Merge pull request #161 from rancherfederal/main

updates for v2.6.14

charts/rancher/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
 name: rancher
 description: Install Rancher Server to manage Kubernetes clusters across providers
-version: 2.8.1
-appVersion: v2.8.1
-kubeVersion: < 1.28.0-0
+version: 2.6.14
+appVersion: v2.6.14
+kubeVersion: < 1.25.0-0
 home: https://rancher.com
 icon: https://github.com/rancher/ui/blob/master/public/assets/images/logos/welcome-cow.svg
 keywords:

charts/rancher/templates/_helpers.tpl

@@ -73,29 +73,4 @@ add below linux tolerations to workloads could be scheduled to those linux nodes
     {{- printf "%s/" .Values.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
-{{- end -}}
-
-{{/*
-Define the chosen value for PSPs. If this value is "", then the user did not set the value. This will
-result in psps on <=1.24 and no psps on >=1.25. If the value is true/false, then the user specifically
-chose an option, and that option will be used. If it is set otherwise, then we fail so the user can correct
-the invalid value.
-*/}}
-
-{{- define "rancher.chart_psp_enabled" -}}
-{{- if kindIs "bool" .Values.global.cattle.psp.enabled -}}
-{{ .Values.global.cattle.psp.enabled }}
-{{- else if empty .Values.global.cattle.psp.enabled -}}
-  {{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
-    {{- if (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") -}}
-true
-    {{- else -}}
-false
-    {{- end -}}
-  {{- else -}}
-true
-  {{- end -}}
-{{- else -}}
-{{- fail "Invalid value for .Values.global.cattle.psp.enabled - must be a bool of true, false, or \"\"" -}}
-{{- end -}}
-{{- end -}}
+{{- end -}}

charts/rancher/templates/deployment.yaml

@@ -194,7 +194,7 @@ spec:
           readOnly: true
 {{- end }}
 {{- if .Values.carbide.whitelabel.enabled }}
-        - mountPath: /usr/share/rancher/ui-dashboard/dashboard/img
+        - mountPath: /usr/share/rancher/ui-dashboard/dashboard/_nuxt/shell/assets/images/pl
           name: work-dir
 {{- else if and .Values.customLogos.enabled (or (eq .Values.customLogos.volumeKind "persistentVolumeClaim") (and (eq .Values.customLogos.volumeKind "configMap") (.Values.customLogos.volumeName))) }}
         # Mount rancher custom-logos volume
@@ -212,16 +212,8 @@ spec:
 {{- if eq .Values.auditLog.destination "sidecar" }}
   {{- if gt (int .Values.auditLog.level) 0 }}
       # Make audit logs available for Rancher log collector tools.
-      {{- if .Values.busyboxImage }}
-      - image: {{ .Values.busyboxImage}}
-      {{- else }}
-      - image: {{ .Values.auditLog.image.repository }}:{{.Values.auditLog.image.tag}}
-      {{- end }}
-      {{- if .Values.busyboxImagePullPolicy }}
-        imagePullPolicy: {{ .Values.busyboxImagePullPolicy }}
-      {{- else }}
-        imagePullPolicy: {{ .Values.auditLog.image.pullPolicy }}
-      {{- end }}
+      - image: {{ .Values.busyboxImage }}:{{.Values.busyboxImageTag}}
+        imagePullPolicy: {{ default "IfNotPresent" .Values.busyboxImagePullPolicy }}
         name: {{ template "rancher.name" . }}-audit-log
         command: ["tail"]
         args: ["-F", "/var/log/auditlog/rancher-api-audit.log"]

charts/rancher/templates/ingress.yaml

@@ -48,14 +48,13 @@ spec:
           service:
             name: {{ template "rancher.fullname" . }}
             port:
-              number: {{ .Values.ingress.servicePort }}
+              number: 80
           {{- else }}
           serviceName: {{ template "rancher.fullname" . }}
-          servicePort: {{ .Values.ingress.servicePort }}
+          servicePort: 80
           {{- end }}
         {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
         pathType: ImplementationSpecific
-        path: "/"
         {{- end }}
 {{- if eq .Values.tls "ingress" }}
   tls:

charts/rancher/templates/post-delete-hook-cluster-role.yaml

@@ -32,12 +32,7 @@ rules:
     verbs: [ "get", "list", "delete" ]
   - apiGroups: [ "policy" ]
     resources: [ "podsecuritypolicies" ]
-    verbs: ["delete", "create" ]
-{{- if eq (include "rancher.chart_psp_enabled" . ) "true" }}
-  - apiGroups: [ "policy" ]
-    resources: [ "podsecuritypolicies" ]
-    verbs: [ "use"]
-{{- end }}
+    verbs: [ "use", "delete", "create" ]
   - apiGroups: [ "networking.k8s.io" ]
     resources: [ "ingresses" ]
     verbs: [ "delete" ]

charts/rancher/templates/post-delete-hook-psp.yaml

@@ -1,4 +1,3 @@
-{{- if eq (include "rancher.chart_psp_enabled" . ) "true" -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -31,4 +30,3 @@ spec:
   volumes:
     - 'secret'
     - 'configMap'
-{{- end }}

charts/rancher/templates/service.yaml

@@ -1,20 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-{{- if .Values.service.annotations }}
-  annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
   name: {{ template "rancher.fullname" . }}
   labels:
 {{ include "rancher.labels" . | indent 4 }}
 spec:
-  {{- /*
-  If service.type is not provided this attribute is ommitted and k8s default of ClusterIP is used.
-  */}} 
-  {{- if .Values.service.type }}
-  type: {{ .Values.service.type }}
-  {{- end }}
   ports:
   - port: 80
     targetPort: 80

charts/rancher/values.yaml

@@ -19,18 +19,19 @@ auditLog:
   maxBackup: 1
   maxSize: 100
 
-  # Image for collecting rancher audit logs.
-  # Important: update pkg/image/export/resolve.go when this default image is changed, so that it's reflected accordingly in rancher-images.txt generated for air-gapped setups.
-  image:
-    repository: "rancher/mirrored-bci-micro"
-    tag: 15.4.14.3
-    # Override imagePullPolicy image
-    # options: Always, Never, IfNotPresent
-    pullPolicy: "IfNotPresent"
-
 # As of Rancher v2.5.0 this flag is deprecated and must be set to 'true' in order for Rancher to start
 addLocal: "true"
 
+# Image for collecting rancher audit logs.
+# Important: update pkg/image/export/main.go when this default image is changed, so that it's reflected accordingly in rancher-images.txt generated for air-gapped setups.
+busyboxImage: rancher/mirrored-library-busybox
+busyboxImageTag: 1.34.1
+
+# Override imagePullPolicy for busybox images
+# options: Always, Never, IfNotPresent
+# Defaults to IfNotPresent
+# busyboxImagePullPolicy: <pullPolicy>
+
 # Add debug flag to Rancher server
 debug: false
 
@@ -60,8 +61,6 @@ ingress:
   includeDefaultExtraAnnotations: true
   extraAnnotations: {}
   ingressClassName: ""
-  # backend port number
-  servicePort: 80
 
   # configurationSnippet - Add additional Nginx configuration. This example statically sets a header on the ingress.
   # configurationSnippet: |
@@ -72,12 +71,6 @@ ingress:
     source: rancher
     secretName: tls-rancher-ingress
 
-### service ###
-# Override to use NodePort or LoadBalancer service type - default is ClusterIP
-service:
-  type: ""
-  annotations: {}
-
 ### LetsEncrypt config ###
 # ProTip: The production environment only allows you to register a name 5 times a week.
 #         Use staging until you have your config right.
@@ -112,9 +105,6 @@ rancherImage: rancher/rancher
 # of available nodes in the cluster
 replicas: 3
 
-# Set priorityClassName to avoid eviction
-priorityClassName: rancher-critical
-
 # Set pod resource requests/limits for Rancher.
 resources: {}
 
@@ -155,7 +145,7 @@ postDelete:
   enabled: true
   image:
     repository: rancher/shell
-    tag: v0.1.22
+    tag: v0.1.19
   namespaceList:
     - cattle-fleet-system
     - cattle-system
@@ -174,20 +164,9 @@ livenessProbe:
 readinessProbe:
   initialDelaySeconds: 5
   periodSeconds: 30
-
-global:
-  cattle:
-    psp:
-      # will default to true on 1.24 and below, and false for 1.25 and above
-      # can be changed manually to true or false to bypass version checks and force that option
-      enabled: ""
-
-# helm values to use when installing the rancher-webhook chart.
-# helm values set here will override all other global values used when installing the webhook such as priorityClassName and systemRegistry settings.
-webhook: ""
 
 carbide:
   whitelabel:
     enabled: true
     image: carbide/carbide-whitelabel
-    tag: "0.1.2"
+    tag: "0.1.0"