From b3ece87abbac0466c8659f411b23504d9b2446e4 Mon Sep 17 00:00:00 2001 From: Michal Jura Date: Tue, 14 Jan 2025 11:30:44 +0100 Subject: [PATCH 1/2] Bump aks-operator to v1.11.0-rc.1 --- .../rancher-aks-operator-crd/package.yaml | 4 ++-- .../generated-changes/patch/Chart.yaml.patch | 4 ++-- .../rancher-aks-operator/rancher-aks-operator/package.yaml | 4 ++-- release.yaml | 4 ++++ 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml b/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml index fb4768bd48..f0f3518c8f 100644 --- a/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml +++ b/packages/rancher-aks-operator/rancher-aks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/aks-operator/releases/download/v1.10.0/rancher-aks-operator-crd-1.10.0.tgz -version: 105.0.0 +url: https://github.com/rancher/aks-operator/releases/download/v1.11.0-rc.3/rancher-aks-operator-crd-1.11.0-rc.3.tgz +version: 106.0.0 diff --git a/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch index 17c8ff2cd7..b513f6e736 100644 --- a/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch +++ b/packages/rancher-aks-operator/rancher-aks-operator/generated-changes/patch/Chart.yaml.patch @@ -5,13 +5,13 @@ catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.18.0-0' -+ catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0' ++ catalog.cattle.io/kube-version: '>= 1.30.0-0 < 1.33.0-0' catalog.cattle.io/namespace: cattle-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 - catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' -+ catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.11.0-0' ++ catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0' catalog.cattle.io/release-name: rancher-aks-operator catalog.cattle.io/scope: management apiVersion: v2 diff --git a/packages/rancher-aks-operator/rancher-aks-operator/package.yaml b/packages/rancher-aks-operator/rancher-aks-operator/package.yaml index 686e888dc6..e03e1d9966 100644 --- a/packages/rancher-aks-operator/rancher-aks-operator/package.yaml +++ b/packages/rancher-aks-operator/rancher-aks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/aks-operator/releases/download/v1.10.0/rancher-aks-operator-1.10.0.tgz -version: 105.0.0 +url: https://github.com/rancher/aks-operator/releases/download/v1.11.0-rc.3/rancher-aks-operator-1.11.0-rc.3.tgz +version: 106.0.0 diff --git a/release.yaml b/release.yaml index d534b0b99d..649ae59c32 100644 --- a/release.yaml +++ b/release.yaml @@ -24,6 +24,10 @@ neuvector-monitor: - 105.0.0+up2.8.3 prometheus-federator: - 106.0.0+up0.4.5 +rancher-aks-operator: + - 106.0.0+up1.11.0-rc.3 +rancher-aks-operator-crd: + - 106.0.0+up1.11.0-rc.3 rancher-cis-benchmark: - 105.0.0+up7.0.0 - 105.0.1+up7.0.1 From b6d563b53c964e092a1370607a53bcd8b88a7676 Mon Sep 17 00:00:00 2001 From: Michal Jura Date: Tue, 14 Jan 2025 12:17:40 +0100 Subject: [PATCH 2/2] make charts --- ...aks-operator-crd-106.0.0+up1.11.0-rc.3.tgz | Bin 0 -> 1250 bytes ...her-aks-operator-106.0.0+up1.11.0-rc.3.tgz | Bin 0 -> 2116 bytes .../106.0.0+up1.11.0-rc.3/Chart.yaml | 12 + .../106.0.0+up1.11.0-rc.3/templates/crds.yaml | 211 ++++++++++++++++++ .../106.0.0+up1.11.0-rc.3/Chart.yaml | 20 ++ .../106.0.0+up1.11.0-rc.3/templates/NOTES.txt | 4 + .../templates/_helpers.tpl | 25 +++ .../templates/clusterrole.yaml | 15 ++ .../templates/clusterrolebinding.yaml | 13 ++ .../templates/deployment.yaml | 68 ++++++ .../templates/serviceaccount.yaml | 5 + .../106.0.0+up1.11.0-rc.3/values.yaml | 23 ++ index.yaml | 80 +++++++ release.yaml | 2 + 14 files changed, 478 insertions(+) create mode 100644 assets/rancher-aks-operator-crd/rancher-aks-operator-crd-106.0.0+up1.11.0-rc.3.tgz create mode 100644 assets/rancher-aks-operator/rancher-aks-operator-106.0.0+up1.11.0-rc.3.tgz create mode 100644 charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/Chart.yaml create mode 100644 charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/templates/crds.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/Chart.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/NOTES.txt create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/_helpers.tpl create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrole.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/deployment.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/serviceaccount.yaml create mode 100644 charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/values.yaml diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-106.0.0+up1.11.0-rc.3.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-106.0.0+up1.11.0-rc.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d1ebac1075e2cea006d38f38f41413c4b0b39843 GIT binary patch literal 1250 zcmV<81ReVyiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;^ZyUD~^|O8jk=J`AudW6ALT|F%21e3Uh>{fO+lU;m*yWOo znW1c@=zlMES8`lwrO5WmKm*Te=s;ZzqmL_`sYdi>_jEcWWYqEt@9iw+s_3H{mjU!9QKO%=n8n5uidRs-d^Bv~JJx_Ap zOM1zFV)2minCri@{sr^Gfgqo1GW;wd*kAws!CA6d{}&fY|F!;K!X73)6c+CUeff)f z+5fpLo<+ZtS#O3rv%8a{fB}J0KQ`nao+1KR$!qf|l2NDKVzGaqjK&la8Gp}GOb*injgC~&Agti{iClv>q$#nfGe zV9~Fs^c-`jr=V0Q(2pk9U(TlgXf8?1VimidZEfo?eY56qr9qVWB`|&_x7nqXkIuo& z;ZT)wzSS+u(j^wMK5c*vWWS=hEB9H`*B`nVVPEK!Wz#L!W(OlqAzhL+DUPk7HnHa-#i%Hp z)s>ok3{k94pU5x^!6EpKUYi$z1kE<+zOS-4L-HudYu#?q>*_2uGP(7i8OgVtTrPmQ z1P5LtO|#f8bUO0jmSQ#k7AUKv_HDIW9Gj)>63oFvisrgfBU!eZa(VDp0=1pV9_2Pr zHgPevt>)tzxIQzq2^;5dzfL9y3_{7RCgzElkbSi!Lw>x5W?&a)UwmRPhh?L zAPN^q&yl5i``CG?dNkjjc?Z6-oK5Xle0zE1da9{DmE(@=((ySKc^R@Jb9j_#oOzV% zt79_lEwU%yWXsB2ztFUP`VCQLA$rri&`-xLf@%BqR*+qQ;OY&i)wAvj`pR>8#%puZ zbgYG21HTXTWwuRht}pg&FCg=L5@*ipci8H=pR3Yt6Hy>-*y#@4;9uayt5IVjBaN7C z>YshnY@FM|l0igUAkdGvGJ0iyd68X><)*G-c68?hB&~!R~hP=&z+m)Uf=%1=P zSi@`7lf|+zid&7<Tlvit^{`~8x{~vp`S9`Tr`%&%h00030 M|5^8Uv;ZUk0NZAD_5c6? literal 0 HcmV?d00001 diff --git a/assets/rancher-aks-operator/rancher-aks-operator-106.0.0+up1.11.0-rc.3.tgz b/assets/rancher-aks-operator/rancher-aks-operator-106.0.0+up1.11.0-rc.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fae659a6c957c67a9f4ed0333604b4ab957e4fa9 GIT binary patch literal 2116 zcmV-K2)p+miwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGs=a^tq~e)B1IY_}g9YVt6}@{01Vxb&WjW5pmv*#&M1hON?gIM>YL@Z@wa=#Hs|+KP~zUU3lhP~l%aC&y~BJ7>?hr<^Tev;MqKu(6~7vV2n zYg4%Y5nySm3^PKd6nOxg879>v;LI3_flytR8|90X43jc~w&UV+9e+Jzh9|8AIBFxt z0^@3SD_SDr7}E$kM(5aRMVaO!^yjEas5FA(KYtCqU=RkOAHtvPpq)79Rt#32bGhxWDuwLGYG*)-ij;+;P#7O>Rt|MSm;xZ?LnyYjy zCKRwK)v)KiRw65{H)QVzylB#P2p(en1*hx#mcb=RcZSrP*G18iYak$2_Zx^tr9{*MnC7KW8#W z`eXrMkN*$P`n^s6KRi1*`2XjCiBuydOV@8C+9v?#9ADv><%Xa5KeIR%)~hi2R$HGD zUz}3}V*xq>aJ=>~Hk{}b4U%S7H^x7k+qO2yv~2(!$(dNJezYW>|`Vv85YhCe^(aC-AaO%tA>&bN^fI z-{35h%pi3yuin1C4a`ULOU~Fn`|l6>8}@&CHaI=l|8u}Ql|#bjSe`6<$`XVdcPfhb zT$yhb>=z3NT#0aAr2w#8davq%|7{|un!Aqr)QtIKt!8%Q!VO#$SrJ^^Q1E{obAL;) z$NoPgC^OU)nC$7Pz`pvgH#pg_|FhFU|6u>m0gFZVOPGsU1cV00LZZ3P@avgX3r{eD zFT2a7=PedK#5fiyLdPWsA7Ymse9&cj&;ftBED*&Qg6~}l>C%f;RneMORMRpoQZt6m z@2J~(5&@Ki)t}CqA57z|XU_`m{nJ%$D}MxcLP}t945e@`q8G_TQR)?8o?hBa1V$*; zT{&C}9l-Gzxrv~2scy^l?eNOZBj~*TF=w)~shL(bsLXsE56$FhT`@N(eeT13 zfW5HC|CffLmBgo)gZuKo)3c5IuOFTq`hU*@Q<26Il-q%T1!R_)p=2 zg6UUOcB*D*Sj-Hw)t~FeY*c$Yn{GOnShO2`V43)vR(WO%pyT8BWg)rh;J^>Zgj}Pc z^3@#ms2HB0IerPpQc&^BH8O+t>5dtm*oQoe?a=$}Wg0!Vwl%lfbbD4Wm#S9(Bx`ob zFq3aBU5WK+_W$wrKN4vy(#aFtz&`um>i_rq;n|`7dlq=KwQo6!zqs?z;sze?2b9Dc z9NU>IV|joJ4`AC{wYnb4NB>4{iVm=wa*KK{IG%H^^3?onhxNI4>DPlj_FwBaJ-r*e z$Nq=ILAV+J2PcRA@3TPN{#lmM+SFfFTfZaHyEyeI`=JcEovbmFf-{Ps=K-uL3fDd^ zZV=xT-CH*RFva?5bDM_ zSE*qlMO_^%zdevRaCakcY;{^5)(5&LU%+y?Sil!6>1r1(K|v{4U$DS(89j_^*aVi# z<0dcHxs=yR3Vt8K-^Z8ATx%pO;-Ldf=WETZWc%jr+v^Y4H&_39SG}rw4U0v!jny^I zTIo$1w~r)3JE>e=J%U7eV^p8NbMpb1lV<8d-dm%KICo z%wL5>w~-MTo!8N_6|H!i1ZNo=2`P*~sxtu)Yn3%ed^mseX46>PZouk-9yJak%&Zww z(a~Se1UpBhVD1!TlJPn#b0zZ`epgIuvUB7b`mxZ3o4N-a^|nO4zl87jWxIvVI=ttJl~1XK&5=- zmUx)rYJ<17v|W0wl<}Pk>XOC^DLpoY#D%~wHzj>ouCZsPYc;Gi{WjF=$kDdbdBn=DGq7Pt z&aHl@VvHahhGCP_V#a0r0$w9(eD1vLxnNKJUq*E1BKi|+fPM9UZ?IYa_xiowA^(34 uXnfPPO8qyg<<0be$A@$+nb7B!?f?fkzyS`h3;r7b0RR69J)O+}FaQ8Q&KjZs literal 0 HcmV?d00001 diff --git a/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/Chart.yaml b/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/Chart.yaml new file mode 100644 index 0000000000..11ef24a0d1 --- /dev/null +++ b/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-aks-operator-crd +apiVersion: v2 +appVersion: 1.11.0-rc.3 +description: AKS Operator CustomResourceDefinitions +name: rancher-aks-operator-crd +version: 106.0.0+up1.11.0-rc.3 diff --git a/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/templates/crds.yaml b/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/templates/crds.yaml new file mode 100644 index 0000000000..c4fcdfac05 --- /dev/null +++ b/charts/rancher-aks-operator-crd/106.0.0+up1.11.0-rc.3/templates/crds.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: aksclusterconfigs.aks.cattle.io +spec: + group: aks.cattle.io + names: + kind: AKSClusterConfig + plural: aksclusterconfigs + shortNames: + - akscc + singular: aksclusterconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + authBaseUrl: + nullable: true + type: string + authorizedIpRanges: + items: + nullable: true + type: string + nullable: true + type: array + azureCredentialSecret: + nullable: true + type: string + baseUrl: + nullable: true + type: string + clusterName: + nullable: true + type: string + dnsPrefix: + nullable: true + type: string + dnsServiceIp: + nullable: true + type: string + dockerBridgeCidr: + nullable: true + type: string + httpApplicationRouting: + nullable: true + type: boolean + imported: + type: boolean + kubernetesVersion: + nullable: true + type: string + linuxAdminUsername: + nullable: true + type: string + loadBalancerSku: + nullable: true + type: string + logAnalyticsWorkspaceGroup: + nullable: true + type: string + logAnalyticsWorkspaceName: + nullable: true + type: string + managedIdentity: + nullable: true + type: boolean + monitoring: + nullable: true + type: boolean + networkPlugin: + nullable: true + type: string + networkPolicy: + nullable: true + type: string + nodePools: + items: + properties: + availabilityZones: + items: + nullable: true + type: string + nullable: true + type: array + count: + nullable: true + type: integer + enableAutoScaling: + nullable: true + type: boolean + maxCount: + nullable: true + type: integer + maxPods: + nullable: true + type: integer + maxSurge: + nullable: true + type: string + minCount: + nullable: true + type: integer + mode: + nullable: true + type: string + name: + nullable: true + type: string + nodeLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + nodeTaints: + items: + nullable: true + type: string + nullable: true + type: array + orchestratorVersion: + nullable: true + type: string + osDiskSizeGB: + nullable: true + type: integer + osDiskType: + nullable: true + type: string + osType: + nullable: true + type: string + vmSize: + nullable: true + type: string + vnetSubnetID: + nullable: true + type: string + type: object + nullable: true + type: array + nodeResourceGroup: + nullable: true + type: string + outboundType: + nullable: true + type: string + podCidr: + nullable: true + type: string + privateCluster: + nullable: true + type: boolean + privateDnsZone: + nullable: true + type: string + resourceGroup: + nullable: true + type: string + resourceLocation: + nullable: true + type: string + serviceCidr: + nullable: true + type: string + sshPublicKey: + nullable: true + type: string + subnet: + nullable: true + type: string + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + userAssignedIdentity: + nullable: true + type: string + virtualNetwork: + nullable: true + type: string + virtualNetworkResourceGroup: + nullable: true + type: string + type: object + status: + properties: + failureMessage: + nullable: true + type: string + phase: + nullable: true + type: string + rbacEnabled: + nullable: true + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/Chart.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/Chart.yaml new file mode 100644 index 0000000000..475e6bfe19 --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.30.0-0 < 1.33.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.11.0-rc.3 +description: A Helm chart for provisioning AKS clusters +home: https://github.com/rancher/aks-operator +name: rancher-aks-operator +sources: +- https://github.com/rancher/aks-operator +version: 106.0.0+up1.11.0-rc.3 diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/NOTES.txt b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/NOTES.txt new file mode 100644 index 0000000000..5ba05b482c --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher AKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions AKS clusters +from AKSClusterConfig CRs. diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/_helpers.tpl b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/_helpers.tpl new file mode 100644 index 0000000000..de3b332f6a --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrole.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrole.yaml new file mode 100644 index 0000000000..5e2ce97567 --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: aks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch', 'update'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..7aa7e785a4 --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aks-operator +subjects: +- kind: ServiceAccount + name: aks-operator + namespace: cattle-system diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/deployment.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/deployment.yaml new file mode 100644 index 0000000000..e929a85cdc --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: aks + template: + metadata: + labels: + ke.cattle.io/operator: aks + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + serviceAccountName: aks-operator + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: aks-operator + image: '{{ template "system_default_registry" $ }}{{ $.Values.aksOperator.image.repository }}:{{ $.Values.aksOperator.image.tag }}' + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL +{{- if .Values.additionalTrustedCAs }} + # aks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the aks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/serviceaccount.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/serviceaccount.yaml new file mode 100644 index 0000000000..9c40a152f5 --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: aks-operator diff --git a/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/values.yaml b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/values.yaml new file mode 100644 index 0000000000..68b0ccff46 --- /dev/null +++ b/charts/rancher-aks-operator/106.0.0+up1.11.0-rc.3/values.yaml @@ -0,0 +1,23 @@ +global: + cattle: + systemDefaultRegistry: "" + +aksOperator: + image: + repository: rancher/aks-operator + tag: v1.11.0-rc.3 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" diff --git a/index.yaml b/index.yaml index 4e408ad27e..6cb76b09f8 100755 --- a/index.yaml +++ b/index.yaml @@ -7784,6 +7784,30 @@ entries: - assets/prometheus-federator/prometheus-federator-0.1.0.tgz version: 0.1.0 rancher-aks-operator: + - annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.30.0-0 < 1.33.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.11.0-rc.3 + created: "2025-01-14T12:17:17.217574684+01:00" + description: A Helm chart for provisioning AKS clusters + digest: 45dbbeb64adb0b76a9f15a1da88595c82feeb50d7e559bff1a11e4b81923144b + home: https://github.com/rancher/aks-operator + name: rancher-aks-operator + sources: + - https://github.com/rancher/aks-operator + urls: + - assets/rancher-aks-operator/rancher-aks-operator-106.0.0+up1.11.0-rc.3.tgz + version: 106.0.0+up1.11.0-rc.3 - annotations: catalog.cattle.io/auto-install: rancher-aks-operator-crd=match catalog.cattle.io/certified: rancher @@ -8265,6 +8289,22 @@ entries: - assets/rancher-aks-operator/rancher-aks-operator-101.0.0+up1.0.7.tgz version: 101.0.0+up1.0.7 rancher-aks-operator-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-aks-operator-crd + apiVersion: v2 + appVersion: 1.11.0-rc.3 + created: "2025-01-14T12:17:19.463136209+01:00" + description: AKS Operator CustomResourceDefinitions + digest: fe514fe7aaf5c0f208e8246333b6837d4ada62b8ad9333c5d8364838e99c02c7 + name: rancher-aks-operator-crd + urls: + - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-106.0.0+up1.11.0-rc.3.tgz + version: 106.0.0+up1.11.0-rc.3 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -10226,6 +10266,32 @@ entries: - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz version: 1.0.200 rancher-cis-benchmark: + - annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/kube-version: '>= 1.28.0-0 < 1.32.0-0' + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/rancher-version: '>= 2.10.0-0 < 2.11.0-0' + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark + apiVersion: v1 + appVersion: v7.2.0-rc.2 + created: "2025-01-14T12:19:12.535620276+01:00" + description: The cis-operator enables running CIS benchmark security scans on + a kubernetes cluster + digest: 331aad5f2de04d6eb4792409d46c86196d8c7b297f5facb83db69dfd9670ccf9 + icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg + keywords: + - security + name: rancher-cis-benchmark + urls: + - assets/rancher-cis-benchmark/rancher-cis-benchmark-105.2.0+up7.2.0-rc.2.tgz + version: 105.2.0+up7.2.0-rc.2 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -11004,6 +11070,20 @@ entries: - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz version: 2.0.0 rancher-cis-benchmark-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd + apiVersion: v1 + created: "2025-01-14T12:19:12.547210672+01:00" + description: Installs the CRDs for rancher-cis-benchmark. + digest: 2e4e96dbb21e81bb588b7e5326cbedacab2e19a0fcb2b9ac88397c77d75d7b7d + name: rancher-cis-benchmark-crd + type: application + urls: + - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-105.2.0+up7.2.0-rc.2.tgz + version: 105.2.0+up7.2.0-rc.2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 649ae59c32..779db25a4a 100644 --- a/release.yaml +++ b/release.yaml @@ -32,10 +32,12 @@ rancher-cis-benchmark: - 105.0.0+up7.0.0 - 105.0.1+up7.0.1 - 105.1.0+up7.1.1 + - 105.2.0+up7.2.0-rc.2 rancher-cis-benchmark-crd: - 105.0.0+up7.0.0 - 105.0.1+up7.0.1 - 105.1.0+up7.1.1 + - 105.2.0+up7.2.0-rc.2 rancher-csp-adapter: - 105.0.0+up5.0.1 rancher-logging: