From b109a5c7fd09b7485b3c6486dda868c265d21cc4 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:32 +0000 Subject: [PATCH 1/6] make prepare --- packages/rancher-turtles/charts/.gitignore | 2 + packages/rancher-turtles/charts/.helmignore | 24 + packages/rancher-turtles/charts/Chart.yaml | 25 + packages/rancher-turtles/charts/README.md | 5 + packages/rancher-turtles/charts/app-readme.md | 5 + packages/rancher-turtles/charts/questions.yml | 49 + .../templates/addon-provider-fleet.yaml | 76 + .../charts/templates/azure-rbac.yaml | 19 + .../templates/clusterctl-cm-cleanup-job.yaml | 66 + .../charts/templates/clusterctl-config.yaml | 5 + .../charts/templates/core-provider.yaml | 85 + .../charts/templates/deployment.yaml | 88 + .../charts/templates/operator-crds.yaml | 13 + .../charts/templates/post-delete-job.yaml | 166 + .../charts/templates/post-upgrade-job.yaml | 124 + .../charts/templates/pre-delete-job.yaml | 67 + .../charts/templates/pre-install-job.yaml | 101 + .../templates/rancher-turtles-components.yaml | 3583 +++++++++++++++++ ...r-turtles-exp-clusterclass-components.yaml | 793 ++++ .../rancher-turtles-exp-day2-components.yaml | 666 +++ .../rancher-turtles-exp-day2-deployment.yaml | 106 + .../charts/templates/rke2-bootstrap.yaml | 50 + .../charts/templates/rke2-controlplane.yaml | 50 + .../charts/templates/ui-plugin.yaml | 16 + .../rancher-turtles/charts/values.schema.json | 332 ++ packages/rancher-turtles/charts/values.yaml | 130 + 26 files changed, 6646 insertions(+) create mode 100755 packages/rancher-turtles/charts/.gitignore create mode 100755 packages/rancher-turtles/charts/.helmignore create mode 100755 packages/rancher-turtles/charts/Chart.yaml create mode 100755 packages/rancher-turtles/charts/README.md create mode 100755 packages/rancher-turtles/charts/app-readme.md create mode 100755 packages/rancher-turtles/charts/questions.yml create mode 100755 packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml create mode 100755 packages/rancher-turtles/charts/templates/azure-rbac.yaml create mode 100755 packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml create mode 100755 packages/rancher-turtles/charts/templates/clusterctl-config.yaml create mode 100755 packages/rancher-turtles/charts/templates/core-provider.yaml create mode 100755 packages/rancher-turtles/charts/templates/deployment.yaml create mode 100755 packages/rancher-turtles/charts/templates/operator-crds.yaml create mode 100755 packages/rancher-turtles/charts/templates/post-delete-job.yaml create mode 100755 packages/rancher-turtles/charts/templates/post-upgrade-job.yaml create mode 100755 packages/rancher-turtles/charts/templates/pre-delete-job.yaml create mode 100755 packages/rancher-turtles/charts/templates/pre-install-job.yaml create mode 100755 packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml create mode 100755 packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml create mode 100755 packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml create mode 100755 packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml create mode 100755 packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml create mode 100755 packages/rancher-turtles/charts/templates/rke2-controlplane.yaml create mode 100755 packages/rancher-turtles/charts/templates/ui-plugin.yaml create mode 100755 packages/rancher-turtles/charts/values.schema.json create mode 100755 packages/rancher-turtles/charts/values.yaml diff --git a/packages/rancher-turtles/charts/.gitignore b/packages/rancher-turtles/charts/.gitignore new file mode 100755 index 00000000000..17e7ee2513a --- /dev/null +++ b/packages/rancher-turtles/charts/.gitignore @@ -0,0 +1,2 @@ +Chartlock.lock +charts/ diff --git a/packages/rancher-turtles/charts/.helmignore b/packages/rancher-turtles/charts/.helmignore new file mode 100755 index 00000000000..898df48862b --- /dev/null +++ b/packages/rancher-turtles/charts/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + diff --git a/packages/rancher-turtles/charts/Chart.yaml b/packages/rancher-turtles/charts/Chart.yaml new file mode 100755 index 00000000000..689ce94532b --- /dev/null +++ b/packages/rancher-turtles/charts/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension + catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/namespace: rancher-turtles-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.11.0-1' + catalog.cattle.io/release-name: rancher-turtles + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool +apiVersion: v2 +appVersion: 0.0.0 +description: Rancher Turtles is an extension to Rancher that brings full Cluster API + integration to Rancher. +home: https://github.com/rancher/turtles/ +icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg +keywords: +- rancher +- cluster-api +- capi +- provisioning +name: rancher-turtles +type: application +version: 0.0.0 diff --git a/packages/rancher-turtles/charts/README.md b/packages/rancher-turtles/charts/README.md new file mode 100755 index 00000000000..9b89a4160ce --- /dev/null +++ b/packages/rancher-turtles/charts/README.md @@ -0,0 +1,5 @@ +# Rancher Turtles Chart + +This chart installs Rancher Turtles using Helm. + +Checkout the [documentation](https://turtles.docs.rancher.com) for further information. diff --git a/packages/rancher-turtles/charts/app-readme.md b/packages/rancher-turtles/charts/app-readme.md new file mode 100755 index 00000000000..cfb4b629470 --- /dev/null +++ b/packages/rancher-turtles/charts/app-readme.md @@ -0,0 +1,5 @@ +# Rancher Turtles - The Cluster API Extension for Rancher + +Rancher Turtles brings enhanced integration of Cluster API with Rancher. + +For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com). diff --git a/packages/rancher-turtles/charts/questions.yml b/packages/rancher-turtles/charts/questions.yml new file mode 100755 index 00000000000..9ea290d3dec --- /dev/null +++ b/packages/rancher-turtles/charts/questions.yml @@ -0,0 +1,49 @@ +namespace: rancher-turtles-system +questions: + - variable: rancherTurtles.features.default + default: "false" + description: "Customize install settings" + label: Customize install settings + type: boolean + show_subquestion_if: true + group: "Rancher Turtles Extra Settings" + subquestions: + - variable: turtlesUI.enabled + default: false + type: boolean + description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually." + label: "Install CAPI UI (Experimental)" + - variable: rancherTurtles.cluster-api-operator.cleanup + default: true + description: "Specify that the CAPI Operator post-delete cleanup job will be performed." + type: boolean + label: Cleanup CAPI Operator installation + group: "CAPI Operator cleanup settings" + - variable: cluster-api-operator.cluster-api.rke2.enabled + default: "true" + description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled." + label: "Enable RKE2 Provider" + type: boolean + - variable: rancherTurtles.features.agent-tls-mode.enabled + default: false + description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters." + type: boolean + label: Enable Agent TLS Mode + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.kubectlImage + default: "registry.k8s.io/kubernetes/kubectl:v1.30.0" + description: "Specify the image to use when running kubectl in jobs." + type: string + label: Kubectl Image + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.day2operations.enabled + label: "Enable Day 2 Operations functionality in Rancher Turtles" + description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore." + type: boolean + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled + label: "Enable ETCD Backup and Restore" + description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles." + type: boolean + group: "ETCD Backup and Restore Settings" + show_if: "rancherTurtles.features.day2operations.enabled" \ No newline at end of file diff --git a/packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml b/packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml new file mode 100755 index 00000000000..346453cc6ac --- /dev/null +++ b/packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml @@ -0,0 +1,76 @@ +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: fleet + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + enableAutomaticUpdate: true + type: addon + additionalManifests: + name: fleet-addon-config + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-addon-config + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +data: + manifests: |- + apiVersion: addons.cluster.x-k8s.io/v1alpha1 + kind: FleetAddonConfig + metadata: + name: fleet-addon-config + spec: + config: + featureGates: + {{- if index .Values "rancherTurtles" "rancherInstalled" }} + configMap: + ref: + kind: ConfigMap + apiVersion: v1 + name: rancher-config + namespace: cattle-system + {{- end }} + experimentalOciStorage: true + experimentalHelmOps: true + clusterClass: + patchResource: true + setOwnerReferences: true + cluster: + agentNamespace: cattle-fleet-system + applyClassGroup: true + patchResource: true + setOwnerReferences: true + hostNetwork: true + selector: + matchLabels: + cluster-api.cattle.io/rancher-auto-import: "true" + matchExpressions: + - key: cluster-api.cattle.io/disable-fleet-auto-import + operator: DoesNotExist + namespaceSelector: + matchLabels: + cluster-api.cattle.io/rancher-auto-import: "true" + matchExpressions: + - key: cluster-api.cattle.io/disable-fleet-auto-import + operator: DoesNotExist + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cappf-controller-psa + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-psa + subjects: + - kind: ServiceAccount + name: caapf-controller-manager + namespace: {{ .Values.rancherTurtles.namespace }} diff --git a/packages/rancher-turtles/charts/templates/azure-rbac.yaml b/packages/rancher-turtles/charts/templates/azure-rbac.yaml new file mode 100755 index 00000000000..4cd993c7682 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/azure-rbac.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caprke2-azure-aggregated-role + labels: + cluster.x-k8s.io/aggregate-to-capz-manager: "true" +rules: +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + verbs: + - create + - update + - delete + - get + - list + - patch + - watch \ No newline at end of file diff --git a/packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml b/packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml new file mode 100755 index 00000000000..2617ffa87d8 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml @@ -0,0 +1,66 @@ +{{- if index .Values "rancherTurtles" "rancherInstalled" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pre-upgrade-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-delete, pre-upgrade" + "helm.sh/hook-weight": "-2" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pre-upgrade-job-delete-clusterctl-configmap + annotations: + "helm.sh/hook": "post-delete, pre-upgrade" + "helm.sh/hook-weight": "-2" +rules: +- apiGroups: [""] + resources: + - configmaps + verbs: + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pre-upgrade-job-clusterctl-configmap-cleanup + annotations: + "helm.sh/hook": "post-delete, pre-upgrade" + "helm.sh/hook-weight": "-2" +subjects: + - kind: ServiceAccount + name: pre-upgrade-job + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + kind: ClusterRole + name: pre-upgrade-job-delete-clusterctl-configmap + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-clusterctl-configmap-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": "post-delete, pre-upgrade" + "helm.sh/hook-weight": "-1" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-upgrade-job + containers: + - name: rancher-clusterctl-configmap-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + args: + - delete + - configmap + - --namespace={{ .Values.rancherTurtles.namespace }} + - clusterctl-config + - --ignore-not-found=true + restartPolicy: Never +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/clusterctl-config.yaml b/packages/rancher-turtles/charts/templates/clusterctl-config.yaml new file mode 100755 index 00000000000..225f24db0fa --- /dev/null +++ b/packages/rancher-turtles/charts/templates/clusterctl-config.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: clusterctl-config + namespace: '{{ .Values.rancherTurtles.namespace }}' \ No newline at end of file diff --git a/packages/rancher-turtles/charts/templates/core-provider.yaml b/packages/rancher-turtles/charts/templates/core-provider.yaml new file mode 100755 index 00000000000..a946d19193a --- /dev/null +++ b/packages/rancher-turtles/charts/templates/core-provider.yaml @@ -0,0 +1,85 @@ +{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: cluster-api + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: cluster-api + type: core + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }} +{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }} +{{- end }} + additionalManifests: + name: capi-additional-rbac-roles + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: capi-additional-rbac-roles + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +data: + manifests: |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: provisioning-rke-cattle-io + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + rules: + - apiGroups: ["rke.cattle.io"] + resources: ["*"] + verbs: ["*"] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: provisioning-rke-machine-cattle-io + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" + rules: + - apiGroups: ["rke-machine.cattle.io"] + resources: ["*"] + verbs: ["*"] +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/deployment.yaml b/packages/rancher-turtles/charts/templates/deployment.yaml new file mode 100755 index 00000000000..67e30bc9dfe --- /dev/null +++ b/packages/rancher-turtles/charts/templates/deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: rancher-turtles-controller-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + {{- if .Values.rancherTurtles.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.rancherTurtles.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - args: + - --leader-elect + - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}} + {{- range .Values.rancherTurtles.managerArguments }} + - {{ . }} + {{- end }} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- if (contains "sha256:" .Values.rancherTurtles.imageVersion) }} + image: '{{ .Values.rancherTurtles.image }}@{{ .Values.rancherTurtles.imageVersion }}' + {{- else }} + image: '{{ .Values.rancherTurtles.image }}:{{ .Values.rancherTurtles.imageVersion }}' + {{- end}} + imagePullPolicy: '{{ .Values.rancherTurtles.imagePullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 9440 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 300Mi + requests: + cpu: 10m + memory: 128Mi + {{- with .Values.rancherTurtles.volumeMounts.manager }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + serviceAccountName: rancher-turtles-manager + terminationGracePeriodSeconds: 10 + {{- with .Values.rancherTurtles.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane diff --git a/packages/rancher-turtles/charts/templates/operator-crds.yaml b/packages/rancher-turtles/charts/templates/operator-crds.yaml new file mode 100755 index 00000000000..e3f7abd63ea --- /dev/null +++ b/packages/rancher-turtles/charts/templates/operator-crds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + name: rancher-turtles-operator-admin +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' diff --git a/packages/rancher-turtles/charts/templates/post-delete-job.yaml b/packages/rancher-turtles/charts/templates/post-delete-job.yaml new file mode 100755 index 00000000000..19f036725c2 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/post-delete-job.yaml @@ -0,0 +1,166 @@ +{{- if index .Values "cluster-api-operator" "cleanup" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-delete-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-delete-job-delete-webhooks + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-delete-job-webhook-cleanup + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: post-delete-job + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + kind: ClusterRole + name: post-delete-job-delete-webhooks + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-mutatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + containers: + - name: cluster-api-operator-mutatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - mutatingwebhookconfigurations.admissionregistration.k8s.io + - capi-mutating-webhook-configuration + - capi-kubeadm-bootstrap-mutating-webhook-configuration + - capi-kubeadm-control-plane-mutating-webhook-configuration + - rke2-bootstrap-mutating-webhook-configuration + - rke2-control-plane-mutating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-validatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + containers: + - name: cluster-api-operator-validatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - validatingwebhookconfigurations.admissionregistration.k8s.io + - capi-validating-webhook-configuration + - capi-kubeadm-bootstrap-validating-webhook-configuration + - capi-kubeadm-control-plane-validating-webhook-configuration + - rke2-bootstrap-validating-webhook-configuration + - rke2-control-plane-validating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-deployment-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-delete-job + restartPolicy: Never + containers: + - name: delete-capi-controller-manager + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + - --ignore-not-found=true + - name: delete-capi-kubeadm-bootstrap-controller-manager + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-kubeadm-bootstrap-controller-manager + - -n + - capi-kubeadm-bootstrap-system + - --ignore-not-found=true + - name: delete-capi-kubeadm-control-plane-controller-manager + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/capi-kubeadm-control-plane-controller-manager + - -n + - capi-kubeadm-control-plane-system + - --ignore-not-found=true + - name: delete-rke2-kubeadm-bootstrap-controller-manager + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/rke2-bootstrap-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} + - --ignore-not-found=true + - name: delete-rke2-control-plane-controller-manager + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + command: ["kubectl"] + args: + - delete + - deployments.apps/rke2-control-plane-controller-manager + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} + - --ignore-not-found=true +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/post-upgrade-job.yaml b/packages/rancher-turtles/charts/templates/post-upgrade-job.yaml new file mode 100755 index 00000000000..1982e3e15bb --- /dev/null +++ b/packages/rancher-turtles/charts/templates/post-upgrade-job.yaml @@ -0,0 +1,124 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-upgrade-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-upgrade-job-delete-capi-operator-resources + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - operator.cluster.x-k8s.io + resources: + - addonproviders + - bootstrapproviders + - controlplaneproviders + - coreproviders + - infrastructureproviders + - ipamproviders + - runtimeextensionproviders + verbs: + - get + - watch + - list + - delete + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-upgrade-job-capi-operator-resources-cleanup + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: post-upgrade-job + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + kind: ClusterRole + name: post-upgrade-job-delete-capi-operator-resources + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-api-operator-resources-cleanup-script + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +data: + cleanup.sh: | + #!/usr/bin/env bash + + set -euo pipefail + + remove_finalizers_and_delete() { + local resource_type="$1" + if kubectl get crd $resource_type > /dev/null 2>&1; then + kubectl get $resource_type --all-namespaces --no-headers --ignore-not-found | awk '{print $1 " " $2}' | xargs -r -n2 bash -c 'kubectl patch '"${resource_type}"' "$1" -n "$0" --type merge -p "{\"metadata\":{\"finalizers\":null}}"' + kubectl delete $resource_type --all --all-namespaces + else + echo "Resource type $resource_type does not exist, skipping cleanup." + fi + } + + resource_types=( + "addonproviders.operator.cluster.x-k8s.io" + "bootstrapproviders.operator.cluster.x-k8s.io" + "controlplaneproviders.operator.cluster.x-k8s.io" + "coreproviders.operator.cluster.x-k8s.io" + "infrastructureproviders.operator.cluster.x-k8s.io" + "ipamproviders.operator.cluster.x-k8s.io" + "runtimeextensionproviders.operator.cluster.x-k8s.io" + ) + + for resource_type in "${resource_types[@]}"; do + remove_finalizers_and_delete "$resource_type" + done +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-api-operator-resources-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: post-upgrade-job + containers: + - name: cluster-api-operator-resources-cleanup + image: {{ index .Values "rancherTurtles" "shellImage" }} + command: ["/bin/bash"] + args: + - "-c" + - "/scripts/cleanup.sh" + volumeMounts: + - name: script + mountPath: /scripts + volumes: + - name: script + configMap: + name: cluster-api-operator-resources-cleanup-script + defaultMode: 0777 + restartPolicy: Never +--- \ No newline at end of file diff --git a/packages/rancher-turtles/charts/templates/pre-delete-job.yaml b/packages/rancher-turtles/charts/templates/pre-delete-job.yaml new file mode 100755 index 00000000000..6567dafd0d9 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/pre-delete-job.yaml @@ -0,0 +1,67 @@ +{{- if index .Values "rancherTurtles" "rancherInstalled" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pre-delete-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pre-delete-job-delete-capiproviders + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +rules: +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders + verbs: + - list + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pre-delete-job-capiprovider-cleanup + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-2" +subjects: + - kind: ServiceAccount + name: pre-delete-job + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + kind: ClusterRole + name: pre-delete-job-delete-capiproviders + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-capiprovider-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-1" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-delete-job + containers: + - name: rancher-capiprovider-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + args: + - delete + - capiproviders + - -A + - --all + - --cascade=foreground + restartPolicy: Never +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/pre-install-job.yaml b/packages/rancher-turtles/charts/templates/pre-install-job.yaml new file mode 100755 index 00000000000..e0e7cfdd7c6 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/pre-install-job.yaml @@ -0,0 +1,101 @@ +{{- if index .Values "rancherTurtles" "rancherInstalled"}} +--- +apiVersion: management.cattle.io/v3 +kind: Feature +metadata: + name: embedded-cluster-api + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +spec: + value: false +{{- end }} +{{- if index .Values "rancherTurtles" "rancherInstalled" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pre-install-job + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pre-install-job-delete-webhooks + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pre-install-job-webhook-cleanup + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +subjects: + - kind: ServiceAccount + name: pre-install-job + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + kind: ClusterRole + name: pre-install-job-delete-webhooks + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-mutatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-install-job + containers: + - name: rancher-mutatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + args: + - delete + - mutatingwebhookconfigurations.admissionregistration.k8s.io + - mutating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: rancher-validatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: pre-install-job + containers: + - name: rancher-validatingwebhook-cleanup + image: {{ index .Values "rancherTurtles" "kubectlImage" }} + args: + - delete + - validatingwebhookconfigurations.admissionregistration.k8s.io + - validating-webhook-configuration + - --ignore-not-found=true + restartPolicy: Never +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml b/packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml new file mode 100755 index 00000000000..5ade06fed7d --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml @@ -0,0 +1,3583 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + helm.sh/resource-policy: keep + name: capiproviders.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: CAPIProvider + listKind: CAPIProviderList + plural: capiproviders + singular: capiprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .status.name + name: ProviderName + type: string + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.phase + name: Phase + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CAPIProvider is the Schema for the CAPI Providers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CAPIProviderSpec defines the desired state of CAPIProvider. + example: + credentials: + rancherCloudCredential: user-credential + name: aws + type: infrastructure + version: v2.3.0 + properties: + additionalDeployments: + additionalProperties: + description: |- + AdditionalDeployments defines the properties that can be enabled on the controller + manager and deployment for the provider if the provider is managing additional deployments. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the additional provider deployment. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the + Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to + distinguish between explicit zero and not specified. Defaults + to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + manager: + description: Manager defines the properties that can be enabled + on the controller manager for the additional provider deployment. + properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should + be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + type: object + description: |- + AdditionalDeployments is a map of additional deployments that the provider + should manage. The key is the name of the deployment and the value is the + DeploymentSpec. + type: object + additionalManifests: + description: |- + AdditionalManifests is reference to configmap that contains additional manifests that will be applied + together with the provider components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the + namespace of the provider will be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: |- + ConfigSecret is the object with name and namespace of the Secret providing + the configuration variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider components. + The contents of the secret will be treated as immutable. If changes need + to be made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must be in + the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + credentials: + description: Credentials is the structure holding the credentials + to use for the provider. Only one credential type could be set at + a time. + example: + rancherCloudCredential: user-credential + maxProperties: 1 + minProperties: 1 + properties: + rancherCloudCredential: + description: RancherCloudCredential is the Rancher Cloud Credential + name + type: string + rancherCloudCredentialNamespaceName: + description: RancherCloudCredentialNamespaceName is the Rancher + Cloud Credential namespace:name reference + type: string + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: rancherCloudCredentialNamespaceName should be in the namespace:name + format. + rule: '!has(self.rancherCloudCredentialNamespaceName) || self.rancherCloudCredentialNamespaceName.matches(''^.+:.+$'')' + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: |- + ContainerSpec defines the properties available to override for each + container in a provider deployment such as Image and Args to the container’s + entrypoint. + properties: + args: + additionalProperties: + type: string + description: |- + Args represents extra provider specific flags that are not encoded as fields in this API. + Explicit controller manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead of the + container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + enableAutomaticUpdate: + description: EnableAutomaticUpdate can be used to automatically update + the CAPIProvider to a newest version. + type: boolean + features: + description: Features is a collection of features to enable. + example: + clusterResourceSet: true + clusterTopology: true + machinePool: true + properties: + clusterResourceSet: + description: ClusterResourceSet if set to true will enable the + cluster resource set feature. + type: boolean + clusterTopology: + description: ClusterTopology if set to true will enable the clusterclass + feature. + type: boolean + machinePool: + description: MachinePool if set to true will enable the machine + pool feature. + type: boolean + type: object + fetchConfig: + description: |- + FetchConfig determines how the operator will fetch the components and metadata for the provider. + If nil, the operator will try to fetch components according to default + embedded fetch configuration for the given kind and `ObjectMeta.Name`. + For example, the infrastructure name `aws` will fetch artifacts from + https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string + selector: + description: |- + Selector to be used for fetching provider’s components and metadata from + ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain + components and metadata for a specific version only. + Note: the name of the ConfigMap should be set to the version or to override this + add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: |- + URL to be used for fetching the provider’s components and metadata from a remote Github repository. + For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick up + desired version of the release from GitHub. + type: string + type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object + cacheNamespace: + description: |- + CacheNamespace if specified restricts the manager's cache to watch objects in + the desired namespace Defaults to all namespaces + + Note: If a namespace is specified, controllers can still Watch for a + cluster-scoped resource (e.g Node). For namespaced resources the cache + will only hold objects from the desired namespace. + type: string + controller: + description: |- + Controller contains global configuration options for controllers + registered within this manager. + properties: + cacheSyncTimeout: + description: |- + CacheSyncTimeout refers to the time limit set to wait for syncing caches. + Defaults to 2 minutes if not set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: |- + GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation + allowed for that controller. + + When a controller is registered within this manager using the builder utilities, + users have to specify the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this map, the concurrency + for that controller is set to the number specified. + + The key is expected to be consistent in form with GroupKind.String(), + e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: |- + FeatureGates define provider specific feature flags that will be passed + in as container args to the provider's controller manager. + Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: |- + GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) + To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) + The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: |- + HealthProbeBindAddress is the TCP address that the controller should bind to + for serving health probes + It can be set to "0" or "" to disable serving the health probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: |- + LeaderElection is the LeaderElection config to be used when configuring + the manager.Manager leader election + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaseDuration: + description: |- + leaseDuration is the duration that non-leader candidates will wait + after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced + by another candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: |- + renewDeadline is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less + than or equal to the lease duration. This is only applicable if leader + election is enabled. + type: string + resourceLock: + description: |- + resourceLock indicates the resource object type that will be used to lock + during leader election cycles. + type: string + resourceName: + description: |- + resourceName indicates the name of resource object that will be used to lock + during leader election cycles. + type: string + resourceNamespace: + description: |- + resourceName indicates the namespace of resource object that will be used to lock + during leader election cycles. + type: string + retryPeriod: + description: |- + retryPeriod is the duration the clients should wait between attempting + acquisition and renewal of a leadership. This is only applicable if + leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: |- + MaxConcurrentReconciles is the maximum number of concurrent Reconciles + which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains the controller metrics configuration + properties: + bindAddress: + description: |- + BindAddress is the TCP address that the controller should bind to + for serving prometheus metrics. + It can be set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: |- + ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). + Default empty, meaning the profiler is disabled. + Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: |- + SyncPeriod determines the minimum frequency at which watched resources are + reconciled. A lower period will correct entropy more quickly, but reduce + responsiveness to change if there are many watched resources. Change this + value only if you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all controllers + so that all controllers will not send list requests simultaneously. + type: string + verbosity: + default: 1 + description: |- + Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: |- + CertDir is the directory that contains the server key and certificate. + if not set, webhook server would look up the server key and certificate in + {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate + must be named tls.key and tls.crt, respectively. + type: string + host: + description: |- + Host is the hostname that the webhook server binds to. + It is used to set webhook.Server.Host. + type: string + port: + description: |- + Port is the port that the webhook server serves at. + It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: |- + ManifestPatches are applied to rendered provider manifests to customize the + provider manifests. Patches are applied in the order they are specified. + The `kind` field must match the target object, and + if `apiVersion` is specified it will only be applied to matching objects. + This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + name: + description: Name is the name of the provider to enable + example: aws + type: string + type: + description: Type is the type of the provider to enable + example: InfrastructureProvider + type: string + variables: + additionalProperties: + type: string + description: Variables is a map of environment variables to add to + the content of the ConfigSecret + example: + CLUSTER_TOPOLOGY: "true" + EXP_CLUSTER_RESOURCE_SET: "true" + EXP_MACHINE_POOL: "true" + type: object + version: + description: Version indicates the provider version. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: 'CAPI Provider version should be in the semver format prefixed + with ''v''. Example: v1.9.3' + rule: '!has(self.version) || self.version.matches(r"""^v([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$""")' + - message: Config secret namespace is always equal to the resource namespace + and should not be set. + rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)' + - message: One of fetchConfig oci, url or selector should be set. + rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url), + has(self.fetchConfig.selector)].exists_one(e, e)' + status: + default: {} + description: CAPIProviderStatus defines the observed state of CAPIProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: |- + Contract will contain the core provider contract that the provider is + abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + name: + description: Name reflects actual provider name, which will be visible + to users in 'kubectl get capiproviders -A -o wide' + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + default: Pending + description: Indicates the provider status + type: string + variables: + additionalProperties: + type: string + default: + CLUSTER_TOPOLOGY: "true" + EXP_CLUSTER_RESOURCE_SET: "true" + EXP_MACHINE_POOL: "true" + description: Variables is a map of environment variables added to + the content of the ConfigSecret + type: object + type: object + type: object + x-kubernetes-validations: + - message: CAPI Provider type should always be set. + rule: has(self.spec.type) + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + helm.sh/resource-policy: keep + name: clusterctlconfigs.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: ClusterctlConfig + listKind: ClusterctlConfigList + plural: clusterctlconfigs + singular: clusterctlconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterctlConfig is the Schema for the CAPI Clusterctl config + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterctlConfigSpec defines the user overrides for images + and known providers with sources + properties: + images: + description: Images is a list of image overrided for specified providers + items: + description: Image allows to define transformations to apply to + the image contained in the YAML manifests. + properties: + name: + description: Name of the provider image override + example: all + type: string + repository: + description: Repository sets the container registry override + to pull images from. + example: my-registry/my-org + type: string + tag: + description: Tag allows to specify a tag for the images. + type: string + required: + - name + type: object + type: array + providers: + description: Provider overrides + items: + description: Provider allows to define providers with known URLs + to pull the components. + properties: + name: + description: Name of the provider + type: string + type: + description: Type is the type of the provider + example: InfrastructureProvider + type: string + url: + description: URL of the provider components. Will be used unless + and override is specified + type: string + required: + - name + - type + - url + type: object + type: array + type: object + type: object + x-kubernetes-validations: + - message: Clusterctl Config should be named clusterctl-config. + rule: self.metadata.name == 'clusterctl-config' + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-leader-election-role + namespace: '{{ .Values.rancherTurtles.namespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rancher-turtles-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + name: rancher-turtles-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - namespaces + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - catalog.cattle.io + resources: + - uiplugins + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - management.cattle.io + resources: + - clusterregistrationtokens + - clusters + - clusters/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - management.cattle.io + resources: + - clusterregistrationtokens/status + - settings + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.cattle.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - rancher-turtles-manager-role + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders/finalizers + verbs: + - update +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders/status + verbs: + - get + - patch + - update +- apiGroups: + - turtles-capi.cattle.io + resources: + - clusterctlconfigs + - clusterctlconfigs/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - clusterctlconfigs/finalizers + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-leader-election-rolebinding + namespace: '{{ .Values.rancherTurtles.namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: rancher-turtles + name: rancher-turtles-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml new file mode 100755 index 00000000000..2e58ebdabdd --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml @@ -0,0 +1,793 @@ +{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: clusterclass + name: clusterupgradegroups.rollout.turtles-capi.cattle.io +spec: + group: rollout.turtles-capi.cattle.io + names: + kind: ClusterUpgradeGroup + listKind: ClusterUpgradeGroupList + plural: clusterupgradegroups + singular: clusterupgradegroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterUpgradeGroup is the Schema for the clusterupgrades API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup + properties: + className: + type: string + rolloutStrategy: + description: |- + RolloutStrategy controls the rollout of bundles, by defining + partitions, canaries and percentages for cluster availability. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if + RolloutStrategyType = RollingUpdate. + properties: + maxFailures: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of failed attempts before skipping the update for a given + cluster. + x-kubernetes-int-or-string: true + maxRollouts: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be in update state (non-active) during a + rolling update. + x-kubernetes-int-or-string: true + rolloutDelay: + anyOf: + - type: integer + - type: string + description: The delay between subsequent cluster rollouts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. + Default is RollingUpdate. + type: string + type: object + targets: + description: Targets refer to the clusters that should be upgraded. + items: + properties: + clusterGroup: + description: ClusterGroup to match a specific cluster group + by name. + nullable: true + type: string + clusterGroupSelector: + description: ClusterGroupSelector is a selector to match cluster + groups. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: |- + ClusterName to match a specific cluster by name that will be + selected + nullable: true + type: string + clusterSelector: + description: |- + ClusterSelector is a selector to match clusters. The structure is + the standard metav1.LabelSelector format. If clusterGroupSelector or + clusterGroup is specified, clusterSelector will be used only to + further refine the selection after clusterGroupSelector and + clusterGroup is evaluated. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + doNotDeploy: + description: DoNotDeploy if set to true, will not deploy to + this target. + type: boolean + name: + description: |- + Name of target. This value is largely for display and logging. If + not specified a default name of the format "target000" will be used + type: string + type: object + type: array + required: + - className + type: object + status: + description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + turtles-capi.cattle.io: clusterclass + name: clusterupgrades.rollout.turtles-capi.cattle.io +spec: + group: rollout.turtles-capi.cattle.io + names: + kind: ClusterUpgrade + listKind: ClusterUpgradeList + plural: clusterupgrades + singular: clusterupgrade + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterUpgrade is the Schema for the clusterupgrades API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade + properties: + className: + type: string + rolloutStrategy: + description: |- + RolloutStrategy controls the rollout of bundles, by defining + partitions, canaries and percentages for cluster availability. + properties: + autoPartitionSize: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of how to automatically partition clusters if no + specific partitioning strategy is configured. + default: 25% + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of clusters that can be unavailable during an update + of a bundle. This follows the same basic approach as a deployment rollout + strategy. Once the number of clusters meets unavailable state update will be + paused. Default value is 100% which doesn't take effect on update. + default: 100% + x-kubernetes-int-or-string: true + maxUnavailablePartitions: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of cluster partitions that can be unavailable during + an update of a bundle. + default: 0 + x-kubernetes-int-or-string: true + partitions: + description: |- + A list of definitions of partitions. If any target clusters do not match + the configuration they are added to partitions at the end following the + autoPartitionSize. + items: + description: Partition defines a separate rollout strategy for + a set of clusters. + properties: + clusterGroup: + description: A cluster group name to include in this partition + type: string + clusterGroupSelector: + description: Selector matching cluster group labels to include + in this partition + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: ClusterName is the name of a cluster to include + in this partition + type: string + clusterSelector: + description: Selector matching cluster labels to include + in this partition + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of clusters that can be unavailable in this + partition before this partition is treated as done. + default: 10% + x-kubernetes-int-or-string: true + name: + description: A user-friendly name given to the partition + used for Display (optional). + type: string + type: object + type: array + type: object + targets: + description: Targets refer to the clusters that should be upgraded. + items: + properties: + clusterGroup: + description: ClusterGroup to match a specific cluster group + by name. + nullable: true + type: string + clusterGroupSelector: + description: ClusterGroupSelector is a selector to match cluster + groups. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: |- + ClusterName to match a specific cluster by name that will be + selected + nullable: true + type: string + clusterSelector: + description: |- + ClusterSelector is a selector to match clusters. The structure is + the standard metav1.LabelSelector format. If clusterGroupSelector or + clusterGroup is specified, clusterSelector will be used only to + further refine the selection after clusterGroupSelector and + clusterGroup is evaluated. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + doNotDeploy: + description: DoNotDeploy if set to true, will not deploy to + this target. + type: boolean + name: + description: |- + Name of target. This value is largely for display and logging. If + not specified a default name of the format "target000" will be used + type: string + type: object + type: array + required: + - className + type: object + status: + description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-leader-election-role + namespace: {{ index .Values "rancherTurtles" "namespace" }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager-role +rules: +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusters + - clusters/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroupss/finalizers + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-leader-election-rolebinding + namespace: {{ index .Values "rancherTurtles" "namespace" }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-clusterclass-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-clusterclass-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-controller-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + spec: + containers: + - args: + - --leader-elect + command: + - ./turtles-clusterclass-operations + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}} + {{- if contains "sha256:" $imageVersion }} + image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }} + {{- else }} + image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }} + {{- end }} + imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: rancher-turtles-clusterclass-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml new file mode 100755 index 00000000000..836a09a571e --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml @@ -0,0 +1,666 @@ +{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: etcdmachinesnapshots.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: ETCDMachineSnapshot + listKind: ETCDMachineSnapshotList + plural: etcdmachinesnapshots + singular: etcdmachinesnapshot + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot + properties: + clusterName: + type: string + location: + type: string + machineName: + type: string + required: + - clusterName + type: object + x-kubernetes-validations: + - message: ETCD snapshot location can't be empty. + rule: size(self.clusterName)>0 + status: + default: {} + description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore + properties: + error: + type: string + phase: + description: ETCDSnapshotPhase is a string representation of the phase + of the etcd snapshot + type: string + s3Snapshots: + items: + properties: + creationTime: + description: CreationTime is the timestamp when the snapshot + was taken by etcd. + format: date-time + type: string + location: + type: string + name: + type: string + required: + - location + - name + type: object + type: array + snapshotFileName: + type: string + snapshots: + items: + properties: + creationTime: + description: CreationTime is the timestamp when the snapshot + was taken by etcd. + format: date-time + type: string + location: + type: string + machineName: + type: string + name: + type: string + required: + - location + - machineName + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: etcdsnapshotrestores.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: ETCDSnapshotRestore + listKind: ETCDSnapshotRestoreList + plural: etcdsnapshotrestores + singular: etcdsnapshotrestore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. + properties: + clusterName: + type: string + etcdMachineSnapshotName: + type: string + required: + - clusterName + - etcdMachineSnapshotName + type: object + x-kubernetes-validations: + - message: Cluster Name can't be empty. + rule: size(self.clusterName)>0 + - message: ETCD machine snapshot name can't be empty. + rule: size(self.etcdMachineSnapshotName)>0 + status: + default: {} + description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. + properties: + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This field may be empty. + maxLength: 10240 + minLength: 1 + type: string + reason: + description: |- + reason is the reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + maxLength: 256 + minLength: 1 + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + maxLength: 32 + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + phase: + default: Pending + description: ETCDSnapshotPhase is a string representation of the phase + of the etcd snapshot + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: RKE2EtcdMachineSnapshotConfig + listKind: RKE2EtcdMachineSnapshotConfigList + plural: rke2etcdmachinesnapshotconfigs + singular: rke2etcdmachinesnapshotconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state + of RKE2EtcdMachineSnapshotConfig + properties: + local: + properties: + dataDir: + type: string + required: + - dataDir + type: object + s3: + properties: + bucket: + type: string + endpoint: + type: string + endpointCAsecret: + type: string + folder: + type: string + insecure: + type: boolean + region: + type: string + s3CredentialSecret: + type: string + skipSSLVerify: + type: boolean + type: object + required: + - local + - s3 + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-leader-election-role + namespace: {{ index .Values "rancherTurtles" "namespace" }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles-exp/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles-exp/aggregate-to-manager: "true" + rancher-turtles/aggregate-to-manager: "true" + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + - rke2configs/finalizers + - rke2configs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - management.cattle.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots + - etcdsnapshotrestores + - rke2etcdmachinesnapshotconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots/finalizers + - etcdsnapshotrestores/finalizers + - rke2etcdmachinesnapshotconfigs/finalizers + verbs: + - update +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots/status + - etcdsnapshotrestores/status + - rke2etcdmachinesnapshotconfigs/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-leader-election-rolebinding + namespace: {{ index .Values "rancherTurtles" "namespace" }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-day2-operations-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-day2-operations-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-day2-operations-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-day2-operations-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + turtles-capi.cattle.io: day2-operations +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-serving-cert + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + dnsNames: + - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc + - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local + issuerRef: + kind: Issuer + name: rancher-turtles-day2-operations-selfsigned-issuer + secretName: rancher-turtles-day2-operations-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-selfsigned-issuer + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: systemagentrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot + failurePolicy: Fail + matchPolicy: Equivalent + name: etcdmachinesnapshot.kb.io + rules: + - apiGroups: + - turtles-capi.cattle.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - etcdmachinesnapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore + failurePolicy: Fail + matchPolicy: Equivalent + name: etcdsnapshotrestore.kb.io + rules: + - apiGroups: + - turtles-capi.cattle.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - etcdsnapshotrestores + sideEffects: None +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml new file mode 100755 index 00000000000..20e13fbc7f5 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml @@ -0,0 +1,106 @@ +{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-controller-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + spec: + containers: + - args: + - --leader-elect + - --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + command: + - ./turtles-day2-operations + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }} + image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}' + {{- else }} + image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}' + {{- end }} + imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9440 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + {{- end }} + serviceAccountName: rancher-turtles-day2-operations-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + - name: cert + secret: + secretName: rancher-turtles-day2-operations-webhook-service-cert + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +{{- end }} \ No newline at end of file diff --git a/packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml b/packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml new file mode 100755 index 00000000000..1210228e5da --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml @@ -0,0 +1,50 @@ +{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: rke2-bootstrap + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: rke2 + type: bootstrap + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }} +{{- end }} +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/rke2-controlplane.yaml b/packages/rancher-turtles/charts/templates/rke2-controlplane.yaml new file mode 100755 index 00000000000..8b5e90fd3d8 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/rke2-controlplane.yaml @@ -0,0 +1,50 @@ +{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }} +{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} +{{- if not (lookup "v1" "Namespace" "" $namespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: rke2-control-plane + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: rke2 + type: controlPlane + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }} +{{- end }} +{{- end }} diff --git a/packages/rancher-turtles/charts/templates/ui-plugin.yaml b/packages/rancher-turtles/charts/templates/ui-plugin.yaml new file mode 100755 index 00000000000..6880c4d58f0 --- /dev/null +++ b/packages/rancher-turtles/charts/templates/ui-plugin.yaml @@ -0,0 +1,16 @@ +{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }} +apiVersion: catalog.cattle.io/v1 +kind: UIPlugin +metadata: + name: capi + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + plugin: + endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }} + name: capi + version: {{ index .Values "turtlesUI" "version" }} + metadata: + catalog.cattle.io/display-name: CAPI UI + catalog.cattle.io/experimental: "true" + catalog.cattle.io/ui-extensions-version: ">= 3.0.0" +{{- end }} diff --git a/packages/rancher-turtles/charts/values.schema.json b/packages/rancher-turtles/charts/values.schema.json new file mode 100755 index 00000000000..a862404897f --- /dev/null +++ b/packages/rancher-turtles/charts/values.schema.json @@ -0,0 +1,332 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Helm Chart Values Schema", + "type": "object", + "properties": { + "turtlesUI": { + "type": "object", + "description": "Manages the UI component.", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "description": "Turn UI on or off." + }, + "version": { + "type": "string", + "default": "0.8.2", + "description": "UI version to use." + } + } + }, + "rancherTurtles": { + "type": "object", + "description": "Sets up the cluster management controller.", + "properties": { + "image": { + "type": "string", + "default": "controller", + "description": "Controller container image." + }, + "imageVersion": { + "type": "string", + "default": "v0.0.0", + "description": "Image tag." + }, + "imagePullPolicy": { + "type": "string", + "default": "IfNotPresent", + "description": "Specify image pull policy." + }, + "namespace": { + "type": "string", + "default": "rancher-turtles-system", + "description": "Namespace for Turtles to run." + }, + "managerArguments": { + "type": "array", + "default": [], + "description": "Extra args for the controller.", + "items": { "type": "string" } + }, + "imagePullSecrets": { + "type": "array", + "default": [], + "description": "Secrets for private registries.", + "items": { "type": "string" } + }, + "rancherInstalled": { + "type": "boolean", + "default": true, + "description": "True if Rancher is already installed in the cluster." + }, + "kubectlImage": { + "type": "string", + "default": "registry.k8s.io/kubernetes/kubectl:v1.30.0", + "description": "Image for kubectl tasks." + }, + "features": { + "type": "object", + "description": "Optional and experimental features.", + "properties": { + "day2operations": { + "type": "object", + "description": "Alpha feature.", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "description": "Turn on or off." + }, + "image": { + "type": "string", + "default": "controller", + "description": "Image for day-2 ops." + }, + "imageVersion": { + "type": "string", + "default": "v0.0.0", + "description": "Image tag." + }, + "imagePullPolicy": { + "type": "string", + "default": "IfNotPresent", + "description": "Specify image pull policy." + }, + "etcdBackupRestore": { + "type": "object", + "description": "Manages etcd backup/restore.", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "description": "Turn on (true) or off (false)." + } + } + } + } + }, + "addon-provider-fleet": { + "type": "object", + "description": "Beta feature for fleet addons.", + "properties": { + "enabled": { + "type": "boolean", + "default": true, + "description": "Turn on or off." + } + } + }, + "agent-tls-mode": { + "type": "object", + "description": "Alpha feature for agent TLS.", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "description": "Turn on or off." + } + } + }, + "clusterclass-operations": { + "type": "object", + "description": "Alpha feature. Not ready for testing yet.", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "description": "Turn on or off." + }, + "image": { + "type": "string", + "default": "controller", + "description": "Image for cluster class ops." + }, + "imageVersion": { + "type": "string", + "default": "v0.0.0", + "description": "Image tag." + }, + "imagePullPolicy": { + "type": "string", + "default": "IfNotPresent", + "description": "Pull policy." + } + } + } + } + }, + "volumes": { + "type": "array", + "description": "Volumes for controller pods.", + "items": { + "type": "object", + "required": [ + "name", + "configMap" + ], + "properties": { + "name": { + "type": "string" + }, + "configMap": { + "type": "object", + "properties": { + "name": { + "type": "string", + "default": "clusterctl-config", + "description": "ConfigMap for clusterctl." + } + } + } + } + } + }, + "volumeMounts": { + "type": "object", + "properties": { + "manager": { + "type": "array", + "description": "Mount volumes to pods.", + "items": { + "type": "object", + "properties": { + "mountPath": { "type": "string" }, + "name": { "type": "string" }, + "readOnly": { + "type": "boolean", + "default": true, + "description": "Mount as read-only." + } + } + } + } + } + } + } + }, + "cluster-api-operator": { + "type": "object", + "description": "Manages Cluster API components.", + "properties": { + "cleanup": { + "type": "boolean", + "default": true, + "description": "Enable cleanup tasks." + }, + "cluster-api": { + "type": "object", + "description": "Cluster API component settings.", + "properties": { + "enabled": { + "type": "boolean", + "default": true, + "description": "Turn on or off." + }, + "configSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "default": "", + "description": "Custom secret name (if overriding)." + }, + "defaultName": { + "type": "string", + "default": "capi-env-variables", + "description": "Default secret name." + } + } + }, + "core": { + "type": "object", + "properties": { + "namespace": { + "type": "string", + "default": "capi-system", + "description": "Core component namespace." + }, + "imageUrl": { + "type": "string", + "default": "", + "description": "Custom image URL." + }, + "fetchConfig": { + "type": "object", + "properties": { + "url": { "type": "string", "default": "" }, + "selector": { "type": "string", "default": "" } + } + }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, + "version": { + "type": "string", + "default": "", + "description": "CAPI core provider version." + } + } + }, + "rke2": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true, + "description": "Turn on or off." + }, + "version": { + "type": "string", + "default": "", + "description": "RKE2 version." + }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, + "bootstrap": { + "type": "object", + "properties": { + "namespace": { + "type": "string", + "default": "rke2-bootstrap-system" + }, + "imageUrl": { "type": "string", "default": "" }, + "fetchConfig": { + "type": "object", + "properties": { + "url": { "type": "string", "default": "" }, + "selector": { "type": "string", "default": "" } + } + } + } + }, + "controlPlane": { + "type": "object", + "properties": { + "namespace": { + "type": "string", + "default": "rke2-control-plane-system" + }, + "imageUrl": { "type": "string", "default": "" }, + "fetchConfig": { + "type": "object", + "properties": { + "url": { "type": "string", "default": "" }, + "selector": { "type": "string", "default": "" } + } + } + } + } + } + } + } + } + } + } + } +} diff --git a/packages/rancher-turtles/charts/values.yaml b/packages/rancher-turtles/charts/values.yaml new file mode 100755 index 00000000000..ab8991a0b1b --- /dev/null +++ b/packages/rancher-turtles/charts/values.yaml @@ -0,0 +1,130 @@ +# turtlesUI: Manages the UI component. +turtlesUI: + # enabled: Turn UI on or off. + enabled: false + # version: UI version to use. + version: 0.8.2 + +# rancherTurtles: Sets up the cluster management controller. +rancherTurtles: + # image: Controller container image. + image: controller + # imageVersion: Image tag. + imageVersion: v0.0.0 + # imagePullPolicy: Specify image pull policy. + imagePullPolicy: IfNotPresent + # namespace: Select namespace for Turtles to run. + namespace: rancher-turtles-system + # managerArguments: Extra args for the controller. + managerArguments: [] + # imagePullSecrets: Secrets for private registries. + imagePullSecrets: [] + # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way. + rancherInstalled: true + # kubectlImage: Image for kubectl tasks. + kubectlImage: registry.k8s.io/kubernetes/kubectl:v1.30.0 + # shellImage: Image for shell tasks. + shellImage: rancher/kuberlr-kubectl:v5.0.0 + # features: Optional and experimental features. + features: + # day2operations: Alpha feature. + day2operations: + # enabled: Turn on or off. + enabled: false + # image: Image for day-2 ops. + image: controller + # imageVersion: Image tag. + imageVersion: v0.0.0 + # imagePullPolicy: Specify image pull policy. + imagePullPolicy: IfNotPresent + # etcdBackupRestore: Alpha feature. Manages etcd backup/restore. + etcdBackupRestore: + # enabled: Turn on (true) or off (false). + enabled: false + # agent-tls-mode: Beta feature for agent TLS. + agent-tls-mode: + # enabled: Turn on or off. + enabled: true + # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet. + clusterclass-operations: + # enabled: Turn on or off. + enabled: false + # image: Image for cluster class ops. + image: controller + # imageVersion: Image tag. + imageVersion: v0.0.0 + # imagePullPolicy: Pull policy. + imagePullPolicy: IfNotPresent + # volumes: Volumes for controller pods. + volumes: + - name: clusterctl-config + configMap: + name: clusterctl-config + # volumeMounts: Volume mounts for controller pods. + volumeMounts: + manager: + - mountPath: /config + name: clusterctl-config + +# cluster-api-operator: Manages Cluster API components. +cluster-api-operator: + # cleanup: Enable cleanup tasks. + cleanup: true + # cluster-api: Cluster API component settings. + cluster-api: + # enabled: Turn on or off. + enabled: true + # configSecret: Secret for Cluster API config. + configSecret: + # name: Custom secret name (if overriding). + name: "" + # defaultName: Default secret name. + defaultName: capi-env-variables + # core: Core Cluster API settings. + core: + # namespace: Core component namespace. + namespace: capi-system + # version: Core ClusterAPI version. + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true + # imageUrl: Custom image URL. + imageUrl: "" + # fetchConfig: Config fetching settings. + fetchConfig: + # url: Config fetch URL. + url: "" + # selector: Config selector. + selector: "" + # rke2: RKE2 provider settings. + rke2: + # enabled: Turn on or off. + enabled: true + # version: RKE2 version. + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true + # bootstrap: RKE2 bootstrap provider. + bootstrap: + # namespace: Bootstrap namespace. + namespace: rke2-bootstrap-system + # imageUrl: Custom image URL. + imageUrl: "" + # fetchConfig: Config fetching settings. + fetchConfig: + # url: Config fetch URL. + url: "" + # selector: Config selector. + selector: "" + # controlPlane: RKE2 control plane provider. + controlPlane: + # namespace: Control plane namespace. + namespace: rke2-control-plane-system + # imageUrl: Custom image URL. + imageUrl: "" + # fetchConfig: Config fetching settings. + fetchConfig: + # url: Config fetch URL. + url: "" + # selector: Config selector. + selector: "" From cc84b774a6f3ae5be7a7763f6a96609682e6fe4c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:32 +0000 Subject: [PATCH 2/6] make icon --- assets/logos/rancher-turtles.svg | 1 + packages/rancher-turtles/charts/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 assets/logos/rancher-turtles.svg diff --git a/assets/logos/rancher-turtles.svg b/assets/logos/rancher-turtles.svg new file mode 100644 index 00000000000..2133449fe18 --- /dev/null +++ b/assets/logos/rancher-turtles.svg @@ -0,0 +1 @@ +kubernetes-cluster-logos_final \ No newline at end of file diff --git a/packages/rancher-turtles/charts/Chart.yaml b/packages/rancher-turtles/charts/Chart.yaml index 689ce94532b..99acf7ee737 100755 --- a/packages/rancher-turtles/charts/Chart.yaml +++ b/packages/rancher-turtles/charts/Chart.yaml @@ -14,7 +14,7 @@ appVersion: 0.0.0 description: Rancher Turtles is an extension to Rancher that brings full Cluster API integration to Rancher. home: https://github.com/rancher/turtles/ -icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg +icon: file://assets/logos/rancher-turtles.svg keywords: - rancher - cluster-api From f3099566e1816916fc83c843a71841e7790f9721 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:34 +0000 Subject: [PATCH 3/6] make patch --- .../generated-changes/patch/Chart.yaml.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch diff --git a/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch b/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 00000000000..db7f7e965d0 --- /dev/null +++ b/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,11 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -14,7 +14,7 @@ + description: Rancher Turtles is an extension to Rancher that brings full Cluster API + integration to Rancher. + home: https://github.com/rancher/turtles/ +-icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg ++icon: file://assets/logos/rancher-turtles.svg + keywords: + - rancher + - cluster-api From fca2b8e07526eba14486eaa42aa1c9c7be264e39 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:38 +0000 Subject: [PATCH 4/6] make chart --- .../rancher-turtles-106.0.0+up0.0.0.tgz | Bin 0 -> 36675 bytes .../106.0.0+up0.0.0}/.helmignore | 0 .../106.0.0+up0.0.0}/Chart.yaml | 2 +- .../106.0.0+up0.0.0}/README.md | 0 .../106.0.0+up0.0.0}/app-readme.md | 0 .../106.0.0+up0.0.0}/questions.yml | 0 .../templates/addon-provider-fleet.yaml | 0 .../templates/azure-rbac.yaml | 0 .../templates/clusterctl-cm-cleanup-job.yaml | 0 .../templates/clusterctl-config.yaml | 0 .../templates/core-provider.yaml | 0 .../templates/deployment.yaml | 0 .../templates/operator-crds.yaml | 0 .../templates/post-delete-job.yaml | 0 .../templates/post-upgrade-job.yaml | 0 .../templates/pre-delete-job.yaml | 0 .../templates/pre-install-job.yaml | 0 .../templates/rancher-turtles-components.yaml | 0 ...r-turtles-exp-clusterclass-components.yaml | 0 .../rancher-turtles-exp-day2-components.yaml | 0 .../rancher-turtles-exp-day2-deployment.yaml | 0 .../templates/rke2-bootstrap.yaml | 0 .../templates/rke2-controlplane.yaml | 0 .../106.0.0+up0.0.0}/templates/ui-plugin.yaml | 0 .../106.0.0+up0.0.0}/values.schema.json | 0 .../106.0.0+up0.0.0}/values.yaml | 0 index.yaml | 30 ++++++++++++++++++ packages/rancher-turtles/charts/.gitignore | 2 -- 28 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/.helmignore (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/Chart.yaml (96%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/README.md (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/app-readme.md (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/questions.yml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/addon-provider-fleet.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/azure-rbac.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/clusterctl-cm-cleanup-job.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/clusterctl-config.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/core-provider.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/deployment.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/operator-crds.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/post-delete-job.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/post-upgrade-job.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/pre-delete-job.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/pre-install-job.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rancher-turtles-components.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rancher-turtles-exp-clusterclass-components.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rancher-turtles-exp-day2-components.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rancher-turtles-exp-day2-deployment.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rke2-bootstrap.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/rke2-controlplane.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/templates/ui-plugin.yaml (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/values.schema.json (100%) mode change 100755 => 100644 rename {packages/rancher-turtles/charts => charts/rancher-turtles/106.0.0+up0.0.0}/values.yaml (100%) mode change 100755 => 100644 delete mode 100755 packages/rancher-turtles/charts/.gitignore diff --git a/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz b/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..165d20cca0d14f0dd85542040e8a5248011f7aad GIT binary patch literal 36675 zcmYg%b8u$O6K;%6vaxM$Y&&^lZES69dt=+SZF6JWwr#vO-|yC~y7R}G={{9``b^I= zGu6)wVFU~s$bSV$4MJ-msl;d`Da$V7&c$ZPqRMEj%x12s%*8IRs>&{_W@TYuW9+V? zXv-&QVr30-@%iqs!QM>u^Sb8~jZ^BZp;2NpK64%KGHq4DhzHv{3_t18*dj+}3X5cR z6Dtk^+%KLdtYXSCb9r6)Xa@@ zFX}R4**lMP1Jqn%H4h0VQN=W@A`W6R^My$9c1|w#(b+u-WT=TIQ8U%y(##zc+I)85 z1i-`T6XUOggxA}P7yJGDa<#bq&{iQ$|Lm})STbv`h%n{EnM$|i7fU%esiIV80h5jj z_@~j217jav9&-XZO4vSsES1Hf^_SpKbvZf3aF$Lo>QUo;Wrr$)aMt)g@pT8tQ>V`^ z`pfbJyS%Q1F~`IA`w~pZ$R%xoHD?v#kp0*sE=94%SIBMsC^`=5zaTZy0DCo;q=9A> zqw(Mx?zWSJRjKKBQe)bg1o*$ow9!-ULyIt?B$5&M^5bx3{V5I}PGI1K3OS`#;=>AX z`j7TJUQfa+ZLwkoPYcot=F&tUr^?<6f#X~q#TMMGTKpEeU{R8p$FNcQKVvq|vhjSY zZ=OO(mR~xqFFTwo?tzw>XrdQSASXva%HbS*+Z*6Cf7S~yt1%{4xa+++%mcH+y2LBfdt{|FLTaWY7f~$L9w5tEbD7VAykHG2Xp|mn6j=PoAYQ4qtqT} z1OXh3lQ7FYWs0dGQtF2l(U#d2@{)T+o_Pl~>7=c$^xz47clF8e-khIv%#-W&L{@4ygKE{kA(=YW3W@sg6 z>PJ`x)hpclIGY4EiUYI)AL?26mMHcl29rC8Ac>A1QRG6IbY-!bD2i!qp2Hw4M*P!( z|H3F(b&*6duR!`?DLHjXEeI7$&?mjXxI`VqcF~mejxyW4iGtMG4uXn(w)vGN``wkoF{nPvfe7W8l3Dp z>%#5S!*7k|v#cd5c&XuRr@2!Tl^g=#heYp}Q_hm}di;BA_^E~~IDr`Dwx#CesXr6- z1lj}b_$&^-Cm`$wVCG5)OD&?KC^@MSZ71$$?gc-Yfi%BmsV%8Iv;kF1##}%5FjY5%USp21j3= zCYNwUY~3FMcUjvYMG>XJ;Q$#MCWJ(C+NTJ7J!e@VSoeFgcs?U;DEYv|16XwO{|Ypw zM!^Yx`*}GJX}BEdh%;|>+8XEMV>=BRItqpv<^{VgFi+?u_%t}?c&5ogy83v5<5+$~ zu~Eqx>eX59b`ux!Ad-ZQRR+67t9a#e3vEjfgv?ncCE|cmwcT^J^`YO_dd$muLe5P~ zCS6xJ>*^j!o{0zB!ITf*QC!y^#G=w$1G8RYA742;8Ey9{s>6F?{w#*ceO^HhkDEhED!OL6Q6=agptOeiQ#(Q1_vITcIDechXMtg6VoJQg z6#dmFZ>Mu$wwKG@=rP;p_VKWMH09^EPNN$4 zksI-!VLiOlYyLGJm1_VEYW~(6E>A5#QOcRD^G%)A$R)`(WmwsoPP#$S~Ik?U2p)K+tPb@Yrt6*=TaWk$GU`FWY$y zPsmHXG|v|ASi5eAb#1C+rw#5oqJT?OxmJsA5P%$D0FP_t;Mo)e6G`)lF|=JUz3l+z zjPN1pQh7z4wb5!Sk()o7s8C1Rs1R9mMJT=2$LG@ro@&q%4V zZEJ9b<1!dnd+Yf;k}j_H8{d|HiwSFi9?>eYI1C9F!(D{m4A(_As|K^Bs$_3S z61TM0AlJIYc-<|dk`)|k)5|Iv-*bRzjqmErevM~sY2W$6Pb+4<*&qb3LuY=4k@Qiv z(4>Ves%kuZ5kB`1V*ZzRsPHq%kBt~v)br+YYZ3zYdZ%aCN89ooOSsmM{Ztc{irKVZ zD8dInIS+&L5J5;!WH)$@D+v#+8&3XY4%q3`*<8Kxmai&b;|}xiWIj)BR+a(?Iv1Xxf~ZOh%Lpi^=8Qk1=tv4G#yqK^cZnw?PwO&`^1%d*UEz1V8qc_ zHs3`^V}k?i2F? ztn%m@wKjtrmxypx>M`AXA=-@ZubRCt(_lFyHikP?iJ4Y;DYn6U_JC~&A%h0E;pR6S zd$Eb@UL`p2$c5!G%fxP=>@Z?bgt*%nbf9=~c#Zp;E*!KsKL(X)7&Rm;+SE^31=T~L z%HmdQeqKP0Y;E5j5WqA)n84zeALrLco&6GZR5c5BV@H^Z-bD3cr}kauI)C=H9bf34Pv&1hk#XPJiNyEn z%l~7Y!-HaW?PHkYSug2GLBLJtjQigw{#=eRRHBe~7Dm)!sz1TWP2BdOb zt5XlExBW81GCu4XzwaM81GPK>xXtIE0)h+ciX}h8PL{Dd59C)lv(p82kIvx*ezBCJx&SDn-i8q0q+#zH3l|Om#`AEyA7~4BPbhjM0AbbD9 z4!Ln*;II8!*_Mp=$%q(ZF%8S1P>+{c2VlgB`;pV# z)Va4YNyx%CrS0*`FEJ+9aNg(FwGf~S(^4Erlh|VQthp`zi*YxT{;jsXBOM<~!{k;R z7kprJHpE+CKGn)A=2@Q7#XWO;?I0I;qfB_hE}~}ay*4K#6J(eKWvR=-rb%OTn8QS( z%l!I*kA5f;y`T%^KdMycDz{ej2`k{DKM1#fW2s$j+qWUmV_B+Dqa*e$(vWGOpTgMX z)tivA4cDM&ptN zl!&e%<-mB5VDsk^Gk{)kn#Wq@J^<#x$(af=YMBO{#{pvmc-)mDfFFCKm^m_cK%GW? zjHXd+_M%ys<6Q8$!hjTMxn%Wtw;?u4055$H@j=`0pZGG`k?CYg&Zj9j$rEvhfqPC8~Egu9b3xBkZUEhIWTpL2pXhxi?Ar z8Tcm!!Sb*XVbk)V*X0dRhMCChE=!U;xMxKS3ye2asg(2z=jY;A704*KbrSI=qcOgz zPXbd&Q|s-Bn+o2YW=~MNNzwC2b0t@5E1&A~(rCl=M3H|@lIJ^YX-Ly55P;U5qY>1q zht}M2N@J2U#ZG8|q^*CM&b|vobvBdESh^u^qxgs`scyd(c?7pGxXYRP=bL zBTAV;6`tDb52vi5KE@eB$^19O34M@MtcekVu_WHLD*dn3%RccDU0|kP`3cMptPY$v zeXgzKdaJ<;{Wqh<*Z(eeQoHaWhH$P6rDeOMu&kXFi|hSXTF=)yhN$ET2V~beOED+d z`Y6X3Hc|Z+sn5}K4#9PiCDJd2>l6!?nz#c)Qd~Azq7xB z2TWEKuAiv4aQK&(Nrp-op$BpGkQ8}At~r)uGjlsV3~cpy3YbB*KOfrQi3RIZ4bFy} zKKoIx-(z59uzGdaUOofk54Y-p!++%2?|gl4PbrnZu6fMSpVxUYi{g&cw18uvs<*p0 zM&2JN64^XzMq!ht(=|-V#Gb?Z5arI{%7v-Mi!Jqi1B}K8zdhx%dTj8Dd()eWOmrz6 zAY+7oB}`||D5WT|r`qv=Va*_i7!I7)kD?X8YPn3~F8-HO5%%$gr%&ZrX3tR%lDt;^e2oalJ)U3) zXn;yJ`RNHv3YT}L)IE1Et#GR{Y(y^k5oR9Vurj==s6#`s`dAElx3~TW=;i*j_j(@D zP%_Quh_?{<65r5xCf1Ql7N%$2UN!LC{*b)MdRT0I>Gb@`=JL4t+OYYgGSga*=k)gp z0UNH7QuSr@PfpI2vkmEhAL2(6+tTJw{?dE-PG4Y;2LaPe6#ixbt~@wXhwatHtynn3CMAV@XWmglf2j^`uHF)rZU zzg3B0mM8V3$0<95_ZiMSILs0zm(6;={8K)r-AY-<4&Wxmf`rz+$4P?u>jg2R$dy3F zg1LF>I7Sw_79U6Y?2z$KC>;h_e8~y9Cw`TrHW@i#P;OY{AcP7!8!_eJS$8X2YWN9@ z&b>`n(>Acu#T?_-t;7Gu`-?Eg%cb4`=*_(9dtG=rGO*aww*V-Ya9r>ba#{%4Pc*Hn z2F3tCZ;R*4zvk{$f9q{<I=ekts^vYD*DtcBmu~R-vkUrOgenqh=C#3pf)BcCu3aUSR|{l9d&z z7HrWO`PvqA&Y6GKrfk9;pCJA-zr7r^K*13zHt`u5k!+hU$?SS*uxAmUsHZJ3vD9Wp zrH}YJD4hJ;HgcyU3BlE-XMG78@Dk+teNth?-oWN>-x zj9d+_`m8Sr6b*Nd=<}ksxAqNGIM#?bn||?sZ2o%dUbfbia_m|D+zj1muCnFmj@nRZ zwUUjlPq5x<8$G93UW2NEId{ClIl;Y!pR6y(cMS2dHbC1B+?Qp)-8Jx@!LvA@0n1G$ zu*98E#a;=C*xYeHGx>IQt~q;n^ccka!Gf`DsM$)zMUX z&_&RVmmqzTTqOa#HetlF1v&X%r7s!~K7l1UUfid^>wN3H{+n zrABxF%uS46HQCwQM`|7R=8I>5;ITqW1a`=?od{KM35cYOixegezm|pIUE!z$)k%b; zNb$)=)|D?LN#y|qB-fN7vlkm&gE*}C1H+{*b{3uaBLhYO9#EF%HubE0z1^aiuVF>v zms#@3Xi1kS`Z{&Kxo`xM*+?|_Lsm*S8PrcUO6m>@p!N(r<-?!;K>>RVpfbbI*WU`C zxLO!Wn~+cCYR9|dt{8bM4BhtHts4u0ywKs3{jq@)h7&4^WeJTqvXfE0FJDUF--GbP z_#&Xo<>V?nB_Pd5GIy2Er~$n-C<00Y`7``x65ZoNddi$)c9_x(@iH$ar_(pmN9;PW zGtv}qvYyfpk2PY(Xr1Q<_rdLYUynw_t>+o5Y&2gZ_=%r?OQZoil8)R9FheKd+4EsE zJ+~`0yG+$O`BE(Gd^?IrXqu$ zqK)v-91x?Zu}+&eI~5wG*yVXMZfn)w_=O5wXM{YJOH6b=+SMyOvm@sErQpPrkFioD0e0q(LMC zhM7`Y`5s*{K4#F0dWTy<$9VZ6U~Tx#E7=)r0QA^V7a#ox576*^ZwE2?l9S%MPuW_c z-vuZ;?1AT#Ku?FxG~nrc!s(YU=H=HNa4QTt_q-$lxUJc~E$d6;oOa95+mR`p(Vfdh ztTOP}%HHfb_Iyq}NjRH}YtK0cRr1)y64J@|*7j)CJt=KBjr+vj@buGR@lOxpoRy|Ql5;#m%5c&7SK-!{Gg%%DF6m~B93l$&m39&1u9buE*?uv>*md{kvx{D5ARxUVtG$9Pk!r>*nA{q3 zjZV=|^#Bi?4=n=?^JTjQv%ca+;Qxq*>EYaFCGaB zy32H9O?9dL7%%Aldh6I|n_dJcx)?*`aN%0eq7wCL|2L_;tHt|e+sq}Qnnc~iyIF+J zl}E*u!c~8}&n^E3H2rwGDeOryuTT^z<}gwFG$m?n6n-)d{0rrs)sy(t_F?;Vhm!lrZX;&&k#0`F2av@k%754&o5`W{4tk^uv~3xm@sn1j4|K# zaMHVnBxeF`@S5_ds{iCS14>Gf0;k6~EU(Q?Lu^GaJ^6s;Mp~C~ zcX&R`Kw}^6*QPYjGSzH(lj@V;)t6y)+){)G+Y7qQsr2?rI$17lGBx#lm_Omovh=$D zn7jBg)#p~CCP~5?Rw9xeCiq?d^yNQkoTx3bGnDASwpyIj;16IhE$(6RmC`b?fH3{? zixX1^$LNIRhHwMyYY{!ks^f|IiCT{x!>vp?2?4xH|BUYqgZ->*mF#UxGC6aQ zVbRzo6p<*=95QskU>u8z;}1Yg+4+l$%AxFAm^*OwH%v;?7#H62qVS=?ScsGIwn3O_ zdD%w&IQJ)`o`A1JzOYRwJ?Opd>hj~0sTiFUj06WOU}7Zk!oXL-5!ygBZ%(19H$Hrj zyA+kkumj{Ei`!M`joutqr+SiD8h}EWKQ2r{vkMWe8X3k-Xlji9SXQ|F)Io{ALq6AIcapom2eZ<6UQnG-V$`^6XlUdSbcm3SDBUC+ zAhB1q(4ws@Fte4Y#9oz-ZAsFQLjTZ$2!@jo4YyK~_|kgXjIRo$s-0B=W(Va5I+hDQ z(^S|9wz~HN!}K_paHXh1&X1dJPAXV^u@u^luT<2RYAFt4V?lBN_zEme8xWa$90}mq z_B66eN&|2^n}KvHsZ#PtXPrdFQ8W+5#fN@st9b&+zpL}(<1u>e!^_qPuz)xI4ME z;ebEtCux38a1!xJ-2Y7^BC=&nXm6bD7=YNxJ@l1@o`+Y0nl*ss)kKlfZ&pjzbS^K@ zz}-SQQKpdnbuS%_@+%$04DtQu7ek+LpWlfTCZA7hO;emLJ0pn{7InFz!irmlh3CWf zKxoq|1~5b_Nwp%$ur|AgVWT#!An~$~SBX7F3*W9^d1w;x9wU)&;{h+65_$mHuWfjJ zACq+pod@k}%imMXfn39uLC$)Z6h~*xP=;lFh2K+E8cHx5g@i2>!nRWe23Vpd_P8mL zBiQ?d(YwI%#yc1}ycpp1dy_IGC}t5b|%CKz|YAVg@_XLu6ao3lxOfYwYn+Vx$wu!wWhM} znO749rtz-9LwDK7Z;~BL(m$P`i_DY$mzeFR>1~t^3H$puIz9TlgLf+S#q!zk+5!WU z{*x-Z>*hzN=iquXw7918c;emzPh-hEg_Gf~EyX5|;oRc}gZ!(8uaJtrj8KY1^99Y< zIZ$U4Ia?sS194JlEytpf$0HRLE|VE?2-y-s^@S28Jpl_={qQR&u*v1K^D=898nQtv zgTn8|-I)cgATyjS-Nw)!OHDG%I=_B{5rzQK!pZb#{SMNN>w5w9;s@#CbGs;++ofoI z>bM@?v~#uoYMyX<4gBHs`U2SQ1|Ukv6S_A?Fm1d02g_RiF4&A4U~5Gdo5N*87S$-= zP-VJOc*Kh7;$~L$vLR)<-`+oRcoa9eA@JAom;X7M2kT@NG>CY9D{G68STKVn8Z$N* zCFyZtLAsNQNrsb3mi3%sP%}V+?X#SH1TD$&rZ3qMb9b+1uCVrMvd%yOynuMqg8v@1D z)A3+`6gK0N{#CZ7a3D5CXxNV@N zW0kdJs^-gFGO`Jm@U5L~3?D%N6}HHU_j}k7A?0X#Mhs&pcVnW#O2vvcLMh0+N$VFn zF`u0AH?;>>rK1P{iGm5Mk~1#sTIX0-lVgF2#V2xI+$_JM6~uU;R^?t5zUFvo_B2)D z5-67UtYTo(@?WJ5JD}L&#@Boi)SsTwUhBc-6 zh#^Z)MQ`T?naB~y7XnyRt|0q@J6F~Pdnu#FE+rG5L#DM^iksnGld=vSYvvz|R09~L zR7uyCRYSCivp?0wO4X^&eqAdKMiK<4w>e^&!t}kZ%#yAs#Y8mEALi@C-ZyjWG+K7i zuL-wAh@ZL6vUBS;MrC7Kw}J48@r`6``{^CqO@tKxy|C0$e0aK89Qcdzsgy~(^cE3+ znL4wVuiCBf z_o;fsqTV>_X{V(NO5pkzJ+zjlqIhR3oHA6o!u+yv zR}|%xzNU}j>FSoDpOXVdN;YOL(Gqi`Vud*Zu59qwaS8;$ORP6^jEImjDvVkU^Z=xb znwbhB?03t5i9?&wQ3`H?m0y!2$!mV-mxTNgoTax;}ZAyc~(>>lYY=s}}efsh_> zEs5}#0};@+Avhm+%uUQ`=)HWoXg%14rTcAgj^G_F8Y13>yh|=g-kAW89Vcx^2q)0x z(o~a}B7%ZLJ&az35|S3EqBtE~aaP#W{51;eWDdexU65XJP3)`=6`Z`wV+dQvo3aWTt0IqI)O zs@Y6j_V?TH9NR1K9fl{kew5h+GyK}wS7V!eNS0|!#+GWHJgkZ|ZN!-_ovsZClu-5H zRCP^tm}zCW;HppcmXptC^aSAVO_<`z$e^lJdmo;i)gX5>)IvA*W$)8_9-I!agcEwy zeQAQ8OOq#cR5>fS6D(F&7R$gdhHFHc*Yfcz%JqF?&kM7J%en^H=HYMN_dgllGU3v` zo=?iqEY1M$C-#@m-VA41YefLGzI`RE@pvu z#j$|GzgQ-XPo@MXRsLNPq+T*6k^x%gJ8Ri(>%BYe3pGGgI1p7Ao2luy7IA$#rbh9B zZgQG_&EJCA;Rtq?RQ$>&3P!co_>}RZK}dr#TEmQsKsuHooX4nO7CRyvM{t|6jMW+M zPrRoF0W%tX9sBs&jJ)H8(oJ^lsjOGZ#Hm z{_O3F^EzH zqm^2EL*uGU+CNKE+Of72!cSZf?nkO5ArrtP^M|<^hZ)~rj!+VR?N4!F`?V73OgD;6 ze3LzY86Grx8C5N6RZlm?6McQ*G8rvoskgnIevP0r6Ju?Nb>QF(i&bf?8tOWjr#aHq z*TE>h?G+AE#x<6V$D!Fa+Xdy0t zMw)-H6IQ-viaq5INVO60JIxkWyk>-d+zp~dNXC`O8ZZ(~$qN0Y6_{bu7jex!@xaj^ zEfJC;hxZC=s?cza#(c3=}sUL241NrzvV~2GDd9LUe>~H9Ca3{ zXP(%9LuZu-$Sn$$oaHJ9Z~3vCoMbUSJT+2_*eYZ&KgeNw3`ZJ{&G7tBt-79==lcHy zo5wvB{0CPZC7W`}=ZrE+j&Dmeqq2)azCD#*61|&;L@_K z;yfeOc^slg;`HKF%$?UP>nvQtou`~NQzmy}nsF8=*B0-&o=EFHmee_0tUZeGDc=@f zVLg__dniQ!s{g{?r>zGpd00Q z#RbrI0$a8F%$lg7AUlrNz>?h9Nf2SDaR6&tnJ0glD{Mk{u{~eOI_QS27`9u6NH;_W zb;?{uJ8d|dU?X!;v<}Qu)~H|c;wVBikG)Xvm|7QwvwG@9X(eF=^yM1(4ty(=j|X%I zQ#D^%qg5vicwyT$Ms*Rxuk{bapa~X~f)H17Z3w5>eL&ol?i9V zdH-M@6Z4+EcJSsQFIs3$#Ru9Y?!hy_KAVpdAev%!b}GobFtJ$N$0oG~UHz%%F@yHu-^(iBE|v&h{B7d*;8wXnZZ)*fEblSMm& ztY2K%S)OKAQMxa$O?$DC>R1Ogdd*dcKT6(yd25Hq<8vkQVG!WL2*TkBexkx*I6z;X z-mt_PFM~6g$m7TBC{Ho#H!Y_s4~|C7OTqX|OgX)55|`5qcxUVQ##FpLRN7w%)rW%S zBW9KC8WGymD1zCYbmcPdrdTkn%}pWP!>2&#VaYOx%LCoNE?&nuj`gwye9_;&^tn(9 zZxodY?2zBK^g)G~bOwhZ-`s%j4Ql_FT>@nkxT7D|z|#i7$`f9xJ=1g(hF@KZ4SAOYz z@pq-6Xgdw3zB}{&zJO+zom?t%cmtwsf&+`Ebgv-t1k8s zvxNMn+$_mb{zDx2t8-}11{SLKzj{cW?%vmBQiD6dWa&S#*sQK47<*i{18u}QjLtCjXGaiB4dheIX4yfub0HYRHfI# zA`7p%TF*mojhBv;J2?LhdG`!NZs{brVYh7v$)k^mc-%iLKPj<|laHH*P0DdB+7KhG zAk+kTw1`s)Gs05JCfWw8Cx6wUn1XE{6W1O>bGjgAr>7&|HQ5qG`^U>}vrzI0u?)5}$i> zK_fCn?;{5f$Ri>7apK_pyCp5HytRn)J7iAHSZ+yEXjKt~N zG!d5it(APU;e~E0&ASYX7JB+^O2=aeB}&5TL8HG1F$TQj4fR;N__4M1Oj&cZSIVq{ zG<$>kDz<*e^x__I#JNc$=Z8F4Zzmxh#}L9Q_%_jBg`C~axmjur01CP5Ruep z)m_y@uh^G#lU{lGmvI8yly2N9)Qd~%>Urs@ZXWuKCvY7vfTOv6PPd^@GK|ydE^W!n zc=^nMmS7uwIpUNJec&_CzWK{#hF)lmm6x;R>}b6}n;kb$!-6ikGWL79j9=N!uT=ck zJ)Q<~86yq;2eH17XtB?g`5`;ah#GcUZWg!-947S1!v8q_`a&FT0KV=MJ^`6R1in6Z z1Q30i2*2#?YI}eK%M9Hfj<+8Y9yjNR8gaU(@;z5T!E7KF%)!o%fB*sK%#VTMv`i-c zd1;SuGKSzVB8<)T%X77-SlYH)arS+ zdAD7g{6u0I<1?_zgtFU6O#IK*63a*i`MW=%Jj9?eVev#-G2vuy}AJ~Fn_??^K@7rgH3Qt1I zTG)&bD<58C^XCp*JJ0Mv^uFD;8E&f2>m1dc@<(*BSh(F-_ymO9BIL^7SqE@ukhQj&nKFnN zrQ9ldwrw%nM&9B6>tWpJ`5=s&Qo(-^0p#a%up|#thh%UGT>iyvQ~016j;0JQL%&v{mfhwOT#s%@CuNmEg)U0PsL=`Sh*}dmo%#EDp43V zVc1i|!%gO|;qA#UWc6CaaIfp9Md@tPgp|e^#*CcFeZ`1TUxwfqU$AuG0S*81P zEAzPEED5cMM=7<^w_CD0PSQoDefgdWGczVq2Vf{-`^SvB_2)9ix&FaF9KD_FE;x1~ zO!wqZf7%q}KVx^PDIFLMj$h19b4?K9Z@gl|T`T7u{8rqy(4==>yJ0EW86gOL|8PvN zkvyL=jl)Kn3A=}^Meg;TcU_N}M{qli(W1KS13(-SP%8LfU^yQc&ib>e;UoX)El* zQEOKY0;KM36ar`6Ti_*R;>QMrTF^?ZFOd_`skP;J{B@a?BeL-F;gEvHZ2b^BjoWEF z1tG5dXuV=H=I!u&bxfI-M*LGnQoyUp^chgKDeG%SxMAigEGtIytyK1-WiH*zP}{yj znxKnQSmy_3v(_I&zAkZ2$uRzcW7mT1mc@lI477mH5p>{15S!UZ*O>igQ z(C|gC=VMEaqD$mp4I`as;umqGAWN;g1#^t_?^L3Tp$n5XyZ(pg2q+-w!=vu5HRkP= zu;~>}Q30ll(nW-{Lqb%&WOz`1%?)rtX_)UU2`ejYN57-DG3N?2*UHS_mWb#&c(;zhK0r&r>DT$)LIqw01)X5KIjs5C( z>iiof7>v64%%0dI+S>iLR62h63Mcixn(p^rd+=L#No@Qa|MF8BnMpj8&OrX0uYCZ& zi)B)ifhZxg!upg3&QwXXi9BS!2+Ix%YyQwdb9ib@o2DsJ{|QHZD?WpHuxXcD6o!sC z=dsYq6N%%oVa$%UErSowd|IIaCfWBuJ(NIACY}09X_Wcs?oy*u00RMTQS8!S6?JiO zuV|4MN-xKw_OTHRUGcg;h*J>`6=10q_)Q3uxeERS8J#FCe=~$7Lpz*nd0-~5V@Of4 zTyuKY>@tqeJVO&CXQc5O?bZgbH76ooWCr37!3U>K{mlQqwsn&hs(vNLmgmi^=g)qk zU(K@CcGWdQ*`87{J$)`8V zrO(McQ}hC&A2{vddTbNU$U(lz`ufx(L!jp<=Qdd-0AbPx%Z z8Ap8}5!iKY_2)rZ(l_@^1)Cqsn)d_v`Rpf5)gCOGACJvnIcUu|yzmb*B7#|dBPH^B z`uH9kZI^7v#X?MJCoKlDU1?<*x)s$%vqV$xW1h3hgmaK%i)#Ja;vP)k zr(mEeJ+=~N6S6ZGn7U&t>quqqAzXpbZ?HC#&c)Q&_4Y~6@g&W^5Y3Sq=zXY05mg05K_ZmA#m@}NUC6f!J z>-95V40-$G=F#T2E%GXQO(VfoI7Bc~x% zmJ(hx{dk8}>{0mpeMZX{pRBY7My~z-MuqCc_Qs9+@3P!_(t8`)h$|7VWi4i=PJGWC z9e;$8oM=rcyUNR(mJvhp+cs~Pf(%NxgDQgUnJR5jP(!XVL1gyooZ&AuzGoi2OdgYH z;)Sk#zJHu+>&k=|)pfOtRNgNJA@Y7Sbc!;5Ft@xBeNXuD_eDp<&9FPQ=?PMZAIJO* zg*!}+{zmPKxq56urBRxX^;?U%0Y4!oNwRT&)>Z89Wc*O+K(yFCtFkc$gti4Z>?VUh z(5Q?j^e>^7vUK9#AR-EMnBowa6=(-B53pt9lP{z;Ca0Pn{i)0U?8811CD;E$9d-Ky z#^@D~j{~~4-3H{y8kTT>p9EaEn>6`|4%{)$P@1+~d$pJNCT%^bH~eAMM1D$3JsjmF zc*gJ}u|7>B1LhA?l+X;s?k&{3kDhL4>{+w7c^mChGKzhC9ByVVNdl{ox>Wp;$0$}m zaw`>7JgOf!IC)|-0~rmopPZqzCW%4)gTP%Ev53E-^@lh*PqfYDD+x9XRWMZ3>tr(d zWyuCxKX$6Aly(X!lr@d@uXK@%XOO) z&AC^-1OF4R2J=cTw4O_d%q07>)%1LHdUIEM(MwjtYG)`G{>@~J!03hWB#s1@1g7M)FL*mU$xi| zz=_61<@B2%PG{6$B9<2r`1*Ls#pM}dwf)>v@^7e5PX?6^8uXcVpEaMU-7z(#(K^oy zs+ef4_)TTWm!B%xuiOH~j^qhy@S)KtE=3Q<4wWsAj+oI+#s5b?`uGH%{36)y+zu{Z z^&jW*81bk^w|H55;HS#W35~|NpP0^Eg?!(fRT5YoLAvwbLpC!}d!%QmDh~<)UZ9(eWzt#g@)N^M~PD`_48q zZzS~;4RU1hQu?Nmk$b-Xr@90dJ~#YpVMb5Ayw z(7a_|$Wc{X+Vff!)~mtoVHSODJs0uRHpf?$5(CP9ZDP>nLSQ@W*b+Lsh|sG=I_oac zhQ4+9bYJ#jV(d)Ge}vk-Mm|Bg!av>2>2E#;Il$~_r%aL9B%e`{^p{-QE1Zb%DuH~#lG%^x-{S*Pof zmN&{ndNam|43()xVPP9NC8XD=3dQ-4nkHwP>-YUFlX50V!Ur*=CN zpefC?ro#O)h{ab6fhP-&e`@A!7U_|{eFzq04?6Wtjvyz|wIGA4N{NB`sVg=-lBOrY z=|>x3PLaH4nrp#g6WpNcA1Bl_KU_UXHb&&QHuc zQ5)XbzbOvl40hs}ljd2$xl?~ggOb-)Uiaaw4O~05Vtatfaxf3lP`@oBMVNpk$R<5mVY_z zeP~%xQ7B=7ddV5WQ ziCwxo*;pC6Le*+hY^*f@rwykMS+n%;< z>-66H`|+J~ogYb7sw$PblB}e%a_6b0E6C2VZd094k>|==(JrMUbua;M=`~`uw$jP- zHL|H9_xFNLLVU(ln3VNyty0CjnzrabI!;697abl3guzB<)m-|+8i>2}f)uDgzyT}R zLKbch_veV@xkVFs=}>e?cH!u^ap-U_;g}IVV+iQOc^&1$ZU;2ty8p+^_vE(&_xIpv zJOROCbXux<4!)b}mP2dwJv)T`byUlrP6#{4ZjIS$)tO&uUy|lMfs7()&|^g6;w0UE zbUHtf)G}8o#KF2q&6z0&iN8*i&hM!6&c1W#mMYKzl?bj2W4S%^9k<(c_&ptpg<1Xc zMVubLl)+@VwFkQ+>=JR%b;PVJO7nbW5R+e>s2WNQC((AG;q1{mcl5_1Pziby1`gVd zpv(~#pwOw5!`5guSm#rEbxkX$OuEWx0p@T+$BwpMR8Qh>)0dKRiq6bSg1tMbR%x4IY_2v;QGye`T6(Me>f%@g24P7I?bl=@e!yK8E8*0${l&n1de-3gGb{3~FE%f=`vQ$h#oe zstQguFn5i&n9S3wm>60fPb(l(h8!pzO;#3PD0W3IIo9qyDib+19{i%~*979x37l!D zF^(?i-}LisAf;fG>X0Rt03ugiCkmWUQsuh*PnqQ8iNOkT$B23)+Cm3K)m2!aC~Qi_ zB5qQ)=~-fSS8M{+;bWOBiM7Hoki28C0r2n}DYLm*o$cT#BwOXbCB3s-wAK|GRcG2c zcxMV_nmmhew9b+-5ODn}8PWo$~P_yf^3F;xNF?O&&2kIEXWR(k@`O@aZ5d87`r zStQb&Vde+-8*ZWE`i~SRgZU%|(SN}5wUx(v?=O&gOq4#&m96=VMY>H;_^0R8m6C5b zK&|uRhPrdtboV}K7b-f?^d24Pyt3}%bA*e7M^^jevNxsD5pvKoO9u!+T?PpO`7l32)_pOo#bNhf0-{!ai=T_CRces z2c=Z+bF0C|l4;IEm4q-rj}xt(=gUFl3U|iRQ}Hyfrr6r1=0hxl66p22YP>G5-P}8h z^sMYk`~!abefOrcX^NjR3*J^Gd9rSiJbSoK>LM$oZk-iUOUIoTQY(3KW}iIEhT;n< z&egh}V5eoyp%MGyUZYxb3O_M`T_8GC1tZeeK8K?qvyMH8bnnQ_!^MxV=BTGOEuRZ! z%u5SvMyWZ&OJ{psrEY(y*)iO2h^iIy_e8lN3H>|g4FIlRadiQKV?eCsAp7LP8dg3%rkF43eC1BruHelK|p&sw3?**MNG z(^RS`3`V^oe=;hpx77(z=R!n-7?Y|Rw;26fonb#-GH9Dm+lP^aNZSL@6xM{9GvtM; zd8_*N7;;IkI$bgpJyAQ0s_#zg=w$N55SIg5T=OPnb#3Q;WHRG-*e&_Hf2Pd!;@5Om zg5;y3GTF@dv45=4y2-QXi{u3p*2%L=KTB(rPV$1PGFhROa05GR<~}+z3^BMSSu&>p zT{0l$eFroke)HQCgZk`YyaodUw3Bp|Av5S`7e%AWz+W5Lair!mAG>amA$z|SX@ zE1N2gX}2&T@#c_~Q`XQ-*+nxp6;sw=U}Y;xaXqbPGe#rOwm*IwO>g~vq9vrs3Z6p} zw?dJ%>VrVhS22d6}!m1xpTX?%fRov%Tyqiz3g%L z_3cwIh~7jjiNKbEz1fLZy#UPg=8r}#iON3oRCt}PRRvzciFp;N>j}R8Yz7$)89$}Fs z{jMQOyq-z>*^AugIzC-Pk5bb%Xi%BvyI zQFuL<$;YbJ72ZlRbF0PQ%p*&HU2-WL%;sm2y^I*U@KG@LcN1AlaPJMGdm_xh)uZOp z3r8}3qn_8kHZ`Qbk5Uq{{f~Ew@px$G3082xcb1~BrvZdpo^VM~9*kEkscxe$zOE&)p=Xri+Hfq9&hF5GeOL2dtk+gBDXQU|r>k5;fU+mjdex#~PBc ztq6P{z#8Xj=*#gSZ6+Kdg`%Ea*4Vn6lS>wax4bLL*~Ek`a<=#f{U!n?bb4!merZjy z3G+XM(ezTipmLL3jfE>{o_Q`m1RYeEOSLpD^g4$m{M_NXQ6GnBiY+KvAM)|}=Zl}B z%w~-I3c}!8=F8}j$5%$1rB-uuNQn<5-rS1UH40epHLxE zGrO3mRq%a4jEo_o@h2^Fom1FK#gU5ZpqE4Z6Z0@Lalet^UM%hmgxL!#VSe2ry166Y zP+bTd{_OwwBF+8(@9n?o#r!?Y!)2^>1LK-zUtLrnOWFo9G0wxLNts>HeI!b6c_d zhUqKV#PT?|>oM-qei1|D>G1m&OO>5B`F!R67-vm;*j`mgZCp)@HjbR@UHZT;C!0>M z{z{kRrpcp(op01==XKwWHm-9mVP6!PX{U@!>O_+#?`Bq`mMNf(;64yd6QrA*1hWT= z7iRIUabka$-)1-TLxR+$k3as750u=QJV-LiP+YFEXU*OrYOjG#FScXf?YiT-5cAJ3 z{Yx*0;)d#{2ltOj*kmw6pgZ6gGDncanH|C|JL_vPZu1YJVOt3zchi3UNdi^Re#+ME z);y1wnT^1VF+mz3>;c`8r^v}Q4G3-ks;xIYisU`>mEK9JWHYy!;U0OFk9aJ&xbIS> zRTjEeFr^>xXhIwVm~z zGBmy~?Iqi&1hj?;3Hbz~fSK=QXisABn1?G2UX_?GOR^j)G)dUh#fFR5Ee_*$^W6@e*G;Jb}wo)dn-B+*pawdWw!!S4{5U zr2j_7m)Pv8hMH^qQLi`a<7QiiJ>lWDrC-x7Fr2Z)b?v~=6|2!MQAqfvbo#(&2<1OB zkAa-<;7v)&Rbd!0EJ9y+Uc_){Xl)p%BB5R}$H^|($G4q~qX?wBNc%0W?SHBgE4rc1 zvj3c$Y{&S-Lv1f5`uuTrwcK$kTkaWax)A5qJw2995G^f|`HG8VpAyFKnb(Ac)=d!C zB#)E%zQs_Yk0V4?y zgHYODP(;$txV6o?<@59dDG(PSH#ey_v&G>k$tW7wG|4VqcN$+uYvqYcOiXyrfpx!P z74;;P+bHto)F5S)1+6QS*?vsZ&r&1JsmnmL2`lZY3Zpbz<>BfIBefP;^rq4%O}#8; zoYrQlCc_%p4EXce(#bGj+i{!Kjr)`}hjAOMo4b^?`mUcW$e%L1DQh=rdKuJaEp6K( zz<>%bX$5bICGDSDlsD5x*i|RrfUvGqm}r`h!-t&9qBK#DFD?GJGvlnEjhe@5S=UlO ze!TU}wvk5GjqGRb$Ac396kSU0S^snIA0KXe7*}Dc>ib{wVsqsF+svP8N(*Gro8Hz{ zn9ki5nW|7^9}Ux{u=ztP+?G{%tczq@nzYt`jLICgrD^IPrpRd=eQmi^Cvo;?(#!g} zgxjdp4-zoTbP{uH$I&g<|6AhqeGHvzY1&J{)SwibvF5U1F(AXr{4=hqPo|{_pKu}D z%G|Xje1M~DU9->o>ZfF;mHE$}sBIg=Wu6jRf6iyV>=RPm&$<1<$b`eXIoE`_H%t(j z{+GWU&u8-A_Ap;^6uSIW{IhB4y5mLC0%UzT8z|ZdiH1Uft8&k5fP&5H6 ztmL@Ec6t(MR)bJ3xqD=R!MiaGp?t@<0pDMJ-*viDBpC0f;-;U#qqlv|9}nT@qcjXE>wm)5Fa!fBlU zAVd_SbqP1hpWXZcB4hNpR`{^?6K-+@8on!FAVWR!!F2^ZX0uxWkC7nx3Jz)f8v z+0^t_G2hFqxMB+0g$2y*$7_$z?UlMy*y8KXPFX8#-u~Fk^F&@AWG|1>eW{T>D&E5w z7&hrMxIL6X^S8PvY(@UL0^VPDQ?G#I8U4ozMbKi(1U5)HI*IDKOWJHh>t2m6Uk4u=qPl-%lv}hI~Oz?DorPu zQ{)xaa2JEE#9T~IqUz8sMj%>^Q#;8cF1JDG@#S_jfM0Hp7-k@sUCsi0aWwqNDZhjG zuN?6}hiHADlu?f4#}#X_NQsp`aO*#XMWQ{ENY88};N4~p8W1wgmNe>!qH?ipI{{_8_c6mmPs(|1{*;DgToh_W*>1h zV~G?xv_lhHDNj31m9P*feAgxd$2tP@s-4QsBEZ*~43T3hX4Wqp&+hPd;DG$x))t<| z=cn?b&6^;`42S6+Fg21Utpw>Qo1{)7h_c*jF=G4B+!FjzLx56?#=LZ?sO^%JWe-BD9i11&8ZK~fXGmey4?9#Y{U3ISsKe|(?2v5#|HTer z{=eCw!Ur}o4snhc{W%*hWz-DITV341+=~;Emuq$^z~LJ$|Col5LpsL^W3ov*ms7p2;|8r`JoE;{AQjzac1!pWtrsp>Qh|0H^;Y zhd}tT9UuOG$sx3paOMx6L9WkShq)}=QTxId+qV*P?!Az8C9P!x`V(`fkU=)Pl8}*k;(3&-rsYJ6U*hDRe%n zT{kR{SpHf=Zts+VUyWX&rBWhB$muS;{B|D51FPUA_2Vd+`9BU2g zG-KP#F^gU;=utE9tAk-j31tgAPpvNpCB2amo$Y^Khjl-CUr3=6(8q z?5?c+@xQwMcHn)_6ZkUxCUAb)-$wkp-%)?xMTCTWe;4ri+^gciobfM)?E6YUKTZ95 zIR8RCc#RMIjeziVzrRDIra>}w5ObTM7o|+s}r_Gj7FA;cn ziriGTM0Py0pPkCOx$&rF%Q-ltK~kCJt{D1?-lmtuz!doDZVO-d=iC0U^c~(cX>aCv z0QzT(z^r>+?ms8J_@xJo{zn<<;3Gh9v(ZX!gw5CewY!#F!PcaS1rsd!jjoOLdk z?6{cAWLivu%&QcuaevSe>xXcy)v&0kav7S7y(0dy?OH>RHQBbJ!%M{y4L7u5heuG| zo`prth6ei9j#5R5a3`)!?qR4=>Ey#8G0!qeQu96;Ej(&R>Zk)t`Ui<^9%<%2rPH_g zwb?`M3*CUEh6|^Lfu@EcYJ9hr{1E7UuVUIz57q!N#mqf-Ryw5+Wi^wL+dlePaB&;B z?no=~TpK|Bkch|~e*!T3xMldHGEIiD4dIf!qZv$70TseD zC8`$LzW_M|ejMx9Jag{xa}L|#ay&aJ@H>oyOO=~CB*u>NVO>N6QrEbHb%?hpsm?r9>)IOQYfSqU*BqRXzP>fcf)YBte-{yj%*a4M43R+NO*(ZU1 z#0lietP9p+;sNK|tQ_YrWLqr0=@Vu4RM^*suc$bv=(z%LBoYm9%_@CY^z znHa-s0$Kw-6fzrHla*g%OZ-H^?R5aZk(7*Da0neVzYFPI*08DcXdkZ_GeEU=g-ekT z9#6jx?v`-RSWX%AXw$03j+_QQ#=af_w$s*|%Jrg!$FzP3vq=AegARPLaXLvtY0}64 zkuuG82*5o{{=h+eN-T@7_Y#Bn?erW7f(#iI?2-s`;82i<9QBy`%)0K4EJxHQQLFom zOkmOafL~y2+%^z`pQ@4}dTtqVE_#Wsi1f0pY{^}-lq`4^YpCKB2JeX0+L8>GrI3YP zE!MDn8>+K{e|m(W1{@`{28bfQ+0$eL_5@jpEdwhas{HYz34qxA@u53$yZA=O} z3nXz3Ywd?JoeBTM(7~;$EgEyR`Baf&6!0ZGO_Ie%fjJku-6h@1*=OY+(oj9KMQUJ# z;|O^#-^$|E_vJen{ifyr`;V3E(Y9GXv5MQ<2zKHx?lI@XBbcgm&h(b=P7Z>d{LGxb zuGy)bELbZ0o;;EziPU8nOO<+K6!<<;K?eZ~9+`(Mi6^7@_l5*Pj;^UmMU{Kz)Ok{c zGf1R+{qIo=eSlesrIb+=ndCC$`j(W8;|e|Z?HQf_mn8$=qvfraaAi2s+%tQ7qey9Q z#8Ub2A;_8J=~8C@UHt)>9zOYmGalWibRx-rs36R z{l-SlhE}go*jvEfPo|pvKpS}ll=V+T7D<%qV0?UCoNa63E?912b`c4eyI8siVk08k z{e{%Yj2)bl;6z4|othaEIIti}7lS4o;RZ=btaA=2XhJAI!=2uCBsHj5H!A#|GeDDH={zEQw{tAYLc+x zDgBN{*P2wxx~>67v{N7#xvxPcSkf4ueEpGo=@b&Za#3DcijWKb&6i$R{-N!-#tuOO zV0A^1qgH{+q(ekD*#?;AGHsB!7;rJO2=nQrK z7NQ>8;wZq1nVfURtr-`OeN?3IUL1}{u~~B)ab+adG4pbc&LgX7YXrz7EkyBXk)3QM z^Ii((hbY0Ot0#R`Sj$RtaK<6CSFoUZl{hvSNDkQbKU`>(4bOC~EfEMlTED&BKaPDY zyi&yOyrXOEnhJ$sKsb`F5jj2sKu#yx{+$PKQ7Z2EqF-UDSCT9yvJj$CRRf8a6pJB> zuoAjD*TYI$XvP*yW3_2<@4H2rg6-2*6OJgvY)Z~W^Uymxx`)z1q%=Z3FcR#9w#4dN z7+}doY*_0*C@2&}5*}wIK*wiVDg22jxbhOD`PHj?-F!2cljha_zK5`J)QNu;px8Vd z7>eBg)2mop`h;^#VwPOov{2Qdz8d{`=BmYx({=3Hy~B2mLHYYXNJF3Xbd7E;Kh}X? zwE_mF`8Fic(1QYQF4()i;7UZGx=G8p^R?3{mD4PxX%pJs^4U3}PYQ^0g(+%#?6Ei* zP@I0G$Lj}-^b<^&%#ryxMXrqhpneyD|J?U=%(FfyCjNeP4Z1@x&HYdT8}JT@aHFRFhF~7$I)1=F+*_7mJkdT-E3e`z+klo3QtG}QVsk;jFM5R z^L7-W6pX9+_kU2miqn8g{05>th)X&HE={FSL*=54W#E&4V4oZ=zu(SXF?tH93`N69 z6x;tkH$y0UKXy*RVfaMUG-g)e$hhuQX_zM_!5gULsB7mv<^6}$BSm5|xVX5y4%4g` zzF1M1{IJd(me(x3cNN8pigR@G$OGr|QSG(DvK{M*O(^*R^-{R}$N%;gq$&C4LtoO2 z*yVI!^fpQhfu@0Z+5~Kl%r6qOB@~iBAj!T zI~(oH@ywwAlpc9LzJCRda+p5_GI0g#Z^4JPy_yRzxEEtgN}lUab>&yeCRi_6H9bG6 z1m5i5kw$OOT%HeXv1Z%y;5W@h!5x<~6{?A(C(UP1bqjJgVfTl(ar@4FrtnapX%@IV!9BTZm~HK*af(K>gdkjv6D4)U@fb?{^UgOTx9TYD%g z87sua@#dH$UI4DRi6Uv8dZ^Ecofh*znBfx*qS~Y#v-b}6rKb%Uysc>(TxH5yl7dhp zu5J?e{t%`-a-0e97I*gFpx`}_T-(7FoSRa}ayL7PbYML0X<=n%f3uM$f1g=|DkOM^ zfVT1sNj_mnOaQ;VTWfg4WMAfrS9VUbTZh$|{Ou%7=J632s)u0l02GFS?YKfnsF=1; zeW9@tUid?54opftJDpcNRwps1rF67*L3H1r;F1(go(8q6W2F;ZDsn4@{~OIKZ>UwK zebpv0k^W^AkfQq}2DD1QJ zU}qZx^W~LA^i*%yW1E+y+XavMRSGhuWOu3E1MO>i5{u$;xpi^#Ld(@eH>PIJMe^Jn z9;j<$f|#uc2$bv{!7B>EZuvl2nEaqsYoYir&na_LlQH`F;GVS)J|NPDypq5Ve?iqu!U_Q5K=4AH1x&$hkz^0ELi~XZp>kcg z>TISf?!492$_?uQ7s@s{fS@Suqs^`E7A}z+?2}BqnFChWP)F}$#AZa5h zN-C2k=H||Y-TEE`l zqifxoe8{@Be(Ps&>QkUFo*`V1m~K9!V(7X)80sLhr+;uubuPMt)-(OCgc^V##VI!$ z>|C)mIQ&CgJZRRSTy62*4;g?xw$cf4VVAJi&z4;`6u~Ih0y=(<&2ixt6ga4)fCmh- zM)ml|YFcyxu4`5KTCmIbY4K8lwZopeHlA$VzZL%N(zwZoQBdt99qA6!YaaQ$;zt>p^zY0d1?q-I@iSI zG>ySZ)Qx&>h}BmfRO#UY#E-X?L8V`~G-w57hig!oD@$ld)X&u(FuI0F=D|*6QG}%!DcI*#||V0vIURM z!}aQFIctQAyQLxG2jiDclAWgQuosoz*6*lCabaOb40Hnij92GLKpJz7aII3KpX z&1HFA-vb&84grqTRz_}-Lv(9F)ZOSoe=C92U+ne0s7fFzK%j&9j_h@}s=M#~l@rw&+8Vc? zjH4K)$Y0pYDQ5DAcTse(>~!uBSn>%;j9}1&d)#{8vxSdu+&eLCc3p^|P?dCq@hy)v_J>Kt6Q@=?`4P_E}!A?cS4*Z_@D0!ihfF#F~E?tuS zU3iEi#0!8_&@25^>v=V2XXt@~j@0=ZTS#@ilW5T*ozrfX9nvh-rT}*Wb{4qQ+t*s` zfw<-@Nz$E{T#Py=XrD!sDDUx6%H)L|yFgqO2_+%usPu_X2ucgc;G+>E1`E1-q9Npp z%!$7T*Jb&KxTaZf|0PV8k>`y z&90T{Lb|S_8XAgbwrA%her?2a_kw*5@)^5HREaa5p3W@>tDy+2H9o!$PH{|E${;7@ zq<4CfXl-QfhJG$77Uq&X+GnR7%l0nsuCDVUmKGyB#1Dbjnezfd=8=PK7qrMH;*XWS zgx6pOKBhdgqPdgrO(}_I^Y0b=ug8a(QTz|zy-$J*-zUG%_%eTf42SDCfcdt7_mlb8 zy}ye8*FAw)ks_VJFk#9Nemjuhc(3|?X{lP$}Ctau;C;? zKB;7e%)=ybD&bPzaJnlZl2m_+oxjvY6}asJ@N;nV{$q4HTo5!lc$B zzK_TgQbmkbadKTPXw8VW_ zmSo&y(o{%p8sWa&ed_!3^pZW&X5#1myxjb?(+2@fp>L%}54}Fujij_v^=>@ymPHJKcOoP)qN7En~BkcTu)h$a(b20rbO zjf!%|-O8jH&X9SQOxqk-VRVpYB3EVgJ*MfRxJyPPfv2Wj>Ta?#MHG*}fn}OJJQd|>g!|AVXb*3KD8gRFZgkfPI8MX(e)5Iu3GN!v}xzzMt=!TB^hbNuMoGl?xKNaUx;0l zPS>ow4ZIn*A?x-|k#T@4IvE#t*S}QNRJRGbD@pDuLyagJ4<+>%0t=# zLxJSz!5MqLgwqH!TE>HbN|DJ<*gy|F&K~*$jhN zR%&KkO)tu$kP)EpZJ)kiB!lpXeIde-3kw`Bm#O4nz-VPYChU<(;L-;gyT;Xf03Olg(}7vUs57L?b07G*NDpn*|5?FWe*cFE$Z$elSnJEVbW~a46%7IKPU? z>`W}FqYu4m@<{heHMB#5NPEdLfZWoDADU{lAr&Wr;fMu{a4UGpro3fpLCwK%hoV=@ zXAo2@CF$6UI<(vc8#U0FrU38tAt%LulVdK!57I>5W2Skt!JRWv+wnF=sU8gonX38x zk^RcldrjS~vvK=xX=D)lO`v|OfjTy3gPRg`@pg66+deQV&jihgv$8k&$Wwn>Z>j&w=#)&;TPu@23#GL1I^3?DhF|=W6`SYzF-a_ytfOs&Q-t`d85imdg1BaZ zqEtKt3x!>iMO4#2>C)ETXf3P0syOOP>_WG>D*(gaZ_RR%yI^a@Erw0sUcXJ-Nfe6e z_-LP8lZPfKgE|~4`s4`SN=;P9f?OD}$3{{o*`c%KWu>)o<-?N`?)#AyR-Ucf_A^8a zk9jv>=zE%p`DBbxaJdXdSDAxr7REJC!p%Vfq!d#Az|#N$S8hIegV#ZQqDTq3%qd7{ zoutf|g^PHxzAZa_n_@y8l4>^FMF#3nHl{4ofY;O^K&Zo~isxmLgt;DoO@r{xTDh<8 zj6^TDoUF>WjfTE|p^+rj)xw;6)2aNKb%*DV;0Zu~WerqEm$5A5**>WI-Q5cC* zeHZWR`#ImLr%pWF*%cxPy#&0bRTOL0*(qjJVdmYneQlQm3C6)7k=@o1cu}<&6)5HD zBy7~Whr0$z_(hwX!2eSI191fBrkkw|=c#k-~vx9clN=N|UCUsH?i_ zaxZZ&^2MA|&;03sMfWM}(%q~s#X!^bV6&IlHm`IbmlW9;(QT4M{w2#8&}}|wNsHW6 zbngL_v@R&K8HGl091!O%x!qW}7zyM1#Z+78GGv))?z^lr9#oGv>vQ*T={E^F6xn`1lREUj$(A^KiN` z`q(?%_3&}w^ke4t;qrU^fX3d21cpi5zZiR&wq1gJj^)+w^@xx|jupO>tbt;!q>n_# zmZbIhG7p7xIYIX)X*d=;IbRt)wl%f;ax<)cP~H=+>e5F)r5z*!-ljgfFHI)CK8;*b zT)#|w)MJIgsotcTpxwQjsC3!9$~49B1iGemMnizCu@e8q-N8xluVIm;-5CB#W4oLu zt>Xa)Uz2)8`xo@(D(2Dx3gQ%pE6ypblMro{ zh73hk@iS?`;V+)Abo?-p#l0!}nWia`B~{2|vK?N3gxU?=fc~|4yWU*Qc|762EMGOu zGRRygsgSA%NF^rxC<~>>(+>ryqMxwTiIJ~hb8p46QE;HmVw&qpTG=*^TAUaTch>`6k zY+fAh9pH}z!Tzj(04JlPLi{f7*t$5N)Jkw%A(n^iuGxUCA)wHe4reW);EbZe)f#`h z@H!`t!oV`qjf+_+O!@mfx)F4j zCl+t(HnK0jg{u;HDm*`yYoCdvE`FSoo!jpkiyvzvqJL#CiWxjr@E4))s1)2?62;j4 zb&?077!vdI@|JK&#ZN@|QVA$>6K#BZ$gsWrmykvx#)s}THdHJ`b>y-uaN=>Pw?K;@ zShfnzO`WS}p5lS#tB$Kifs^ivlUbF%sY`wo<@}vpN-R!Hs3YSoo9^K^f(-9U60|+D z&-cJS_WC^y1Pq(LqbjtzK^m^lF2y&uW;-jlC#n#@0xWMRhr8g??~~J{K9|8tI?p~vUEHG_+{hGAg=`;FtgbaFB15UjdNQ{hWWqvh z2k0{I85N@xpUvZ22VuyR7wz944W#IsP8J>Y*ig<$%>N#c=hlGNSB$b8@o@nmzlu=V8oOaB%8Wbe$C&cm!w_dq zC5l6i9HPpW!D0T3|Hdhw&dJWUwRjTtqoj{Vb*W%#jFmG=;^@YK(aC@EM}s-Yy~uSq z4Ig*4NFwwRgY)u;m&&`<^y6#-tISlj#;6DFAI)oZb}CHZz%T43MJj(X;Jz#*zG1&m z={g;jjUkq0oU}<_o$C6Ji!=bs=PzOVBD)LJ$|*Nj&CS zCP2V|)bunNigA=Nh8o=#W4DcWsh6`R&4(ox3&~XT*(3-$%h@FAnS3&MEu{^p|E@vM zRrvVHYbm97%igJz#wPi_5Y>&}MaZdcjp70sySlY0blWFp|2Y-?2hu`f-&`_y9Sbox zFojJi^dM@pGO!)ajCQMEMD|ZFJf#E~Lr5cK(k#K}`dq<7>%c?iBVLd zh40Uej~eE$m)5qH2ShC?{(6aNnKJOtd$i-eE?z zx@H;IYc)C6>gU~P|27QG!8O}Jfu8sVshpdd>4YWFCd$zgTVBUsw6@-a$f+9AO5f?^ zC=T{=Nc(34U@X{#*`=C6!CV7y574zHfnPK$#nG?_KJO>GxDnbg(Kx3;3E8Th3~mgk z^6P$CsYbQ6CyOg3Ag+w~-(5p{h^Pa5o4AKBVT8;%clWfBJUX%yDVzJZX{++r7zixm z9D@-fVjF*w;xJf?)HE8c%`PMhm($aljfvlqBz1X1wRVG4I7}b;g^qO=bt`o`y^uqo z%P(OgoeaE54XiS*x@FF*ZXTv06P}4l5e_TUgmSH6&PD+_A2qF;)L~`(OfJ~GLlRN1 zY56lwzQi)x7sYQv!rND!?7{eMWBj!(u?^WOpXP_U-a!_)BBGSZeoAUdeG6O5hG@FO z;;nPqz8h7})au?0i*7~VHSA-mBg@Zk_NlPjBRA}Br_t;#x6yCgp4EQdj{$)G69mjZ z79|q~i_bz>wwFp+H6BbcYCU~ghe231!_*eAJqVI9IY z_Rdgglb_Ldn6(a>f7ML$SLsqecl{FUu?tuH#xYv_PQ$8UEX)P;TGT}AH?Qkdcd}l; zqF`-)i!yrUPZ%^;N(-4cEHQ*B3Sep-Fvbq_RH8vI#!@V!++c)kse--1kKYBO>GKDp zZHwj!M!EkO0us0XojsZ->_JlbCF~71<)UpLx2p2u{iXSAQ1>dTs~)LyZ;wt*a<_gw zyzB&Ht{guj#DTWZ3;6|;+zw6zsmj1`=?>V_M3pJq{6=SEkcSatw$D^V2~UJm0ple< zY*-Sf5+r7{8<&?jMSN$K91eS`-stN{#o@*j+;HO!n1VB40bPyp2xA=Q<_lw#`j0^r z;{;Xokv2ftx5@dJD7&HLM}^f9$hUzH^kf3)jX9tfZhbtz=KsuKu$xn-?co2D;#0If z4%EvWP?rx0qOS?+Uebm64AfCLr)pKf)s_*WDwzG(gNs2{M?W=E10D-A)i}j)RK2Rq z$kgaYI;=di0I!s^7~ayl-{0&>;cBC zdpPeW2%0T9Ri4h1=i}eBoJgN{=Xj{WJmK{y&~1&vS)eU9os)e}W6n&SniP!PUlnih zzK$X8)e%Yiv8IG+l12789>!0(%cu+M>XAAQ@rB7X#nvunG`a@w%Gmo6ei#c@55g^- zTavy6zwS9)4eYtSzhEry365UqdECpCeR`TdYhK^F$l_aAo&^x7mN|Lw&rz6W;$<1& zxuD~%LRUw+$nCR|{^T4ak4_$P%4&|y*0FM?CMT8zU6dfl)x6z>Q7o?a>r&=3g0Lis zvG!kJ;aw2={vwC4L@s)d?Rx(E(}5((;p#weTK)Yq5{169ApX*F8f&8GeB(IyoK<*X zrf2u{Z!g3Wn6C2of~*ImX)`fM-UC%R&?56_aP|f+zJqJ+3?YpyE>9OtlD87Vc(u(?J>Tsi`dTQmLa5x#jcE5N1s_TIc?yM3L^@mNelnnVO`oaW13EN zlXP{iMQkOdGrA>`C69-W^3E*uC3SZqDQN(|I|mi{e0980kKGwRjNTF;#^eF#BZwy; zzej;d;@%k_genq~{gM^>ys8h`K&5HxT`>a-cR573uS+|BYAfl2G%hk`Bk9Y(3i{EW z4Ql2TV;I>NJzN3TBwf41!o&T#g=gEMyfKo-gN&or!#~B=5cTuwin!|^T`^X+2zz@syTA>95AZ;CZDYcZA7zM-+xgzVZGZa4+&>l%mq*Zx`8jU5 z@$m?w@+0Bm;roLW7TvdVTDd`ooZig6&f1TEd`aSY!_`--xDZuZEl~C)MT9s>T5|&e zO**uWg&>cl0GI~$JIlld>O6*&4fX6Ap18ee%){+$JSg=E2 zFqZ(UQFfzeQd2G!;aiy>XBWTkqZq3b8P1wu>IY&PN-QZ-Yb{KVpm|U|TE~nFQko*C zlTbS)ac*+-{XCno1Ts@`1eTJBk1-W7?RgiE{E#Mo$dzmXpQecPj&$^lQVLjoqxzeK zT|Eu^(Ua4>?zQl9X3-{HoP|c4Lu3?Y2$Mp#5&}diKik&T~Ci1Q0?92fb z$=o7G=j(-l?5uOwerkx{%Uw&T=pCWTf{&y|u8C`1b*XsTVOB1#P~+qg;WqQsDK5(d z7{{v4<8ct6?m};B0W^TzqeHAkqUT7Q(}?})`h>x|*2~CoT$do7h-CKNdVOK{cJbvm z-WQiHQrf;~6#sPOO`mI=0w2MvWTd@B47oI6)P$xoC$keY0|mbQm}2b$=339MhwA(( zs^&*|70HF)^`>e8N8K4un6#tu3mxS*_gM#|=-n;EhP zCTT>hsVs6&{+exag`^2JNxRF?0;4%ZG*(DPDl%IG?uemC0(YaZqq(-;53US+$`EmMev(JiBLZKniDzLGl_9Wx&KR&dFQ0N zxcP6%goOk%6lX3v=b)pUgvJs=W=##xPqbdo&ao1!gY4JT`*2B{Oj@Nl9!5P`vb?1T zXl68!xtv80pMKOSTvEaX5jksokfR`0V_ihFE|5oQG&nTXwB$jUYrrQoQYn}-nkIx3 z^Azm=6A=yW^3fvT^8`8HN+8N_7CA{TIO9rKjFyD zXvR!FKU{m3EYd~!ROU$T_VRev%VZCZf@F%W0Yw11yocV$uvxdG1GMxD3fz%%cpU)k ztq&G+{c?7oeAy>H`Ggl~MEoFG?DtsTZ*aUszOL1Wb~LsG5zCn6oKJ9&C5)AxYbc^O z1f3{Q@jWytxVRYLf)RwX3C%N{Ee%=9*$IVE&d9Wg&{IYT^5Y~VzL=)6d+ZsUm`J8W z=cjc@f+U_sG=P(pF482+aqNV0xTh_n!}QsZS**o$$;J6#6;{t+6&|d@-|3_VoSRX zic{kibzoz*N_B3T&QrBIWE87F#-6X*^+^%j)FW1U^&IJyaHo$?PZ$ZZHG42kxX7^9 zr!;0HC^Cl*)dkL$k(twnqN8E<{4^sWUwt^bT7T&5hNf3nuYV>PojObi?SpV~k?Z;b zRz~eN_WV%@$&UfWswM+FzIa3kR<;hWELwL6{sV^9?;XR+BcIYogJZQW8$T8_t8QXi zK3X3FYh7~n0>bKCuLjS0NC*k)Zxfku`-oGvp4R%XpC>nPzt-$YqdEtWNxcC9M1q5W zFqV;9Ng()nqePhvCyKcPi==N$LeUBF|Zxfoq1489Jl%DW-!SZ@(Icp<{Ii#uIJY?Rg z%j9vv<=w|Bxo5zD=kz+9{k>_8AIW5%BsZSa6*h#0mnK;*4?}?;baW()a3aaV z1^i|<4Fs)X=Jg$Eos{*9<8rGYSuUK6?vK2+OXW?_HjE(`gp!I^n_qv`W_@-W+*?Ch z2~=iW%2+`%jWZ|a@f?1HANo#0G-Y%alhC8;TcNAlk)Aq+CML5t+sW?UAICKZy9u`A z^wPH$@IEt^Xw`DlWYWQTTDYgKTrk7LqEO(SizHU*fDyW#7%v%-y-{2hSvB>E@`{j!wj9;Zo2@emb)DM(%pgHbuIqg7mG#kr2z+Xr{ z_GWyG`;i|f-UJ6XMe51phaouu7m3H&UYt`iGK{)y;r^3e@vOZ@9|=PO^v0T?1xrE zhv$Kw7W>Z)IV|sjdYXEyPlx^I=w-wHGd?){VX*()$0Ls|9Ea#>%?PA!|8Pp>mXl_Rch7@+_1gNk;h4no<>P>Q>18gdoV(yw`H-> z$mq$l)7GZ;54?|r&gMD)?qH-3 ziRQJ#<|yQl1?=b8zP9sA=bn>`^9zA3RQ0te;T6gqrpqN_Gh^E3lpKz<4X_;GjuB3& z2P*jeq{x#6&S~%-Jdy7@Xltb=t5@q@t@7JSB0!C^akn0ul~yzkaRsb`TnzAc;56q6K6vODd<=Bk;JJeZ3c(-9gKS#-x8-d(pc zkdLGV&3G%;=N+cM*TB?V6w|x%WkL(VCj3W zX`cyh+r^bWHe;x9_)ThDjv9=1(DgVD{$p0@72KoP9p5MCs zFB$lPGw`4StV^V=YXNlw>&7&J)}cL|GGKOV&<6&6;8E%WwY9Tpm7ulyd(a9xhqpn+ zpm$pv*A4nndDH5_YOQWdL#XxQ(J2XS{ktbU!7cw6)JvmcM&rAf{^9A6{|^qw2UYq1 z;D>{w!TMK!sILA>kt4NGeR(yYc0X%1s6Sb&ti3J3_=ZzncawU*RD-wbnY^!8ttx(odclvCSJftj*@X{0QaTy)GKX;ZUpHh-h zzE|R?f&gVJY*L7MdIY2Y{1H9($NqTqC@det^Te|M`&^x&vpC7f#@guE|Hm($zpU;5 zM=uUu4*UOoJl~-UoaZEq0X14oyhxM*uejn zaBQdXY!785!a2Pq;2voFj^l9WI}}TVK=d@t$drB}A^J%3Ir_I}K6)2NOGtT^9ynD-sUiXi6i(cE0!7$8_g=e}ZpzzW4J5|2xU(Z0Gy`zw;gX8D}&p7&?D-#&-NP zO8}bGry;@nqIj14bH~4BK@yVvoo`@stFQmdvy)eE&iqBV!8W?q|KZVLZT&xg`FxQ7 z?&bLoT?!6BQglM6bDZTnJFwCN{x_1=FV-k3GKKw(L<@gs=X6ej8~>5s~IIWY~R^V&yG&kWPhvyp{7H9oN!$o+s*qDY&Bt3)MLDRc#iK$jwqEk6aI zOYdZr;;L5Q@*-J1`e!l`B$yDcT=K()gvKE46Qej#R#I)ooDKbj;;w2@)r%^BSBd4I zj{eclZpfjV&nlL=^;t?~(o&g0GdTH;6Wm9CS*lh=nj^|&y`hC^&P0n)rE&#mr+S}_ z24JPUJYwD=2}$3@SEb1>C$BI5cJeDDZA`%fUgH$+T7pL9}m0dxSF1kAggxai literal 0 HcmV?d00001 diff --git a/packages/rancher-turtles/charts/.helmignore b/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/.helmignore rename to charts/rancher-turtles/106.0.0+up0.0.0/.helmignore diff --git a/packages/rancher-turtles/charts/Chart.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml old mode 100755 new mode 100644 similarity index 96% rename from packages/rancher-turtles/charts/Chart.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml index 99acf7ee737..004f9ddf633 --- a/packages/rancher-turtles/charts/Chart.yaml +++ b/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml @@ -22,4 +22,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: 0.0.0 +version: 106.0.0+up0.0.0 diff --git a/packages/rancher-turtles/charts/README.md b/charts/rancher-turtles/106.0.0+up0.0.0/README.md old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/README.md rename to charts/rancher-turtles/106.0.0+up0.0.0/README.md diff --git a/packages/rancher-turtles/charts/app-readme.md b/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/app-readme.md rename to charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md diff --git a/packages/rancher-turtles/charts/questions.yml b/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/questions.yml rename to charts/rancher-turtles/106.0.0+up0.0.0/questions.yml diff --git a/packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/addon-provider-fleet.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml diff --git a/packages/rancher-turtles/charts/templates/azure-rbac.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/azure-rbac.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml diff --git a/packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/clusterctl-cm-cleanup-job.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml diff --git a/packages/rancher-turtles/charts/templates/clusterctl-config.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/clusterctl-config.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml diff --git a/packages/rancher-turtles/charts/templates/core-provider.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/core-provider.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml diff --git a/packages/rancher-turtles/charts/templates/deployment.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/deployment.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/deployment.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/deployment.yaml diff --git a/packages/rancher-turtles/charts/templates/operator-crds.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/operator-crds.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/operator-crds.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/operator-crds.yaml diff --git a/packages/rancher-turtles/charts/templates/post-delete-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-delete-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/post-delete-job.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/post-delete-job.yaml diff --git a/packages/rancher-turtles/charts/templates/post-upgrade-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-upgrade-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/post-upgrade-job.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/post-upgrade-job.yaml diff --git a/packages/rancher-turtles/charts/templates/pre-delete-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-delete-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/pre-delete-job.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-delete-job.yaml diff --git a/packages/rancher-turtles/charts/templates/pre-install-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-install-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/pre-install-job.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-install-job.yaml diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-components.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rancher-turtles-components.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-components.yaml diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-clusterclass-components.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rancher-turtles-exp-clusterclass-components.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-clusterclass-components.yaml diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-components.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-components.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-components.yaml diff --git a/packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-deployment.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rancher-turtles-exp-day2-deployment.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-deployment.yaml diff --git a/packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-bootstrap.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rke2-bootstrap.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-bootstrap.yaml diff --git a/packages/rancher-turtles/charts/templates/rke2-controlplane.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-controlplane.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/rke2-controlplane.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-controlplane.yaml diff --git a/packages/rancher-turtles/charts/templates/ui-plugin.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/ui-plugin.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/templates/ui-plugin.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/templates/ui-plugin.yaml diff --git a/packages/rancher-turtles/charts/values.schema.json b/charts/rancher-turtles/106.0.0+up0.0.0/values.schema.json old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/values.schema.json rename to charts/rancher-turtles/106.0.0+up0.0.0/values.schema.json diff --git a/packages/rancher-turtles/charts/values.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/values.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-turtles/charts/values.yaml rename to charts/rancher-turtles/106.0.0+up0.0.0/values.yaml diff --git a/index.yaml b/index.yaml index 3d15ecbbfd8..6066ec5baa5 100755 --- a/index.yaml +++ b/index.yaml @@ -31265,6 +31265,36 @@ entries: urls: - assets/rancher-supportability-review-crd/rancher-supportability-review-crd-104.0.0+up0.1.2.tgz version: 104.0.0+up0.1.2 + rancher-turtles: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension + catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/namespace: rancher-turtles-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.11.0-1' + catalog.cattle.io/release-name: rancher-turtles + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool + apiVersion: v2 + appVersion: 0.0.0 + created: "2025-09-04T03:01:37.796214441Z" + description: Rancher Turtles is an extension to Rancher that brings full Cluster + API integration to Rancher. + digest: 05ff710fe6a05d4dbc687f771de63e42de7b0fa99639219b296dafaeb34aa3c2 + home: https://github.com/rancher/turtles/ + icon: file://assets/logos/rancher-turtles.svg + keywords: + - rancher + - cluster-api + - capi + - provisioning + name: rancher-turtles + type: application + urls: + - assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz + version: 106.0.0+up0.0.0 rancher-vsphere-cpi: - annotations: catalog.cattle.io/certified: rancher diff --git a/packages/rancher-turtles/charts/.gitignore b/packages/rancher-turtles/charts/.gitignore deleted file mode 100755 index 17e7ee2513a..00000000000 --- a/packages/rancher-turtles/charts/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -Chartlock.lock -charts/ From f72042b76e915ad75b8f675b23d467264e831f9b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:39 +0000 Subject: [PATCH 5/6] update release.yaml --- release.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/release.yaml b/release.yaml index 2b664f3c6f0..dc1dd795f71 100644 --- a/release.yaml +++ b/release.yaml @@ -2,6 +2,8 @@ rancher-supportability-review: - 106.0.1+up0.1.3 rancher-supportability-review-crd: - 106.0.1+up0.1.3 +rancher-turtles: + - 106.0.0+up0.0.0 rancher-webhook: - 106.0.5+up0.7.5-rc.3 - 106.0.5+up0.7.5-rc.2 From ee41c36ed4ec8c56055e8916e103b33f4cd5de30 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Sep 2025 03:01:41 +0000 Subject: [PATCH 6/6] auto bump chart: rancher-turtles version: 106.0.0+up0.0.0 --- config/bump_version.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/config/bump_version.json b/config/bump_version.json index 99faf400616..e6fed829885 100644 --- a/config/bump_version.json +++ b/config/bump_version.json @@ -1,8 +1,6 @@ { "charts": [ - "fleet", - "fleet-crd", - "fleet-agent" + "rancher-turtles" ], - "new_version": "106.1.4+up0.12.6" + "new_version": "106.0.0+up0.0.0" } \ No newline at end of file