) "r") | int) -1 $repr) -}} {{- $value = ((add $value (((mul (int64 $n) (ternary (index $unitMap $unit) 0 (hasKey $unitMap $unit))) | int64))) | int64) -}} {{- end -}} {{- if $_is_returning -}} diff --git a/charts/operator/templates/tests/create-topic-with-client-auth.yaml b/charts/operator/templates/tests/create-topic-with-client-auth.yaml deleted file mode 100644 index a7a43b31fc..0000000000 --- a/charts/operator/templates/tests/create-topic-with-client-auth.yaml +++ /dev/null @@ -1,104 +0,0 @@ -{{- $file := "files/three_node_redpanda.yaml" -}} -{{- $resourceType := "redpanda" -}} -{{- if and .Values.webhook.enabled (eq .Values.scope "Cluster" ) -}} - {{- $file = "files/three_node_cluster.yaml" -}} - {{- $resourceType = "cluster" -}} -{{- else if ne .Values.scope "Namespace" -}} - {{ fail "invalid combination of scope and webhook.enabled" }} -{{- end -}} ---- -apiVersion: v1 -kind: Pod -metadata: - name: create-test-topic-tls - annotations: - helm.sh/hook: test - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "2" -spec: - serviceAccount: {{ include "redpanda-operator.serviceAccountName" . }} - automountServiceAccountToken: false - containers: - - name: rpk - image: docker.redpanda.com/redpandadata/redpanda:latest - env: - - name: KUBECTL_VERSION - value: v1.27.4 - command: - - /bin/bash - - -c - - | - set -xeuo pipefail - - # Setup for the test - mkdir -p /etc/redpanda - cat > /etc/redpanda/redpanda.yaml << EOF - redpanda: - rpk: - kafka_api: - brokers: - - cluster-tls-0.cluster-tls.{{ .Release.Namespace }}.svc.cluster.local:9092 - - cluster-tls-1.cluster-tls.{{ .Release.Namespace }}.svc.cluster.local:9092 - - cluster-tls-2.cluster-tls.{{ .Release.Namespace }}.svc.cluster.local:9092 - tls: - enabled: true - key_file: /tmp/tls.key - cert_file: /tmp/tls.crt - truststore_file: /tmp/ca.crt - EOF - curl -Ls https://dl.k8s.io/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o /tmp/kubectl-${KUBECTL_VERSION} - echo "$(curl -Ls https://dl.k8s.io/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256) /tmp/kubectl-${KUBECTL_VERSION}" | sha256sum --check - chmod +x /tmp/kubectl-${KUBECTL_VERSION} - KUBECTL=/tmp/kubectl-${KUBECTL_VERSION} - - # Create the Redpanda resource - $KUBECTL -n {{ .Release.Namespace }} apply -f - < /tmp/tls.crt - $KUBECTL -n {{ .Release.Namespace }} get secret cluster-tls-user-client -o go-template='{{ `{{ base64decode (index .data "tls.key") }}` }}' > /tmp/tls.key - $KUBECTL -n {{ .Release.Namespace }} get secret cluster-tls-user-client -o go-template='{{ `{{ base64decode (index .data "ca.crt") }}` }}' > /tmp/ca.crt - - # Make sure Redpanda works - rpk topic create test -v - - # Clean up - $KUBECTL -n {{ .Release.Namespace }} delete -f - <