From fddb3dcb8267a15c83ee63c1d1bf26fe8a227049 Mon Sep 17 00:00:00 2001 From: divolgin Date: Sat, 12 Dec 2020 01:10:11 +0000 Subject: [PATCH] kots 1.25.2 --- addons/kotsadm/1.25.2/Manifest | 8 + addons/kotsadm/1.25.2/install.sh | 427 ++++++++++++++++++ addons/kotsadm/1.25.2/join-rbac.yaml | 56 +++ addons/kotsadm/1.25.2/kotsadm-airgap.yaml | 19 + .../1.25.2/kotsadm-postgres-rename-pvc.yaml | 46 ++ addons/kotsadm/1.25.2/kotsadm.yaml | 283 ++++++++++++ .../1.25.2/kurl-proxy/kustomization.yaml | 4 + addons/kotsadm/1.25.2/kurl-proxy/rbac.yaml | 38 ++ .../1.25.2/kurl-proxy/tmpl-deployment.yaml | 52 +++ .../1.25.2/kurl-proxy/tmpl-service.yaml | 15 + addons/kotsadm/1.25.2/kustomization.yaml | 6 + addons/kotsadm/1.25.2/operator.yaml | 88 ++++ .../1.25.2/patches/api-prometheus.yaml | 13 + addons/kotsadm/1.25.2/postgres.yaml | 102 +++++ addons/kotsadm/1.25.2/schemahero.yaml | 68 +++ .../kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml | 24 + addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml | 21 + .../1.25.2/tmpl-secret-api-encryption.yaml | 9 + .../1.25.2/tmpl-secret-authstring.yaml | 9 + .../1.25.2/tmpl-secret-cluster-token.yaml | 9 + .../1.25.2/tmpl-secret-dex-postgres.yaml | 10 + .../kotsadm/1.25.2/tmpl-secret-password.yaml | 9 + .../kotsadm/1.25.2/tmpl-secret-postgres.yaml | 10 + addons/kotsadm/1.25.2/tmpl-secret-s3.yaml | 10 + .../kotsadm/1.25.2/tmpl-secret-session.yaml | 9 + .../kotsadm/1.25.2/tmpl-start-kotsadm-web.sh | 5 + addons/kotsadm/alpha/Manifest | 2 +- addons/kotsadm/alpha/install.sh | 2 +- addons/nodeless/README.md | 4 +- testgrid/tgrun/pkg/instances/k8s1164.go | 2 +- .../pkg/instances/k8s1164_docker19034.go | 2 +- testgrid/tgrun/pkg/instances/k8s117.go | 2 +- .../pkg/instances/k8s117_containerd137.go | 2 +- .../pkg/instances/k8s117_openebs_minio.go | 2 +- testgrid/tgrun/pkg/instances/k8s118.go | 2 +- testgrid/tgrun/pkg/instances/k8s1184.go | 2 +- .../pkg/instances/k8s1184_containerd137.go | 2 +- .../pkg/instances/k8s118_containerd137.go | 2 +- testgrid/tgrun/pkg/instances/k8s119.go | 2 +- .../pkg/instances/k8s119_containerd137.go | 2 +- .../k8s119_nameserver_collectd_rook_block.go | 2 +- web/src/installers/index.ts | 1 + 42 files changed, 1367 insertions(+), 16 deletions(-) create mode 100644 addons/kotsadm/1.25.2/Manifest create mode 100644 addons/kotsadm/1.25.2/install.sh create mode 100644 addons/kotsadm/1.25.2/join-rbac.yaml create mode 100644 addons/kotsadm/1.25.2/kotsadm-airgap.yaml create mode 100644 addons/kotsadm/1.25.2/kotsadm-postgres-rename-pvc.yaml create mode 100644 addons/kotsadm/1.25.2/kotsadm.yaml create mode 100644 addons/kotsadm/1.25.2/kurl-proxy/kustomization.yaml create mode 100644 addons/kotsadm/1.25.2/kurl-proxy/rbac.yaml create mode 100644 addons/kotsadm/1.25.2/kurl-proxy/tmpl-deployment.yaml create mode 100644 addons/kotsadm/1.25.2/kurl-proxy/tmpl-service.yaml create mode 100644 addons/kotsadm/1.25.2/kustomization.yaml create mode 100644 addons/kotsadm/1.25.2/operator.yaml create mode 100644 addons/kotsadm/1.25.2/patches/api-prometheus.yaml create mode 100644 addons/kotsadm/1.25.2/postgres.yaml create mode 100644 addons/kotsadm/1.25.2/schemahero.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-api-encryption.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-authstring.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-cluster-token.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-dex-postgres.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-password.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-postgres.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-s3.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-secret-session.yaml create mode 100644 addons/kotsadm/1.25.2/tmpl-start-kotsadm-web.sh diff --git a/addons/kotsadm/1.25.2/Manifest b/addons/kotsadm/1.25.2/Manifest new file mode 100644 index 0000000000..95f8eee14b --- /dev/null +++ b/addons/kotsadm/1.25.2/Manifest @@ -0,0 +1,8 @@ +image kotsadm-migrations docker.io/kotsadm/kotsadm-migrations:v1.25.2 +image kotsadm-operator docker.io/kotsadm/kotsadm-operator:v1.25.2 +image kotsadm docker.io/kotsadm/kotsadm:v1.25.2 +image kurl-proxy docker.io/kotsadm/kurl-proxy:v1.25.2 +image postgres postgres:10.7 +image dex quay.io/dexidp/dex:v2.26.0 + +asset kots.tar.gz https://github.com/replicatedhq/kots/releases/download/v1.25.2/kots_linux_amd64.tar.gz diff --git a/addons/kotsadm/1.25.2/install.sh b/addons/kotsadm/1.25.2/install.sh new file mode 100644 index 0000000000..0534b2891e --- /dev/null +++ b/addons/kotsadm/1.25.2/install.sh @@ -0,0 +1,427 @@ + +function kotsadm() { + local src="$DIR/addons/kotsadm/1.25.2" + local dst="$DIR/kustomize/kotsadm" + + try_1m object_store_create_bucket kotsadm + kotsadm_rename_postgres_pvc_1-12-2 "$src" + + cp "$src/kustomization.yaml" "$dst/" + cp "$src/operator.yaml" "$dst/" + cp "$src/postgres.yaml" "$dst/" + cp "$src/schemahero.yaml" "$dst/" + cp "$src/kotsadm.yaml" "$dst/" + + kotsadm_secret_cluster_token + kotsadm_secret_authstring + kotsadm_secret_password + kotsadm_secret_postgres + kotsadm_secret_dex_postgres + kotsadm_secret_s3 + kotsadm_secret_session + kotsadm_api_encryption_key + + if [ -n "$PROMETHEUS_VERSION" ]; then + kotsadm_api_patch_prometheus + fi + if [ -n "$PROXY_ADDRESS" ]; then + KUBERNETES_CLUSTER_IP=$(kubectl get services kubernetes --no-headers | awk '{ print $3 }') + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml" > "$DIR/kustomize/kotsadm/kotsadm-proxy.yaml" + insert_patches_strategic_merge "$DIR/kustomize/kotsadm/kustomization.yaml" kotsadm-proxy.yaml + fi + + if [ "$AIRGAP" == "1" ]; then + cp "$DIR/addons/kotsadm/1.25.2/kotsadm-airgap.yaml" "$DIR/kustomize/kotsadm/kotsadm-airgap.yaml" + insert_patches_strategic_merge "$DIR/kustomize/kotsadm/kustomization.yaml" kotsadm-airgap.yaml + fi + kotsadm_cacerts_file + + kotsadm_kubelet_client_secret + + kotsadm_metadata_configmap $src $dst + + if [ -z "$KOTSADM_HOSTNAME" ]; then + KOTSADM_HOSTNAME="$PUBLIC_ADDRESS" + fi + if [ -z "$KOTSADM_HOSTNAME" ]; then + KOTSADM_HOSTNAME="$PRIVATE_ADDRESS" + fi + + cat "$src/tmpl-start-kotsadm-web.sh" | sed "s/###_HOSTNAME_###/$KOTSADM_HOSTNAME:8800/g" > "$dst/start-kotsadm-web.sh" + kubectl create configmap kotsadm-web-scripts --from-file="$dst/start-kotsadm-web.sh" --dry-run -oyaml > "$dst/kotsadm-web-scripts.yaml" + + kubectl delete pod kotsadm-migrations || true; + kubectl delete deployment kotsadm-web || true; # replaced by 'kotsadm' deployment in 1.12.0 + kubectl delete service kotsadm-api || true; # replaced by 'kotsadm-api-node' service in 1.12.0 + + # removed in 1.19.0 + kubectl delete deployment kotsadm-api || true + kubectl delete service kotsadm-api-node || true + kubectl delete serviceaccount kotsadm-api || true + kubectl delete clusterrolebinding kotsadm-api-rolebinding || true + kubectl delete clusterrole kotsadm-api-role || true + + kotsadm_namespaces "$src" "$dst" + + kubectl apply -k "$dst/" + + kotsadm_kurl_proxy "$src" "$dst" + + kotsadm_ready_spinner + + kubectl label pvc kotsadm-postgres-kotsadm-postgres-0 velero.io/exclude-from-backup- kots.io/backup=velero --overwrite + + kotsadm_cli $src +} + +function kotsadm_join() { + kotsadm_cli "$DIR/addons/kotsadm/1.25.2" +} + +function kotsadm_outro() { + local mainPod=$(kubectl get pods --selector app=kotsadm --no-headers | grep -E '(ContainerCreating|Running)' | head -1 | awk '{ print $1 }') + if [ -z "$mainPod" ]; then + mainPod="" + fi + + printf "\n" + printf "\n" + printf "Kotsadm: ${GREEN}http://$KOTSADM_HOSTNAME:8800${NC}\n" + + if [ -n "$KOTSADM_PASSWORD" ]; then + printf "Login with password (will not be shown again): ${GREEN}$KOTSADM_PASSWORD${NC}\n" + else + printf "You can log in with your existing password. If you need to reset it, run ${GREEN}kubectl kots reset-password default${NC}\n" + fi + printf "\n" + printf "\n" +} + +function kotsadm_secret_cluster_token() { + local CLUSTER_TOKEN=$(kubernetes_secret_value default kotsadm-cluster-token kotsadm-cluster-token) + + if [ -z "$CLUSTER_TOKEN" ]; then + # check under old name + CLUSTER_TOKEN=$(kubernetes_secret_value default kotsadm-auto-create-cluster-token token) + + if [ -n "$CLUSTER_TOKEN" ]; then + kubectl delete secret kotsadm-auto-create-cluster-token + else + CLUSTER_TOKEN=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c16) + fi + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-cluster-token.yaml" > "$DIR/kustomize/kotsadm/secret-cluster-token.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-cluster-token.yaml + + # ensure all pods that consume the secret will be restarted + kubernetes_scale_down default deployment kotsadm + kubernetes_scale_down default deployment kotsadm-operator +} + +function kotsadm_secret_authstring() { + local AUTHSTRING=$(kubernetes_secret_value default kotsadm-authstring kotsadm-authstring) + + if [ -z "$AUTHSTRING" ]; then + AUTHSTRING="Kots $(< /dev/urandom tr -dc A-Za-z0-9 | head -c32)" + fi + + if [[ ! "$AUTHSTRING" =~ ^'Kots ' && ! "$AUTHSTRING" =~ ^'Bearer ' ]]; then + AUTHSTRING="Kots $(< /dev/urandom tr -dc A-Za-z0-9 | head -c32)" + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-authstring.yaml" > "$DIR/kustomize/kotsadm/secret-authstring.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-authstring.yaml +} + +function kotsadm_secret_password() { + local BCRYPT_PASSWORD=$(kubernetes_secret_value default kotsadm-password passwordBcrypt) + + if [ -z "$BCRYPT_PASSWORD" ]; then + # global, used in outro + KOTSADM_PASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c9) + BCRYPT_PASSWORD=$(echo "$KOTSADM_PASSWORD" | $DIR/bin/bcrypt --cost=14) + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-password.yaml" > "$DIR/kustomize/kotsadm/secret-password.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-password.yaml + + kubernetes_scale_down default deployment kotsadm +} + +function kotsadm_secret_postgres() { + local POSTGRES_PASSWORD=$(kubernetes_secret_value default kotsadm-postgres password) + + if [ -z "$POSTGRES_PASSWORD" ]; then + POSTGRES_PASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c16) + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-postgres.yaml" > "$DIR/kustomize/kotsadm/secret-postgres.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-postgres.yaml + + kubernetes_scale_down default deployment kotsadm + kubernetes_scale_down default deployment kotsadm-postgres + kubernetes_scale_down default deployment kotsadm-migrations +} + +function kotsadm_secret_dex_postgres() { + local DEX_PGPASSWORD=$(kubernetes_secret_value default kotsadm-dex-postgres password) + + if [ -z "$DEX_PGPASSWORD" ]; then + DEX_PGPASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c32) + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-dex-postgres.yaml" > "$DIR/kustomize/kotsadm/secret-dex-postgres.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-dex-postgres.yaml + + kubernetes_scale_down default deployment kotsadm +} + +function kotsadm_secret_s3() { + if [ -z "$VELERO_LOCAL_BUCKET" ]; then + VELERO_LOCAL_BUCKET=velero + fi + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-s3.yaml" > "$DIR/kustomize/kotsadm/secret-s3.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-s3.yaml +} + +function kotsadm_secret_session() { + local JWT_SECRET=$(kubernetes_secret_value default kotsadm-session key) + + if [ -z "$JWT_SECRET" ]; then + JWT_SECRET=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c16) + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-session.yaml" > "$DIR/kustomize/kotsadm/secret-session.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-session.yaml + + kubernetes_scale_down default deployment kotsadm +} + +function kotsadm_api_encryption_key() { + local API_ENCRYPTION=$(kubernetes_secret_value default kotsadm-encryption encryptionKey) + + if [ -z "$API_ENCRYPTION" ]; then + # 24 byte key + 12 byte nonce, base64 encoded. This is separate from the base64 encoding used + # in secrets with kubectl. Kotsadm expects the value to be encoded when read as an env var. + API_ENCRYPTION=$(< /dev/urandom cat | head -c36 | base64) + fi + + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-secret-api-encryption.yaml" > "$DIR/kustomize/kotsadm/secret-api-encryption.yaml" + insert_resources "$DIR/kustomize/kotsadm/kustomization.yaml" secret-api-encryption.yaml + + kubernetes_scale_down default deployment kotsadm +} + +function kotsadm_api_patch_prometheus() { + insert_patches_strategic_merge "$DIR/kustomize/kotsadm/kustomization.yaml" api-prometheus.yaml + cp "$DIR/addons/kotsadm/1.25.2/patches/api-prometheus.yaml" "$DIR/kustomize/kotsadm/api-prometheus.yaml" +} + +function kotsadm_metadata_configmap() { + local src="$1" + local dst="$2" + + # The application.yaml pre-exists from airgap bundle OR + # gets created below if user specified the app-slug and metadata exists. + if [ "$AIRGAP" != "1" ] && [ -n "$KOTSADM_APPLICATION_SLUG" ]; then + # If slug exists, but there's no branding, then replicated.app will return nothing. + # (application.yaml will remain empty) + echo "Retrieving app metadata: url=$REPLICATED_APP_URL, slug=$KOTSADM_APPLICATION_SLUG" + curl $REPLICATED_APP_URL/metadata/$KOTSADM_APPLICATION_SLUG > "$src/application.yaml" + fi + if test -s "$src/application.yaml"; then + cp "$src/application.yaml" "$dst/" + kubectl create configmap kotsadm-application-metadata --from-file="$dst/application.yaml" --dry-run -oyaml > "$dst/kotsadm-application-metadata.yaml" + insert_resources $dst/kustomization.yaml kotsadm-application-metadata.yaml + fi +} + +function kotsadm_kurl_proxy() { + local src="$1/kurl-proxy" + local dst="$2/kurl-proxy" + + mkdir -p "$dst" + + cp "$src/kustomization.yaml" "$dst/" + cp "$src/rbac.yaml" "$dst/" + + render_yaml_file "$src/tmpl-service.yaml" > "$dst/service.yaml" + render_yaml_file "$src/tmpl-deployment.yaml" > "$dst/deployment.yaml" + + kotsadm_tls_secret + + kubectl apply -k "$dst/" +} + +function kotsadm_tls_secret() { + if kubernetes_resource_exists default secret kotsadm-tls; then + return 0 + fi + + cat > kotsadm.cnf <> kotsadm.cnf + fi + + openssl req -newkey rsa:2048 -nodes -keyout kotsadm.key -config kotsadm.cnf -x509 -days 365 -out kotsadm.crt -extensions v3_ext + + kubectl -n default create secret tls kotsadm-tls --key=kotsadm.key --cert=kotsadm.crt + kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1 + + rm kotsadm.cnf kotsadm.key kotsadm.crt +} + +function kotsadm_kubelet_client_secret() { + if kubernetes_resource_exists default secret kubelet-client-cert; then + return 0 + fi + + kubectl -n default create secret generic kubelet-client-cert \ + --from-file=client.crt=/etc/kubernetes/pki/apiserver-kubelet-client.crt \ + --from-file=client.key=/etc/kubernetes/pki/apiserver-kubelet-client.key \ + --from-file=/etc/kubernetes/pki/ca.crt +} + +function kotsadm_cli() { + local src="$1" + + if ! kubernetes_is_master; then + return 0 + fi + if [ ! -f "$src/assets/kots.tar.gz" ] && [ "$AIRGAP" != "1" ]; then + mkdir -p "$src/assets" + curl -L "https://github.com/replicatedhq/kots/releases/download/v1.25.2/kots_linux_amd64.tar.gz" > "$src/assets/kots.tar.gz" + fi + + pushd "$src/assets" + tar xf "kots.tar.gz" + mkdir -p "$KUBECTL_PLUGINS_PATH" + mv kots "$KUBECTL_PLUGINS_PATH/kubectl-kots" + popd + + # https://github.com/replicatedhq/kots/issues/149 + if [ ! -e /usr/lib64/libdevmapper.so.1.02.1 ] && [ -e /usr/lib64/libdevmapper.so.1.02 ]; then + ln -s /usr/lib64/libdevmapper.so.1.02 /usr/lib64/libdevmapper.so.1.02.1 + fi +} + +# copy pgdata from pvc named kotsadm-postgres to new pvc named kotsadm-postgres-kotsadm-postgres-0 +# used by StatefulSet in 1.12.2+ +function kotsadm_rename_postgres_pvc_1-12-2() { + local src="$1" + + if kubernetes_resource_exists default deployment kotsadm-postgres; then + kubectl delete deployment kotsadm-postgres + fi + if ! kubernetes_resource_exists default pvc kotsadm-postgres; then + return 0 + fi + printf "${YELLOW}Renaming PVC kotsadm-postgres to kotsadm-postgres-kotsadm-postgres-0${NC}\n" + kubectl apply -f "$src/kotsadm-postgres-rename-pvc.yaml" + spinner_until -1 kotsadm_postgres_pvc_renamed + kubectl delete pod kotsadm-postgres-rename-pvc + kubectl delete pvc kotsadm-postgres +} + +function kotsadm_postgres_pvc_renamed { + local status=$(kubectl get pod kotsadm-postgres-rename-pvc -ojsonpath='{ .status.containerStatuses[0].state.terminated.reason }') + [ "$status" = "Completed" ] +} + +function kotsadm_namespaces() { + local src="$1" + local dst="$2" + + IFS=',' read -ra KOTSADM_APPLICATION_NAMESPACES_ARRAY <<< "$KOTSADM_APPLICATION_NAMESPACES" + for NAMESPACE in "${KOTSADM_APPLICATION_NAMESPACES_ARRAY[@]}"; do + kubectl create ns "$NAMESPACE" 2>/dev/null || true + done +} + +function kotsadm_health_check() { + # Get pods below will initially return only 0 lines + # Then it will return 1 line: "PodScheduled=True" + # Finally, it will return 4 lines. And this is when we want to grep until "Ready=False" is not shown, and '1/1 Running' is + if [ $(kubectl get pods -l app=kotsadm -o jsonpath="{range .items[*]}{range .status.conditions[*]}{ .type }={ .status }{'\n'}{end}{end}" 2>/dev/null | wc -l) -ne 4 ]; then + # if this returns more than 4 lines, there are multiple copies of the pod running, which is a failure + return 1 + fi + + if [[ -n $(kubectl get pods -l app=kotsadm --field-selector=status.phase=Running -o jsonpath="{range .items[*]}{range .status.conditions[*]}{ .type }={ .status }{'\n'}{end}{end}" 2>/dev/null | grep -q Ready=False) ]]; then + # if there is a pod with Ready=False, then kotsadm is not ready + return 1 + fi + + if [[ -z $(kubectl get pods -l app=kotsadm --field-selector=status.phase=Running 2>/dev/null | grep '1/1' | grep 'Running') ]]; then + # when kotsadm is ready, it will be '1/1 Running' + return 1 + fi + return 0 +} + +function kotsadm_ready_spinner() { + sleep 1 # ensure that kubeadm has had time to begin applying and scheduling the kotsadm pods + if ! spinner_until 120 kotsadm_health_check; then + kubectl logs -l app=kotsadm --all-containers --tail 10 + bail "The kotsadm deployment in the kotsadm addon failed to deploy successfully." + fi +} + +function kotsadm_cacerts_file() { + # Find the cacerts bundle on the host + # if it exists, add a patch to add the volume mount to kotsadm + + # See https://github.com/golang/go/blob/23173fc025f769aaa9e19f10aa0f69c851ca2f3b/src/crypto/x509/root_linux.go + # CentOS 6/7, RHEL 7 + # Fedora/RHEL 6 (this is a link on Centos 6/7) + # OpenSUSE + # OpenELEC + # Debian/Ubuntu/Gentoo etc. This is where OpenSSL will look. It's moved to the bottom because this exists as a link on some other platforms + set \ + "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" \ + "/etc/pki/tls/certs/ca-bundle.crt" \ + "/etc/ssl/ca-bundle.pem" \ + "/etc/pki/tls/cacert.pem" \ + "/etc/ssl/certs/ca-certificates.crt" + + for cert_file do + if [ -f "$cert_file" ]; then + KOTSADM_TRUSTED_CERT_MOUNT="${cert_file}" + break + fi + done + + if [ -n "$KOTSADM_TRUSTED_CERT_MOUNT" ]; then + render_yaml_file "$DIR/addons/kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml" > "$DIR/kustomize/kotsadm/kotsadm-cacerts.yaml" + insert_patches_strategic_merge "$DIR/kustomize/kotsadm/kustomization.yaml" kotsadm-cacerts.yaml + fi +} \ No newline at end of file diff --git a/addons/kotsadm/1.25.2/join-rbac.yaml b/addons/kotsadm/1.25.2/join-rbac.yaml new file mode 100644 index 0000000000..4683e6e3dd --- /dev/null +++ b/addons/kotsadm/1.25.2/join-rbac.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kurl-join + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kurl-join-kube-system + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - roles + - rolebindings + verbs: + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kurl-join + namespace: kube-system + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +subjects: +- kind: ServiceAccount + name: kurl-join + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kurl-join-kube-system diff --git a/addons/kotsadm/1.25.2/kotsadm-airgap.yaml b/addons/kotsadm/1.25.2/kotsadm-airgap.yaml new file mode 100644 index 0000000000..0c2d7862af --- /dev/null +++ b/addons/kotsadm/1.25.2/kotsadm-airgap.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + template: + metadata: + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero + spec: + containers: + - name: kotsadm + env: + - name: DISABLE_OUTBOUND_CONNECTIONS + value: "true" diff --git a/addons/kotsadm/1.25.2/kotsadm-postgres-rename-pvc.yaml b/addons/kotsadm/1.25.2/kotsadm-postgres-rename-pvc.yaml new file mode 100644 index 0000000000..601841464b --- /dev/null +++ b/addons/kotsadm/1.25.2/kotsadm-postgres-rename-pvc.yaml @@ -0,0 +1,46 @@ +# Only used to migrate from pre-1.12.2 +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kotsadm-postgres-kotsadm-postgres-0 + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Pod +metadata: + name: kotsadm-postgres-rename-pvc + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + restartPolicy: OnFailure + securityContext: + fsGroup: 999 + runAsUser: 999 + containers: + - name: kotsadm-postgres-rename-pvc + image: kotsadm/kotsadm-migrations:v1.25.2 + command: + - /bin/sh + - "-c" + - "if [ -d /old/pgdata ] && [ ! -e /new/pgdata ]; then cp -r /old/pgdata /new; fi" + volumeMounts: + - name: old + mountPath: /old + - name: new + mountPath: /new + volumes: + - name: old + persistentVolumeClaim: + claimName: kotsadm-postgres + - name: new + persistentVolumeClaim: + claimName: kotsadm-postgres-kotsadm-postgres-0 diff --git a/addons/kotsadm/1.25.2/kotsadm.yaml b/addons/kotsadm/1.25.2/kotsadm.yaml new file mode 100644 index 0000000000..7e8e591010 --- /dev/null +++ b/addons/kotsadm/1.25.2/kotsadm.yaml @@ -0,0 +1,283 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kotsadm-role + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kotsadm-rolebinding + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +subjects: +- kind: ServiceAccount + name: kotsadm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kotsadm-role +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kotsadm + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + replicas: 1 + selector: + matchLabels: + app: kotsadm + template: + metadata: + labels: + app: kotsadm + kots.io/kotsadm: "true" + kots.io/backup: velero + annotations: + backup.velero.io/backup-volumes: backup + pre.hook.backup.velero.io/command: '["/backup.sh"]' + pre.hook.backup.velero.io/timeout: 10m + spec: + securityContext: + runAsUser: 1001 + serviceAccountName: kotsadm + restartPolicy: Always + volumes: + - name: kubelet-client-cert + secret: + secretName: kubelet-client-cert + - name: kurl-proxy-kotsadm-tls-cert + secret: + secretName: kotsadm-tls + - name: kotsadm-web-scripts + configMap: + defaultMode: 511 # hex 777 + name: kotsadm-web-scripts + - name: backup + emptyDir: {} + containers: + - image: kotsadm/kotsadm:v1.25.2 + name: kotsadm + command: ["bash"] + args: + - "/scripts/start-kotsadm-web.sh" + ports: + - name: http + containerPort: 3000 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + httpGet: + path: /healthz + port: 3000 + scheme: HTTP + env: + - name: AUTO_CREATE_CLUSTER + value: "1" + - name: AUTO_CREATE_CLUSTER_NAME + value: "this-cluster" + - name: AUTO_CREATE_CLUSTER_TOKEN + valueFrom: + secretKeyRef: + name: kotsadm-cluster-token + key: kotsadm-cluster-token + - name: SHARED_PASSWORD_BCRYPT + valueFrom: + secretKeyRef: + name: kotsadm-password + key: passwordBcrypt + - name: SESSION_KEY + valueFrom: + secretKeyRef: + name: kotsadm-session + key: key + - name: POSTGRES_URI + valueFrom: + secretKeyRef: + name: kotsadm-postgres + key: uri + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: kotsadm-postgres + key: password + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: API_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: kotsadm-encryption + key: encryptionKey + - name: S3_ENDPOINT + valueFrom: + secretKeyRef: + name: kotsadm-s3 + key: endpoint + - name: S3_BUCKET_NAME + value: "kotsadm" + - name: S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: kotsadm-s3 + key: access-key-id + - name: S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: kotsadm-s3 + key: secret-access-key + - name: S3_BUCKET_ENDPOINT + value: "true" + - name: API_ADVERTISE_ENDPOINT + value: "http://localhost:8800" + - name: API_ENDPOINT + value: http://kotsadm.default.svc.cluster.local:3000 + - name: KURL_PROXY_TLS_CERT_PATH + value: /etc/kurl-proxy/ca/tls.crt + volumeMounts: + - name: kotsadm-web-scripts + mountPath: /scripts/start-kotsadm-web.sh + subPath: start-kotsadm-web.sh + - mountPath: /backup + name: backup + - name: kubelet-client-cert + readOnly: true + mountPath: /etc/kubernetes/pki/kubelet + - name: kurl-proxy-kotsadm-tls-cert + readOnly: true + mountPath: /etc/kurl-proxy/ca + resources: + limits: + cpu: 500m + requests: + cpu: 100m + memory: 100Mi + + initContainers: + - name: init-dex-db + command: + - "psql" + args: + - "-h" + - "kotsadm-postgres" + - "-U" + - "kotsadm" + - "-c" + - "CREATE DATABASE dex;" + - "-c" + - "CREATE USER dex;" + - "-c" + - "ALTER USER dex WITH PASSWORD '$(DEX_PGPASSWORD)';" + - "-c" + - "GRANT ALL PRIVILEGES ON DATABASE dex TO dex;" + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kotsadm-postgres + - name: DEX_PGPASSWORD + valueFrom: + secretKeyRef: + key: password + name: kotsadm-dex-postgres + image: kotsadm/kotsadm:v1.25.2 + imagePullPolicy: IfNotPresent + + - name: restore-db + command: + - "/restore-db.sh" + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kotsadm-postgres + image: kotsadm/kotsadm:v1.25.2 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /backup + name: backup + resources: + limits: + cpu: 500m + requests: + cpu: 100m + memory: 100Mi + + - name: restore-s3 + command: + - /restore-s3.sh + env: + - name: S3_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: kotsadm-s3 + - name: S3_BUCKET_NAME + value: kotsadm + - name: S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: access-key-id + name: kotsadm-s3 + - name: S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: secret-access-key + name: kotsadm-s3 + - name: S3_BUCKET_ENDPOINT + value: "true" + image: kotsadm/kotsadm:v1.25.2 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /backup + name: backup + resources: + limits: + cpu: 500m + requests: + cpu: 100m + memory: 100Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: kotsadm + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + type: ClusterIP + selector: + app: kotsadm + ports: + - name: http + port: 3000 + targetPort: "http" diff --git a/addons/kotsadm/1.25.2/kurl-proxy/kustomization.yaml b/addons/kotsadm/1.25.2/kurl-proxy/kustomization.yaml new file mode 100644 index 0000000000..c38e72a98d --- /dev/null +++ b/addons/kotsadm/1.25.2/kurl-proxy/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- rbac.yaml +- deployment.yaml +- service.yaml diff --git a/addons/kotsadm/1.25.2/kurl-proxy/rbac.yaml b/addons/kotsadm/1.25.2/kurl-proxy/rbac.yaml new file mode 100644 index 0000000000..498fbea898 --- /dev/null +++ b/addons/kotsadm/1.25.2/kurl-proxy/rbac.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kurl-proxy + namespace: default + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: default + name: secret-manager + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list", "create", "patch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kurl-proxy-tls-secrets + namespace: default + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: secret-manager +subjects: +- kind: ServiceAccount + name: kurl-proxy + namespace: default diff --git a/addons/kotsadm/1.25.2/kurl-proxy/tmpl-deployment.yaml b/addons/kotsadm/1.25.2/kurl-proxy/tmpl-deployment.yaml new file mode 100644 index 0000000000..25386fa1b5 --- /dev/null +++ b/addons/kotsadm/1.25.2/kurl-proxy/tmpl-deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kurl-proxy-kotsadm + labels: + app: kurl-proxy-kotsadm + kots.io/kotsadm: \"true\" + kots.io/backup: velero +spec: + selector: + matchLabels: + app: kurl-proxy-kotsadm + template: + metadata: + labels: + app: kurl-proxy-kotsadm + kots.io/kotsadm: \"true\" + kots.io/backup: velero + spec: + containers: + - name: proxy + image: kotsadm/kurl-proxy:v1.25.2 + imagePullPolicy: IfNotPresent + env: + - name: NODE_PORT + value: \"8800\" + - name: UPSTREAM_ORIGIN + value: http://kotsadm:3000 + - name: DEX_UPSTREAM_ORIGIN + value: http://kotsadm-dex:5556 + - name: TLS_SECRET_NAME + value: kotsadm-tls + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: kotsadm-config + mountPath: /etc/kotsadm + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 50m + memory: 50Mi + serviceAccount: kurl-proxy + volumes: + - name: kotsadm-config + configMap: + name: kotsadm-application-metadata + optional: true diff --git a/addons/kotsadm/1.25.2/kurl-proxy/tmpl-service.yaml b/addons/kotsadm/1.25.2/kurl-proxy/tmpl-service.yaml new file mode 100644 index 0000000000..3d7228ecb8 --- /dev/null +++ b/addons/kotsadm/1.25.2/kurl-proxy/tmpl-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: kurl-proxy-kotsadm + labels: + kots.io/kotsadm: \"true\" + kots.io/backup: velero +spec: + type: NodePort + selector: + app: kurl-proxy-kotsadm + ports: + - port: 8800 + targetPort: 8800 + nodePort: ${KOTSADM_UI_BIND_PORT:-8800} diff --git a/addons/kotsadm/1.25.2/kustomization.yaml b/addons/kotsadm/1.25.2/kustomization.yaml new file mode 100644 index 0000000000..02a8ba8baa --- /dev/null +++ b/addons/kotsadm/1.25.2/kustomization.yaml @@ -0,0 +1,6 @@ +resources: +- operator.yaml +- postgres.yaml +- schemahero.yaml +- kotsadm.yaml +- kotsadm-web-scripts.yaml diff --git a/addons/kotsadm/1.25.2/operator.yaml b/addons/kotsadm/1.25.2/operator.yaml new file mode 100644 index 0000000000..9632937f70 --- /dev/null +++ b/addons/kotsadm/1.25.2/operator.yaml @@ -0,0 +1,88 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kotsadm-operator-clusterrole + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kotsadm-operator-clusterrolebinding + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +subjects: +- kind: ServiceAccount + name: kotsadm-operator + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kotsadm-operator-clusterrole +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kotsadm-operator + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm-operator + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + replicas: 1 + selector: + matchLabels: + app: kotsadm-operator + template: + metadata: + labels: + app: kotsadm-operator + kots.io/kotsadm: "true" + kots.io/backup: velero + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + prometheus.io/path: "/metricz" + spec: + securityContext: + runAsUser: 1001 + serviceAccountName: kotsadm-operator + restartPolicy: Always + containers: + - image: kotsadm/kotsadm-operator:v1.25.2 + name: kotsadm-operator + env: + - name: KOTSADM_API_ENDPOINT + value: http://kotsadm:3000 + - name: KOTSADM_TOKEN + valueFrom: + secretKeyRef: + name: kotsadm-cluster-token + key: kotsadm-cluster-token + - name: KOTSADM_TARGET_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi diff --git a/addons/kotsadm/1.25.2/patches/api-prometheus.yaml b/addons/kotsadm/1.25.2/patches/api-prometheus.yaml new file mode 100644 index 0000000000..c63859730a --- /dev/null +++ b/addons/kotsadm/1.25.2/patches/api-prometheus.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm +spec: + template: + spec: + containers: + - name: kotsadm + env: + - name: PROMETHEUS_ADDRESS + value: http://prometheus-k8s.monitoring.svc.cluster.local:9090 diff --git a/addons/kotsadm/1.25.2/postgres.yaml b/addons/kotsadm/1.25.2/postgres.yaml new file mode 100644 index 0000000000..b19eac385c --- /dev/null +++ b/addons/kotsadm/1.25.2/postgres.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kotsadm-postgres + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + replicas: 1 + serviceName: kotsadm-postgres + selector: + matchLabels: + app: kotsadm-postgres + volumeClaimTemplates: + - metadata: + name: kotsadm-postgres + labels: + kots.io/kotsadm: "true" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + template: + metadata: + labels: + app: kotsadm-postgres + kots.io/kotsadm: "true" + kots.io/backup: velero + spec: + securityContext: + runAsUser: 999 + fsGroup: 999 + volumes: + - name: kotsadm-postgres + persistentVolumeClaim: + claimName: kotsadm-postgres + containers: + - image: postgres:10.7 + name: kotsadm-postgres + ports: + - name: postgres + containerPort: 5432 + volumeMounts: + - name: kotsadm-postgres + mountPath: /var/lib/postgresql/data + env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRES_USER + value: kotsadm + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: kotsadm-postgres + key: password + - name: POSTGRES_DB + value: kotsadm + livenessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - "pg_isready -U kotsadm -h 127.0.0.1 -p 5432" + readinessProbe: + initialDelaySeconds: 1 + periodSeconds: 1 + timeoutSeconds: 1 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - "pg_isready -U kotsadm -h 127.0.0.1 -p 5432" + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: kotsadm-postgres + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + selector: + app: kotsadm-postgres + type: ClusterIP + ports: + - name: postgres + port: 5432 + targetPort: postgres diff --git a/addons/kotsadm/1.25.2/schemahero.yaml b/addons/kotsadm/1.25.2/schemahero.yaml new file mode 100644 index 0000000000..593d3092be --- /dev/null +++ b/addons/kotsadm/1.25.2/schemahero.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kotsadm-migrations + labels: + kots.io/kotsadm: "true" + kots.io/backup: velero +spec: + securityContext: + runAsUser: 1001 + fsGroup: 1001 + restartPolicy: OnFailure + volumes: + - name: migrations + emptyDir: + medium: Memory + + initContainers: + - name: migrations-plan + image: kotsadm/kotsadm-migrations:v1.25.2 + args: ["plan"] + volumeMounts: + - name: migrations + mountPath: /migrations + env: + - name: SCHEMAHERO_DRIVER + value: postgres + - name: SCHEMAHERO_SPEC_FILE + value: /tables + - name: SCHEMAHERO_URI + valueFrom: + secretKeyRef: + name: kotsadm-postgres + key: uri + - name: SCHEMAHERO_OUT + value: /migrations/plan.yaml + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 50Mi + + containers: + - name: kotsadm-migrations + image: kotsadm/kotsadm-migrations:v1.25.2 + args: ["apply"] + volumeMounts: + - name: migrations + mountPath: /migrations + env: + - name: SCHEMAHERO_DRIVER + value: postgres + - name: SCHEMAHERO_DDL + value: /migrations/plan.yaml + - name: SCHEMAHERO_URI + valueFrom: + secretKeyRef: + name: kotsadm-postgres + key: uri + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 50Mi diff --git a/addons/kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml b/addons/kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml new file mode 100644 index 0000000000..cdb56e4987 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-kotsadm-cacerts.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +spec: + template: + metadata: + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero + spec: + volumes: + - name: host-cacerts + hostPath: + path: "${KOTSADM_TRUSTED_CERT_MOUNT}" + type: File + containers: + - name: kotsadm + volumeMounts: + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: host-cacerts diff --git a/addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml b/addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml new file mode 100644 index 0000000000..b48db30642 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-kotsadm-proxy.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kotsadm + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +spec: + template: + metadata: + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero + spec: + containers: + - name: kotsadm + env: + - name: HTTP_PROXY + value: ${PROXY_ADDRESS} + - name: NO_PROXY + value: ${NO_PROXY_ADDRESSES} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-api-encryption.yaml b/addons/kotsadm/1.25.2/tmpl-secret-api-encryption.yaml new file mode 100644 index 0000000000..9c54ceb795 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-api-encryption.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-encryption + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + encryptionKey: ${API_ENCRYPTION} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-authstring.yaml b/addons/kotsadm/1.25.2/tmpl-secret-authstring.yaml new file mode 100644 index 0000000000..19b344d8e9 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-authstring.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-authstring + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + kotsadm-authstring: ${AUTHSTRING} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-cluster-token.yaml b/addons/kotsadm/1.25.2/tmpl-secret-cluster-token.yaml new file mode 100644 index 0000000000..3364f491a1 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-cluster-token.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-cluster-token + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + kotsadm-cluster-token: ${CLUSTER_TOKEN} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-dex-postgres.yaml b/addons/kotsadm/1.25.2/tmpl-secret-dex-postgres.yaml new file mode 100644 index 0000000000..74f98b7423 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-dex-postgres.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-dex-postgres + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero + kots.io/identity: 'true' +stringData: + password: ${DEX_PGPASSWORD} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-password.yaml b/addons/kotsadm/1.25.2/tmpl-secret-password.yaml new file mode 100644 index 0000000000..3bf3806715 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-password.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-password + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + passwordBcrypt: ${BCRYPT_PASSWORD} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-postgres.yaml b/addons/kotsadm/1.25.2/tmpl-secret-postgres.yaml new file mode 100644 index 0000000000..0000af2c20 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-postgres.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-postgres + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + uri: postgresql://kotsadm:${POSTGRES_PASSWORD}@kotsadm-postgres/kotsadm?connect_timeout=10&sslmode=disable + password: ${POSTGRES_PASSWORD} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-s3.yaml b/addons/kotsadm/1.25.2/tmpl-secret-s3.yaml new file mode 100644 index 0000000000..0f8f94a733 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-s3.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-s3 +stringData: + endpoint: ${OBJECT_STORE_CLUSTER_HOST} + access-key-id: ${OBJECT_STORE_ACCESS_KEY} + secret-access-key: ${OBJECT_STORE_SECRET_KEY} + velero-local-bucket: ${VELERO_LOCAL_BUCKET} + object-store-cluster-ip: ${OBJECT_STORE_CLUSTER_IP} diff --git a/addons/kotsadm/1.25.2/tmpl-secret-session.yaml b/addons/kotsadm/1.25.2/tmpl-secret-session.yaml new file mode 100644 index 0000000000..41ffb28c46 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-secret-session.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kotsadm-session + labels: + kots.io/kotsadm: 'true' + kots.io/backup: velero +stringData: + key: ${JWT_SECRET} diff --git a/addons/kotsadm/1.25.2/tmpl-start-kotsadm-web.sh b/addons/kotsadm/1.25.2/tmpl-start-kotsadm-web.sh new file mode 100644 index 0000000000..44b05a8249 --- /dev/null +++ b/addons/kotsadm/1.25.2/tmpl-start-kotsadm-web.sh @@ -0,0 +1,5 @@ +#!/bin/bash +sed 's/localhost:8800/###_HOSTNAME_###/g' /web/dist/index.html > /tmp/index_html_edit && cat /tmp/index_html_edit > /web/dist/index.html && rm /tmp/index_html_edit +sed 's/http:/https:/g' /web/dist/index.html > /tmp/index_html_edit && cat /tmp/index_html_edit > /web/dist/index.html && rm /tmp/index_html_edit + +/kotsadm api \ No newline at end of file diff --git a/addons/kotsadm/alpha/Manifest b/addons/kotsadm/alpha/Manifest index 8f89cd5c84..bb51cd1ec5 100644 --- a/addons/kotsadm/alpha/Manifest +++ b/addons/kotsadm/alpha/Manifest @@ -5,4 +5,4 @@ image kurl-proxy docker.io/kotsadm/kurl-proxy:alpha image postgres postgres:10.7 image dex quay.io/dexidp/dex:v2.26.0 -asset kots.tar.gz https://github.com/replicatedhq/kots/releases/download/v1.25.1/kots_linux_amd64.tar.gz +asset kots.tar.gz https://github.com/replicatedhq/kots/releases/download/v1.25.2/kots_linux_amd64.tar.gz diff --git a/addons/kotsadm/alpha/install.sh b/addons/kotsadm/alpha/install.sh index e0120dafb5..443b231c00 100644 --- a/addons/kotsadm/alpha/install.sh +++ b/addons/kotsadm/alpha/install.sh @@ -319,7 +319,7 @@ function kotsadm_cli() { fi if [ ! -f "$src/assets/kots.tar.gz" ] && [ "$AIRGAP" != "1" ]; then mkdir -p "$src/assets" - curl -L "https://github.com/replicatedhq/kots/releases/download/v1.25.1/kots_linux_amd64.tar.gz" > "$src/assets/kots.tar.gz" + curl -L "https://github.com/replicatedhq/kots/releases/download/v1.25.2/kots_linux_amd64.tar.gz" > "$src/assets/kots.tar.gz" fi pushd "$src/assets" diff --git a/addons/nodeless/README.md b/addons/nodeless/README.md index 712367d92c..3db88649aa 100644 --- a/addons/nodeless/README.md +++ b/addons/nodeless/README.md @@ -17,9 +17,9 @@ Enable the aws, nodeless and calico plugins, and disable prometheus, weave, rook +#CONTOUR_VERSION=1.0.1 REGISTRY_VERSION=2.7.1 -PROMETHEUS_VERSION=0.33.0 - -KOTSADM_VERSION=1.25.1 + -KOTSADM_VERSION=1.25.2 +#PROMETHEUS_VERSION=0.33.0 - +#KOTSADM_VERSION=1.25.1 + +#KOTSADM_VERSION=1.25.2 KOTSADM_APPLICATION_SLUG=sentry-enterprise +AWS_VERSION=0.0.1 +NODELESS_VERSION=0.0.1 diff --git a/testgrid/tgrun/pkg/instances/k8s1164.go b/testgrid/tgrun/pkg/instances/k8s1164.go index 680aef1760..25a485e3e9 100644 --- a/testgrid/tgrun/pkg/instances/k8s1164.go +++ b/testgrid/tgrun/pkg/instances/k8s1164.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s1164_docker19034.go b/testgrid/tgrun/pkg/instances/k8s1164_docker19034.go index ba0c719ee6..1e4b1d5d72 100644 --- a/testgrid/tgrun/pkg/instances/k8s1164_docker19034.go +++ b/testgrid/tgrun/pkg/instances/k8s1164_docker19034.go @@ -35,7 +35,7 @@ func init() { Version: "1.5.1", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, UnsupportedOSIDs: []string{ diff --git a/testgrid/tgrun/pkg/instances/k8s117.go b/testgrid/tgrun/pkg/instances/k8s117.go index 19e9c3da97..92094bd236 100644 --- a/testgrid/tgrun/pkg/instances/k8s117.go +++ b/testgrid/tgrun/pkg/instances/k8s117.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s117_containerd137.go b/testgrid/tgrun/pkg/instances/k8s117_containerd137.go index f8edcd567d..7deb93155f 100644 --- a/testgrid/tgrun/pkg/instances/k8s117_containerd137.go +++ b/testgrid/tgrun/pkg/instances/k8s117_containerd137.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s117_openebs_minio.go b/testgrid/tgrun/pkg/instances/k8s117_openebs_minio.go index f548ac16bb..f2f5c14b90 100644 --- a/testgrid/tgrun/pkg/instances/k8s117_openebs_minio.go +++ b/testgrid/tgrun/pkg/instances/k8s117_openebs_minio.go @@ -31,7 +31,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, OpenEBS: &kurlv1beta1.OpenEBS{ Version: "1.12.0", diff --git a/testgrid/tgrun/pkg/instances/k8s118.go b/testgrid/tgrun/pkg/instances/k8s118.go index 0e3755f997..087d62c7c6 100644 --- a/testgrid/tgrun/pkg/instances/k8s118.go +++ b/testgrid/tgrun/pkg/instances/k8s118.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s1184.go b/testgrid/tgrun/pkg/instances/k8s1184.go index 6d90a33caa..49f5424df8 100644 --- a/testgrid/tgrun/pkg/instances/k8s1184.go +++ b/testgrid/tgrun/pkg/instances/k8s1184.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s1184_containerd137.go b/testgrid/tgrun/pkg/instances/k8s1184_containerd137.go index 5bc86e12a5..05c6535e26 100644 --- a/testgrid/tgrun/pkg/instances/k8s1184_containerd137.go +++ b/testgrid/tgrun/pkg/instances/k8s1184_containerd137.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s118_containerd137.go b/testgrid/tgrun/pkg/instances/k8s118_containerd137.go index c7be4a2da2..0a4315876e 100644 --- a/testgrid/tgrun/pkg/instances/k8s118_containerd137.go +++ b/testgrid/tgrun/pkg/instances/k8s118_containerd137.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s119.go b/testgrid/tgrun/pkg/instances/k8s119.go index ac50a6640a..61d0c26439 100644 --- a/testgrid/tgrun/pkg/instances/k8s119.go +++ b/testgrid/tgrun/pkg/instances/k8s119.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s119_containerd137.go b/testgrid/tgrun/pkg/instances/k8s119_containerd137.go index cf3a3cd705..5e586d0d56 100644 --- a/testgrid/tgrun/pkg/instances/k8s119_containerd137.go +++ b/testgrid/tgrun/pkg/instances/k8s119_containerd137.go @@ -37,7 +37,7 @@ func init() { Version: "1.2.0", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/testgrid/tgrun/pkg/instances/k8s119_nameserver_collectd_rook_block.go b/testgrid/tgrun/pkg/instances/k8s119_nameserver_collectd_rook_block.go index 6c860ef789..fbca9ceb69 100644 --- a/testgrid/tgrun/pkg/instances/k8s119_nameserver_collectd_rook_block.go +++ b/testgrid/tgrun/pkg/instances/k8s119_nameserver_collectd_rook_block.go @@ -32,7 +32,7 @@ func init() { Version: "2.7.1", }, Kotsadm: &kurlv1beta1.Kotsadm{ - Version: "1.25.1", + Version: "1.25.2", }, }, }, diff --git a/web/src/installers/index.ts b/web/src/installers/index.ts index 176313d20f..8a3d005f57 100644 --- a/web/src/installers/index.ts +++ b/web/src/installers/index.ts @@ -587,6 +587,7 @@ export class Installer { "1.7.4", ], kotsadm: [ + "1.25.2", "1.25.1", "1.25.0", "1.24.2",