+++ /dev/null
-From 21cd4d9720064f89843551e7da4c1e0528b6cbf5 Mon Sep 17 00:00:00 2001
-From: Kevin Smith <kevin.smith@windriver.com>
-Date: Thu, 10 Oct 2019 15:43:20 -0400
-Subject: [PATCH 1/1] add curator as of 2019-10-10
-
----
- stable/elasticsearch-curator/Chart.yaml | 6 +--
- stable/elasticsearch-curator/OWNERS | 6 +--
- stable/elasticsearch-curator/README.md | 34 ++++++++++---
- .../ci/initcontainer-values.yaml | 9 ++++
- .../elasticsearch-curator/templates/_helpers.tpl | 22 +++++++++
- .../elasticsearch-curator/templates/cronjob.yaml | 10 ++++
- stable/elasticsearch-curator/templates/psp.yml | 35 +++++++++++++
- stable/elasticsearch-curator/templates/role.yaml | 23 +++++++++
- .../templates/rolebinding.yaml | 21 ++++++++
- .../templates/serviceaccount.yaml | 12 +++++
- stable/elasticsearch-curator/values.yaml | 57 ++++++++++++++++++++--
- 11 files changed, 218 insertions(+), 17 deletions(-)
- create mode 100644 stable/elasticsearch-curator/ci/initcontainer-values.yaml
- create mode 100644 stable/elasticsearch-curator/templates/psp.yml
- create mode 100644 stable/elasticsearch-curator/templates/role.yaml
- create mode 100644 stable/elasticsearch-curator/templates/rolebinding.yaml
- create mode 100644 stable/elasticsearch-curator/templates/serviceaccount.yaml
-
-diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml
-index 24a37ce..7a8e0a7 100644
---- a/stable/elasticsearch-curator/Chart.yaml
-+++ b/stable/elasticsearch-curator/Chart.yaml
-@@ -2,7 +2,7 @@ apiVersion: v1
- appVersion: "5.5.4"
- description: A Helm chart for Elasticsearch Curator
- name: elasticsearch-curator
--version: 1.3.2
-+version: 2.0.2
- home: https://github.com/elastic/curator
- keywords:
- - curator
-@@ -12,7 +12,7 @@ sources:
- - https://github.com/kubernetes/charts/elasticsearch-curator
- - https://github.com/pires/docker-elasticsearch-curator
- maintainers:
-- - name: tmestdagh
-- email: mestdagh.tom@gmail.com
-+ - name: desaintmartin
-+ email: cedric.dsm@gmail.com
- - name: gianrubio
- email: gianrubio@gmail.com
-diff --git a/stable/elasticsearch-curator/OWNERS b/stable/elasticsearch-curator/OWNERS
-index d8c0ba0..89df1c0 100644
---- a/stable/elasticsearch-curator/OWNERS
-+++ b/stable/elasticsearch-curator/OWNERS
-@@ -1,6 +1,6 @@
- approvers:
-- - tmestdagh
-+ - desaintmartin
- - gianrubio
- reviewers:
-- - tmestdagh
-- - gianrubio
-\ No newline at end of file
-+ - desaintmartin
-+ - gianrubio
-diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md
-index 0a9f311..2057b85 100644
---- a/stable/elasticsearch-curator/README.md
-+++ b/stable/elasticsearch-curator/README.md
-@@ -23,6 +23,17 @@ To install the chart, use the following:
- $ helm install stable/elasticsearch-curator
- ```
-
-+## Upgrading an existing Release to a new major version
-+
-+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
-+incompatible breaking change needing manual actions.
-+
-+### To 2.0.0
-+
-+v2.0.0 uses docker image from `elasticsearch-curator` author, which differs in its way to install curator.
-+
-+If you have a hardcoded `command` value, please update it to follow the new `curator` executable path: `/curator/curator` (which is not in PATH).
-+
- ## Configuration
-
- The following table lists the configurable parameters of the docker-registry chart and
-@@ -31,8 +42,8 @@ their default values.
- | Parameter | Description | Default |
- | :----------------------------------- | :---------------------------------------------------------- | :------------------------------------------- |
- | `image.pullPolicy` | Container pull policy | `IfNotPresent` |
--| `image.repository` | Container image to use | `quay.io/pires/docker-elasticsearch-curator` |
--| `image.tag` | Container image tag to deploy | `5.5.4` |
-+| `image.repository` | Container image to use | `untergeek/curator` |
-+| `image.tag` | Container image tag to deploy | `5.7.6` |
- | `hooks` | Whether to run job on selected hooks | `{ "install": false, "upgrade": false }` |
- | `cronjob.schedule` | Schedule for the CronJob | `0 1 * * *` |
- | `cronjob.annotations` | Annotations to add to the cronjob | {} |
-@@ -43,15 +54,22 @@ their default values.
- | `dryrun` | Run Curator in dry-run mode | `false` |
- | `env` | Environment variables to add to the cronjob container | {} |
- | `envFromSecrets` | Environment variables from secrets to the cronjob container | {} |
--| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
--| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
--| `command` | Command to execute | ["curator"] |
--| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
--| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
-+| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
-+| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
-+| `command` | Command to execute | ["/curator/curator"] |
-+| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
-+| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
- | `resources` | Resource requests and limits | {} |
- | `priorityClassName` | priorityClassName | `nil` |
- | `extraVolumeMounts` | Mount extra volume(s), | |
- | `extraVolumes` | Extra volumes | |
--| `securityContext` | Configure PodSecurityContext |
-+| `extraInitContainers` | Init containers to add to the cronjob container | {} |
-+| `securityContext` | Configure PodSecurityContext | `false` |
-+| `rbac.enabled` | Enable RBAC resources | `false` |
-+| `psp.create` | Create pod security policy resources | `false` |
-+| `serviceAccount.create` | Create a default serviceaccount for elasticsearch curator | `true` |
-+| `serviceAccount.name` | Name for elasticsearch curator serviceaccount | `""` |
-+
-+
- Specify each parameter using the `--set key=value[,key=value]` argument to
- `helm install`.
-diff --git a/stable/elasticsearch-curator/ci/initcontainer-values.yaml b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
-new file mode 100644
-index 0000000..578becf
---- /dev/null
-+++ b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
-@@ -0,0 +1,9 @@
-+extraInitContainers:
-+ test:
-+ image: alpine:latest
-+ command:
-+ - "/bin/sh"
-+ - "-c"
-+ args:
-+ - |
-+ true
-diff --git a/stable/elasticsearch-curator/templates/_helpers.tpl b/stable/elasticsearch-curator/templates/_helpers.tpl
-index c786fb5..8018c5d 100644
---- a/stable/elasticsearch-curator/templates/_helpers.tpl
-+++ b/stable/elasticsearch-curator/templates/_helpers.tpl
-@@ -12,6 +12,17 @@ Return the appropriate apiVersion for cronjob APIs.
- {{- end -}}
-
- {{/*
-+Return the appropriate apiVersion for podsecuritypolicy.
-+*/}}
-+{{- define "podsecuritypolicy.apiVersion" -}}
-+{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
-+{{- print "extensions/v1beta1" -}}
-+{{- else -}}
-+{{- print "policy/v1beta1" -}}
-+{{- end -}}
-+{{- end -}}
-+
-+{{/*
- Expand the name of the chart.
- */}}
- {{- define "elasticsearch-curator.name" -}}
-@@ -42,3 +53,14 @@ Create chart name and version as used by the chart label.
- {{- define "elasticsearch-curator.chart" -}}
- {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
- {{- end -}}
-+
-+{{/*
-+Create the name of the service account to use
-+*/}}
-+{{- define "elasticsearch-curator.serviceAccountName" -}}
-+{{- if .Values.serviceAccount.create -}}
-+ {{ default (include "elasticsearch-curator.fullname" .) .Values.serviceAccount.name }}
-+{{- else -}}
-+ {{ default "default" .Values.serviceAccount.name }}
-+{{- end -}}
-+{{- end -}}
-diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml
-index d0388f4..37274f6 100644
---- a/stable/elasticsearch-curator/templates/cronjob.yaml
-+++ b/stable/elasticsearch-curator/templates/cronjob.yaml
-@@ -53,6 +53,16 @@ spec:
- imagePullSecrets:
- - name: {{ .Values.image.pullSecret }}
- {{- end }}
-+{{- if .Values.extraInitContainers }}
-+ initContainers:
-+{{- range $key, $value := .Values.extraInitContainers }}
-+ - name: "{{ $key }}"
-+{{ toYaml $value | indent 12 }}
-+{{- end }}
-+{{- end }}
-+ {{- if .Values.rbac.enabled }}
-+ serviceAccountName: {{ template "elasticsearch-curator.serviceAccountName" .}}
-+ {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-diff --git a/stable/elasticsearch-curator/templates/psp.yml b/stable/elasticsearch-curator/templates/psp.yml
-new file mode 100644
-index 0000000..5f62985
---- /dev/null
-+++ b/stable/elasticsearch-curator/templates/psp.yml
-@@ -0,0 +1,35 @@
-+{{- if .Values.psp.create }}
-+apiVersion: {{ template "podsecuritypolicy.apiVersion" . }}
-+kind: PodSecurityPolicy
-+metadata:
-+ labels:
-+ app: {{ template "elasticsearch-curator.name" . }}
-+ chart: {{ template "elasticsearch-curator.chart" . }}
-+ release: {{ .Release.Name }}
-+ heritage: {{ .Release.Service }}
-+ name: {{ template "elasticsearch-curator.fullname" . }}-psp
-+spec:
-+ privileged: true
-+ #requiredDropCapabilities:
-+ volumes:
-+ - 'configMap'
-+ - 'secret'
-+ hostNetwork: false
-+ hostIPC: false
-+ hostPID: false
-+ runAsUser:
-+ rule: 'RunAsAny'
-+ seLinux:
-+ rule: 'RunAsAny'
-+ supplementalGroups:
-+ rule: 'MustRunAs'
-+ ranges:
-+ - min: 1
-+ max: 65535
-+ fsGroup:
-+ rule: 'MustRunAs'
-+ ranges:
-+ - min: 1
-+ max: 65535
-+ readOnlyRootFilesystem: false
-+{{- end }}
-diff --git a/stable/elasticsearch-curator/templates/role.yaml b/stable/elasticsearch-curator/templates/role.yaml
-new file mode 100644
-index 0000000..8867f67
---- /dev/null
-+++ b/stable/elasticsearch-curator/templates/role.yaml
-@@ -0,0 +1,23 @@
-+{{- if .Values.rbac.enabled }}
-+kind: Role
-+apiVersion: rbac.authorization.k8s.io/v1
-+metadata:
-+ labels:
-+ app: {{ template "elasticsearch-curator.name" . }}
-+ chart: {{ template "elasticsearch-curator.chart" . }}
-+ heritage: {{ .Release.Service }}
-+ release: {{ .Release.Name }}
-+ component: elasticsearch-curator-configmap
-+ name: {{ template "elasticsearch-curator.name" . }}-role
-+rules:
-+- apiGroups: [""]
-+ resources: ["configmaps"]
-+ verbs: ["update", "patch"]
-+{{- if .Values.psp.create }}
-+- apiGroups: ["extensions"]
-+ resources: ["podsecuritypolicies"]
-+ verbs: ["use"]
-+ resourceNames:
-+ - {{ template "elasticsearch-curator.fullname" . }}-psp
-+{{- end -}}
-+{{- end -}}
-diff --git a/stable/elasticsearch-curator/templates/rolebinding.yaml b/stable/elasticsearch-curator/templates/rolebinding.yaml
-new file mode 100644
-index 0000000..d25d2e1
---- /dev/null
-+++ b/stable/elasticsearch-curator/templates/rolebinding.yaml
-@@ -0,0 +1,21 @@
-+{{- if .Values.rbac.enabled -}}
-+kind: RoleBinding
-+apiVersion: rbac.authorization.k8s.io/v1
-+metadata:
-+ labels:
-+ app: {{ template "elasticsearch-curator.name" . }}
-+ chart: {{ template "elasticsearch-curator.chart" . }}
-+ heritage: {{ .Release.Service }}
-+ release: {{ .Release.Name }}
-+ component: elasticsearch-curator-configmap
-+ name: {{ template "elasticsearch-curator.name" . }}-rolebinding
-+roleRef:
-+ kind: Role
-+ name: {{ template "elasticsearch-curator.name" . }}-role
-+ apiGroup: rbac.authorization.k8s.io
-+subjects:
-+ - kind: ServiceAccount
-+ name: {{ template "elasticsearch-curator.serviceAccountName" . }}
-+ namespace: {{ .Release.Namespace }}
-+{{- end -}}
-+
-diff --git a/stable/elasticsearch-curator/templates/serviceaccount.yaml b/stable/elasticsearch-curator/templates/serviceaccount.yaml
-new file mode 100644
-index 0000000..ad9c5c9
---- /dev/null
-+++ b/stable/elasticsearch-curator/templates/serviceaccount.yaml
-@@ -0,0 +1,12 @@
-+{{- if and .Values.serviceAccount.create .Values.rbac.enabled }}
-+apiVersion: v1
-+kind: ServiceAccount
-+metadata:
-+ name: {{ template "elasticsearch-curator.serviceAccountName" .}}
-+ labels:
-+ app: {{ template "elasticsearch-curator.fullname" . }}
-+ chart: {{ template "elasticsearch-curator.chart" . }}
-+ release: "{{ .Release.Name }}"
-+ heritage: "{{ .Release.Service }}"
-+{{- end }}
-+
-diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml
-index 3779be1..460f2a4 100644
---- a/stable/elasticsearch-curator/values.yaml
-+++ b/stable/elasticsearch-curator/values.yaml
-@@ -13,9 +13,25 @@ cronjob:
- pod:
- annotations: {}
-
-+rbac:
-+ # Specifies whether RBAC should be enabled
-+ enabled: false
-+
-+serviceAccount:
-+ # Specifies whether a ServiceAccount should be created
-+ create: true
-+ # The name of the ServiceAccount to use.
-+ # If not set and create is true, a name is generated using the fullname template
-+ name:
-+
-+
-+psp:
-+ # Specifies whether a podsecuritypolicy should be created
-+ create: false
-+
- image:
-- repository: quay.io/pires/docker-elasticsearch-curator
-- tag: 5.5.4
-+ repository: untergeek/curator
-+ tag: 5.7.6
- pullPolicy: IfNotPresent
-
- hooks:
-@@ -25,7 +41,7 @@ hooks:
- # run curator in dry-run mode
- dryrun: false
-
--command: ["curator"]
-+command: ["/curator/curator"]
- env: {}
-
- configMaps:
-@@ -101,5 +117,40 @@ priorityClassName: ""
- # mountPath: /certs
- # readOnly: true
-
-+# Add your own init container or uncomment and modify the given example.
-+extraInitContainers: {}
-+ ## Don't configure S3 repository till Elasticsearch is reachable.
-+ ## Ensure that it is available at http://elasticsearch:9200
-+ ##
-+ # elasticsearch-s3-repository:
-+ # image: jwilder/dockerize:latest
-+ # imagePullPolicy: "IfNotPresent"
-+ # command:
-+ # - "/bin/sh"
-+ # - "-c"
-+ # args:
-+ # - |
-+ # ES_HOST=elasticsearch
-+ # ES_PORT=9200
-+ # ES_REPOSITORY=backup
-+ # S3_REGION=us-east-1
-+ # S3_BUCKET=bucket
-+ # S3_BASE_PATH=backup
-+ # S3_COMPRESS=true
-+ # S3_STORAGE_CLASS=standard
-+ # apk add curl --no-cache && \
-+ # dockerize -wait http://${ES_HOST}:${ES_PORT} --timeout 120s && \
-+ # cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
-+ # {
-+ # "type": "s3",
-+ # "settings": {
-+ # "bucket": "${S3_BUCKET}",
-+ # "base_path": "${S3_BASE_PATH}",
-+ # "region": "${S3_REGION}",
-+ # "compress": "${S3_COMPRESS}",
-+ # "storage_class": "${S3_STORAGE_CLASS}"
-+ # }
-+ # }
-+
- securityContext:
- runAsUser: 16 # run as cron user instead of root
---
-1.8.3.1
-