diff --git a/charts/rancher/Chart.yaml b/charts/rancher/Chart.yaml index fbfcaf1..c043519 100644 --- a/charts/rancher/Chart.yaml +++ b/charts/rancher/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 name: rancher description: Install Rancher Server to manage Kubernetes clusters across providers -version: 2.8.1 -appVersion: v2.8.1 -kubeVersion: < 1.28.0-0 +version: 2.6.14 +appVersion: v2.6.14 +kubeVersion: < 1.25.0-0 home: https://rancher.com icon: https://github.com/rancher/ui/blob/master/public/assets/images/logos/welcome-cow.svg keywords: diff --git a/charts/rancher/templates/_helpers.tpl b/charts/rancher/templates/_helpers.tpl index 00ab80b..969e08c 100644 --- a/charts/rancher/templates/_helpers.tpl +++ b/charts/rancher/templates/_helpers.tpl @@ -73,29 +73,4 @@ add below linux tolerations to workloads could be scheduled to those linux nodes {{- printf "%s/" .Values.systemDefaultRegistry -}} {{- end -}} {{- end -}} -{{- end -}} - -{{/* -Define the chosen value for PSPs. If this value is "", then the user did not set the value. This will -result in psps on <=1.24 and no psps on >=1.25. If the value is true/false, then the user specifically -chose an option, and that option will be used. If it is set otherwise, then we fail so the user can correct -the invalid value. -*/}} - -{{- define "rancher.chart_psp_enabled" -}} -{{- if kindIs "bool" .Values.global.cattle.psp.enabled -}} -{{ .Values.global.cattle.psp.enabled }} -{{- else if empty .Values.global.cattle.psp.enabled -}} - {{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} - {{- if (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") -}} -true - {{- else -}} -false - {{- end -}} - {{- else -}} -true - {{- end -}} -{{- else -}} -{{- fail "Invalid value for .Values.global.cattle.psp.enabled - must be a bool of true, false, or \"\"" -}} -{{- end -}} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher/templates/configMap.yaml b/charts/rancher/templates/configMap.yaml deleted file mode 100644 index 25bae9c..0000000 --- a/charts/rancher/templates/configMap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: rancher-config - labels: {{ include "rancher.labels" . | nindent 4 }} - app.kubernetes.io/part-of: "rancher" -data: - priorityClassName: {{ .Values.priorityClassName }} - {{- if and .Values.webhook (kindIs "string" .Values.webhook) }} - rancher-webhook: {{ .Values.webhook | quote }} - {{- else if .Values.webhook }} - rancher-webhook: {{ toYaml .Values.webhook | quote }} - {{- end }} \ No newline at end of file diff --git a/charts/rancher/templates/deployment.yaml b/charts/rancher/templates/deployment.yaml index 0518c16..ade3859 100644 --- a/charts/rancher/templates/deployment.yaml +++ b/charts/rancher/templates/deployment.yaml @@ -194,7 +194,7 @@ spec: readOnly: true {{- end }} {{- if .Values.carbide.whitelabel.enabled }} - - mountPath: /usr/share/rancher/ui-dashboard/dashboard/img + - mountPath: /usr/share/rancher/ui-dashboard/dashboard/_nuxt/shell/assets/images/pl name: work-dir {{- else if and .Values.customLogos.enabled (or (eq .Values.customLogos.volumeKind "persistentVolumeClaim") (and (eq .Values.customLogos.volumeKind "configMap") (.Values.customLogos.volumeName))) }} # Mount rancher custom-logos volume @@ -212,16 +212,8 @@ spec: {{- if eq .Values.auditLog.destination "sidecar" }} {{- if gt (int .Values.auditLog.level) 0 }} # Make audit logs available for Rancher log collector tools. - {{- if .Values.busyboxImage }} - - image: {{ .Values.busyboxImage}} - {{- else }} - - image: {{ .Values.auditLog.image.repository }}:{{.Values.auditLog.image.tag}} - {{- end }} - {{- if .Values.busyboxImagePullPolicy }} - imagePullPolicy: {{ .Values.busyboxImagePullPolicy }} - {{- else }} - imagePullPolicy: {{ .Values.auditLog.image.pullPolicy }} - {{- end }} + - image: {{ .Values.busyboxImage }}:{{.Values.busyboxImageTag}} + imagePullPolicy: {{ default "IfNotPresent" .Values.busyboxImagePullPolicy }} name: {{ template "rancher.name" . }}-audit-log command: ["tail"] args: ["-F", "/var/log/auditlog/rancher-api-audit.log"] diff --git a/charts/rancher/templates/ingress.yaml b/charts/rancher/templates/ingress.yaml index d772f96..08cdea1 100644 --- a/charts/rancher/templates/ingress.yaml +++ b/charts/rancher/templates/ingress.yaml @@ -48,14 +48,13 @@ spec: service: name: {{ template "rancher.fullname" . }} port: - number: {{ .Values.ingress.servicePort }} + number: 80 {{- else }} serviceName: {{ template "rancher.fullname" . }} - servicePort: {{ .Values.ingress.servicePort }} + servicePort: 80 {{- end }} {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} pathType: ImplementationSpecific - path: "/" {{- end }} {{- if eq .Values.tls "ingress" }} tls: diff --git a/charts/rancher/templates/post-delete-hook-cluster-role.yaml b/charts/rancher/templates/post-delete-hook-cluster-role.yaml index 45babfc..589a4ff 100644 --- a/charts/rancher/templates/post-delete-hook-cluster-role.yaml +++ b/charts/rancher/templates/post-delete-hook-cluster-role.yaml @@ -32,12 +32,7 @@ rules: verbs: [ "get", "list", "delete" ] - apiGroups: [ "policy" ] resources: [ "podsecuritypolicies" ] - verbs: ["delete", "create" ] -{{- if eq (include "rancher.chart_psp_enabled" . ) "true" }} - - apiGroups: [ "policy" ] - resources: [ "podsecuritypolicies" ] - verbs: [ "use"] -{{- end }} + verbs: [ "use", "delete", "create" ] - apiGroups: [ "networking.k8s.io" ] resources: [ "ingresses" ] verbs: [ "delete" ] diff --git a/charts/rancher/templates/post-delete-hook-psp.yaml b/charts/rancher/templates/post-delete-hook-psp.yaml index 8332087..f2be56b 100644 --- a/charts/rancher/templates/post-delete-hook-psp.yaml +++ b/charts/rancher/templates/post-delete-hook-psp.yaml @@ -1,4 +1,3 @@ -{{- if eq (include "rancher.chart_psp_enabled" . ) "true" -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -31,4 +30,3 @@ spec: volumes: - 'secret' - 'configMap' -{{- end }} diff --git a/charts/rancher/templates/priorityClass.yaml b/charts/rancher/templates/priorityClass.yaml deleted file mode 100644 index 5ef748a..0000000 --- a/charts/rancher/templates/priorityClass.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: rancher-critical - labels: {{ include "rancher.labels" . | nindent 4 }} -value: 1000000000 -globalDefault: false -description: "Priority class used by pods critical to rancher's functionality." diff --git a/charts/rancher/templates/service.yaml b/charts/rancher/templates/service.yaml index 2b2967b..4a00fec 100644 --- a/charts/rancher/templates/service.yaml +++ b/charts/rancher/templates/service.yaml @@ -1,20 +1,10 @@ apiVersion: v1 kind: Service metadata: -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} name: {{ template "rancher.fullname" . }} labels: {{ include "rancher.labels" . | indent 4 }} spec: - {{- /* - If service.type is not provided this attribute is ommitted and k8s default of ClusterIP is used. - */}} - {{- if .Values.service.type }} - type: {{ .Values.service.type }} - {{- end }} ports: - port: 80 targetPort: 80 diff --git a/charts/rancher/values.yaml b/charts/rancher/values.yaml index f362fb9..d2db9d7 100644 --- a/charts/rancher/values.yaml +++ b/charts/rancher/values.yaml @@ -19,18 +19,19 @@ auditLog: maxBackup: 1 maxSize: 100 - # Image for collecting rancher audit logs. - # Important: update pkg/image/export/resolve.go when this default image is changed, so that it's reflected accordingly in rancher-images.txt generated for air-gapped setups. - image: - repository: "rancher/mirrored-bci-micro" - tag: 15.4.14.3 - # Override imagePullPolicy image - # options: Always, Never, IfNotPresent - pullPolicy: "IfNotPresent" - # As of Rancher v2.5.0 this flag is deprecated and must be set to 'true' in order for Rancher to start addLocal: "true" +# Image for collecting rancher audit logs. +# Important: update pkg/image/export/main.go when this default image is changed, so that it's reflected accordingly in rancher-images.txt generated for air-gapped setups. +busyboxImage: rancher/mirrored-library-busybox +busyboxImageTag: 1.34.1 + +# Override imagePullPolicy for busybox images +# options: Always, Never, IfNotPresent +# Defaults to IfNotPresent +# busyboxImagePullPolicy: + # Add debug flag to Rancher server debug: false @@ -60,8 +61,6 @@ ingress: includeDefaultExtraAnnotations: true extraAnnotations: {} ingressClassName: "" - # backend port number - servicePort: 80 # configurationSnippet - Add additional Nginx configuration. This example statically sets a header on the ingress. # configurationSnippet: | @@ -72,12 +71,6 @@ ingress: source: rancher secretName: tls-rancher-ingress -### service ### -# Override to use NodePort or LoadBalancer service type - default is ClusterIP -service: - type: "" - annotations: {} - ### LetsEncrypt config ### # ProTip: The production environment only allows you to register a name 5 times a week. # Use staging until you have your config right. @@ -112,9 +105,6 @@ rancherImage: rancher/rancher # of available nodes in the cluster replicas: 3 -# Set priorityClassName to avoid eviction -priorityClassName: rancher-critical - # Set pod resource requests/limits for Rancher. resources: {} @@ -155,7 +145,7 @@ postDelete: enabled: true image: repository: rancher/shell - tag: v0.1.22 + tag: v0.1.19 namespaceList: - cattle-fleet-system - cattle-system @@ -174,20 +164,9 @@ livenessProbe: readinessProbe: initialDelaySeconds: 5 periodSeconds: 30 - -global: - cattle: - psp: - # will default to true on 1.24 and below, and false for 1.25 and above - # can be changed manually to true or false to bypass version checks and force that option - enabled: "" - -# helm values to use when installing the rancher-webhook chart. -# helm values set here will override all other global values used when installing the webhook such as priorityClassName and systemRegistry settings. -webhook: "" carbide: whitelabel: enabled: true image: carbide/carbide-whitelabel - tag: "0.1.2" \ No newline at end of file + tag: "0.1.0" \ No newline at end of file