diff --git a/stable/kommander-karma/Chart.yaml b/stable/kommander-karma/Chart.yaml index 0c2822fd0..76cdf504e 100644 --- a/stable/kommander-karma/Chart.yaml +++ b/stable/kommander-karma/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0" description: Kommander Karma name: kommander-karma home: https://github.com/mesosphere/charts -version: 0.3.4 +version: 0.3.5 maintainers: - name: branden - name: gracedo diff --git a/stable/kommander-karma/templates/ingress-roles.yaml b/stable/kommander-karma/templates/ingress-roles.yaml new file mode 100644 index 000000000..27ca56009 --- /dev/null +++ b/stable/kommander-karma/templates/ingress-roles.yaml @@ -0,0 +1,52 @@ +{{- if .Values.portalRBAC.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-karma-admin + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.karma.ingress.path | trimSuffix "/"}} + - {{ .Values.karma.ingress.path | trimSuffix "/" }}/* + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-karma-view + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.karma.ingress.path | trimSuffix "/"}} + - {{ .Values.karma.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-karma-edit + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.karma.ingress.path | trimSuffix "/"}} + - {{ .Values.karma.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head + - post + - put + - patch +{{- end}} diff --git a/stable/kommander-karma/values.yaml b/stable/kommander-karma/values.yaml index 1863d908b..61a5a9185 100644 --- a/stable/kommander-karma/values.yaml +++ b/stable/kommander-karma/values.yaml @@ -80,3 +80,6 @@ karma: certSecretNames: - kommander-karma-client-tls + +portalRBAC: + enabled: true diff --git a/stable/kommander-thanos/Chart.yaml b/stable/kommander-thanos/Chart.yaml index 26bef0059..37927e71d 100644 --- a/stable/kommander-thanos/Chart.yaml +++ b/stable/kommander-thanos/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0" description: Kommander Thanos name: kommander-thanos home: https://github.com/mesosphere/charts -version: 0.1.9 +version: 0.1.10 maintainers: - name: branden - name: gracedo diff --git a/stable/kommander-thanos/templates/ingress-roles.yaml b/stable/kommander-thanos/templates/ingress-roles.yaml new file mode 100644 index 000000000..50a5b177e --- /dev/null +++ b/stable/kommander-thanos/templates/ingress-roles.yaml @@ -0,0 +1,52 @@ +{{- if .Values.portalRBAC.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-admin + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/"}} + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/" }}/* + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-view + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/"}} + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-edit + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/"}} + - {{ .Values.thanos.query.http.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head + - post + - put + - patch +{{- end}} diff --git a/stable/kommander-thanos/values.yaml b/stable/kommander-thanos/values.yaml index 35addbecb..322313364 100644 --- a/stable/kommander-thanos/values.yaml +++ b/stable/kommander-thanos/values.yaml @@ -62,3 +62,5 @@ thanos: hosts: - "" tls: [] +portalRBAC: + enabled: true diff --git a/stable/kommander/Chart.yaml b/stable/kommander/Chart.yaml index febd44d99..91210abe9 100644 --- a/stable/kommander/Chart.yaml +++ b/stable/kommander/Chart.yaml @@ -7,4 +7,4 @@ maintainers: - name: alejandroEsc - name: jimmidyson name: kommander -version: 0.4.19 +version: 0.4.20 diff --git a/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.8.tgz b/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.8.tgz deleted file mode 100644 index 71ff03500..000000000 Binary files a/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.8.tgz and /dev/null differ diff --git a/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.9.tgz b/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.9.tgz new file mode 100644 index 000000000..910a48d06 Binary files /dev/null and b/stable/kommander/charts/kommander-cluster-lifecycle-v0.4.9.tgz differ diff --git a/stable/kommander/charts/kommander-ui-2.35.0.tgz b/stable/kommander/charts/kommander-ui-2.35.0.tgz deleted file mode 100644 index 3738d3f04..000000000 Binary files a/stable/kommander/charts/kommander-ui-2.35.0.tgz and /dev/null differ diff --git a/stable/kommander/charts/kommander-ui-2.39.1.tgz b/stable/kommander/charts/kommander-ui-2.39.1.tgz new file mode 100644 index 000000000..beb2d8582 Binary files /dev/null and b/stable/kommander/charts/kommander-ui-2.39.1.tgz differ diff --git a/stable/kommander/requirements.lock b/stable/kommander/requirements.lock index 0a91b38a8..02ef4c7d7 100644 --- a/stable/kommander/requirements.lock +++ b/stable/kommander/requirements.lock @@ -4,10 +4,10 @@ dependencies: version: 0.1.6 - name: kommander-cluster-lifecycle repository: https://mesosphere.github.io/kommander-cluster-lifecycle/charts - version: 0.4.8 + version: 0.4.9 - name: kommander-ui repository: https://mesosphere.github.io/kommander/charts - version: 2.35.0 + version: 2.39.1 - name: kommander-thanos repository: https://mesosphere.github.io/charts/stable version: 0.1.9 @@ -17,5 +17,5 @@ dependencies: - name: grafana repository: https://kubernetes-charts.storage.googleapis.com version: 4.5.1 -digest: sha256:a350b5fcb772b74b35ecd65800358b42e594b4e6e9b6832c5425087b019d2421 -generated: "2020-02-26T09:45:48.444208+01:00" +digest: sha256:e529bd18478b3a7e61ca804c671640fdccd7c7ff395c38a552bc3765a3d6a69f +generated: "2020-02-27T09:44:58.128823+01:00" diff --git a/stable/kommander/requirements.yaml b/stable/kommander/requirements.yaml index 8c8dd5f9d..cadcf6d20 100644 --- a/stable/kommander/requirements.yaml +++ b/stable/kommander/requirements.yaml @@ -4,11 +4,11 @@ dependencies: repository: "https://mesosphere.github.io/charts/staging" condition: kubeaddons-catalog.enabled - name: kommander-cluster-lifecycle - version: "0.4.8" + version: "0.4.9" repository: "https://mesosphere.github.io/kommander-cluster-lifecycle/charts" condition: kommander-cluster-lifecycle.enabled, global.kommander-cluster-lifecycle.enabled - name: kommander-ui - version: "2.35.0" + version: "2.39.1" repository: "https://mesosphere.github.io/kommander/charts" condition: kommander-ui.enabled - name: kommander-thanos diff --git a/stable/kommander/templates/grafana/ingress-roles.yaml b/stable/kommander/templates/grafana/ingress-roles.yaml new file mode 100644 index 000000000..6068a3617 --- /dev/null +++ b/stable/kommander/templates/grafana/ingress-roles.yaml @@ -0,0 +1,52 @@ +{{- if .Values.portalRBAC.grafana.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-admin + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.grafana.ingress.path | trimSuffix "/"}} + - {{ .Values.grafana.ingress.path | trimSuffix "/" }}/* + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-view + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.grafana.ingress.path | trimSuffix "/"}} + - {{ .Values.grafana.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-monitoring-thanos-edit + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - nonResourceURLs: + - {{ .Values.grafana.ingress.path | trimSuffix "/"}} + - {{ .Values.grafana.ingress.path | trimSuffix "/" }}/* + verbs: + - get + - head + - post + - put + - patch +{{- end}} diff --git a/stable/kommander/templates/kommander-ui/ingress-roles.yaml b/stable/kommander/templates/kommander-ui/ingress-roles.yaml new file mode 100644 index 000000000..61c062928 --- /dev/null +++ b/stable/kommander/templates/kommander-ui/ingress-roles.yaml @@ -0,0 +1,52 @@ +{{- if .Values.portalRBAC.kommanderUserInterface.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-admin + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- nonResourceURLs: + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }} + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }}/* + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-view + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- nonResourceURLs: + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }} + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }}/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: opsportal-kommander-edit + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: +- nonResourceURLs: + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }} + - {{ index .Values "kommander-ui" "ingress" "path" | trimSuffix "/" }}/* + verbs: + - get + - head + - post + - put + - patch +{{- end}} diff --git a/stable/kommander/values.yaml b/stable/kommander/values.yaml index ca7850642..c5a397da7 100644 --- a/stable/kommander/values.yaml +++ b/stable/kommander/values.yaml @@ -142,7 +142,28 @@ grafana: extraInitContainers: - name: grafana-plugins-install image: mesosphere/grafana-plugins:v0.0.1 - command: ["/bin/sh", "-c", "cp -a /var/lib/grafana/plugins/. /var/lib/grafana/shared-plugins/"] + command: + [ + "/bin/sh", + "-c", + "cp -a /var/lib/grafana/plugins/. /var/lib/grafana/shared-plugins/", + ] volumeMounts: - - name: plugins - mountPath: /var/lib/grafana/shared-plugins/ + - name: plugins + mountPath: /var/lib/grafana/shared-plugins/ + +kommander-ui: + ingress: + traefikFrontendRuleType: PathPrefixStrip + extraAnnotations: + traefik.ingress.kubernetes.io/priority: "2" + traefik.ingress.kubernetes.io/auth-type: forward + traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ + traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User + path: /ops/portal/kommander/ui + +portalRBAC: + grafana: + enabled: true + kommanderUserInterface: + enabled: true diff --git a/stable/opsportal/Chart.yaml b/stable/opsportal/Chart.yaml index e71f24a3c..f811a37e5 100644 --- a/stable/opsportal/Chart.yaml +++ b/stable/opsportal/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.0.0 home: https://github.com/mesosphere/charts description: OpsPortal Chart name: opsportal -version: 0.2.9 +version: 0.2.10 maintainers: - name: hectorj2f - name: alejandroEsc diff --git a/stable/opsportal/charts/kommander-ui-2.35.0.tgz b/stable/opsportal/charts/kommander-ui-2.35.0.tgz deleted file mode 100644 index 3738d3f04..000000000 Binary files a/stable/opsportal/charts/kommander-ui-2.35.0.tgz and /dev/null differ diff --git a/stable/opsportal/charts/kommander-ui-2.39.1.tgz b/stable/opsportal/charts/kommander-ui-2.39.1.tgz new file mode 100644 index 000000000..beb2d8582 Binary files /dev/null and b/stable/opsportal/charts/kommander-ui-2.39.1.tgz differ diff --git a/stable/opsportal/requirements.lock b/stable/opsportal/requirements.lock index efb05b21f..96aaf00f3 100644 --- a/stable/opsportal/requirements.lock +++ b/stable/opsportal/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: kommander-ui repository: https://mesosphere.github.io/kommander/charts - version: 2.35.0 -digest: sha256:9d3daaf2fab52e7b8e4cc158a08469e706e72885858c1dcf6f9dac249f881324 -generated: "2020-02-26T09:37:16.003481+01:00" + version: 2.39.1 +digest: sha256:90c904e6628abddc6daaf608b7bc420485ccbcf4fbea064e1948c4a1914e5ddc +generated: "2020-02-27T09:44:46.31886+01:00" diff --git a/stable/opsportal/requirements.yaml b/stable/opsportal/requirements.yaml index f3c399089..871dcf44c 100644 --- a/stable/opsportal/requirements.yaml +++ b/stable/opsportal/requirements.yaml @@ -1,5 +1,5 @@ dependencies: - name: kommander-ui - version: "2.35.0" + version: "2.39.1" repository: "https://mesosphere.github.io/kommander/charts" condition: kommander-ui.enabled diff --git a/staging/kubeaddons-catalog/Chart.yaml b/staging/kubeaddons-catalog/Chart.yaml index 029806ac6..460fd88cc 100644 --- a/staging/kubeaddons-catalog/Chart.yaml +++ b/staging/kubeaddons-catalog/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "v0.8.2" +appVersion: "v0.8.3" description: "A Catalog service for Kubeaddons" name: kubeaddons-catalog -version: 0.1.6 +version: 0.1.7 home: https://github.com/mesosphere/kommander-catalog-api sources: - https://github.com/mesosphere/kommander-catalog-api @@ -10,3 +10,4 @@ maintainers: - name: shaneutt email: shaneutt@linux.com - name: alejandroEsc + email: aescobar@d2iq.com diff --git a/staging/kubeaddons-catalog/values.yaml b/staging/kubeaddons-catalog/values.yaml index b9a50f1bb..a570a157e 100644 --- a/staging/kubeaddons-catalog/values.yaml +++ b/staging/kubeaddons-catalog/values.yaml @@ -2,7 +2,7 @@ replicaCount: 1 image: repository: mesosphere/kubeaddons-catalog - tag: v0.8.2 + tag: v0.8.3 pullPolicy: IfNotPresent imagePullSecrets: []