--- /dev/null
+From 21cd4d9720064f89843551e7da4c1e0528b6cbf5 Mon Sep 17 00:00:00 2001
+From: Kevin Smith <kevin.smith@windriver.com>
+Date: Thu, 10 Oct 2019 15:43:20 -0400
+Subject: [PATCH 1/1] add curator as of 2019-10-10
+
+---
+ stable/elasticsearch-curator/Chart.yaml | 6 +--
+ stable/elasticsearch-curator/OWNERS | 6 +--
+ stable/elasticsearch-curator/README.md | 34 ++++++++++---
+ .../ci/initcontainer-values.yaml | 9 ++++
+ .../elasticsearch-curator/templates/_helpers.tpl | 22 +++++++++
+ .../elasticsearch-curator/templates/cronjob.yaml | 10 ++++
+ stable/elasticsearch-curator/templates/psp.yml | 35 +++++++++++++
+ stable/elasticsearch-curator/templates/role.yaml | 23 +++++++++
+ .../templates/rolebinding.yaml | 21 ++++++++
+ .../templates/serviceaccount.yaml | 12 +++++
+ stable/elasticsearch-curator/values.yaml | 57 ++++++++++++++++++++--
+ 11 files changed, 218 insertions(+), 17 deletions(-)
+ create mode 100644 stable/elasticsearch-curator/ci/initcontainer-values.yaml
+ create mode 100644 stable/elasticsearch-curator/templates/psp.yml
+ create mode 100644 stable/elasticsearch-curator/templates/role.yaml
+ create mode 100644 stable/elasticsearch-curator/templates/rolebinding.yaml
+ create mode 100644 stable/elasticsearch-curator/templates/serviceaccount.yaml
+
+diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml
+index 24a37ce..7a8e0a7 100644
+--- a/stable/elasticsearch-curator/Chart.yaml
++++ b/stable/elasticsearch-curator/Chart.yaml
+@@ -2,7 +2,7 @@ apiVersion: v1
+ appVersion: "5.5.4"
+ description: A Helm chart for Elasticsearch Curator
+ name: elasticsearch-curator
+-version: 1.3.2
++version: 2.0.2
+ home: https://github.com/elastic/curator
+ keywords:
+ - curator
+@@ -12,7 +12,7 @@ sources:
+ - https://github.com/kubernetes/charts/elasticsearch-curator
+ - https://github.com/pires/docker-elasticsearch-curator
+ maintainers:
+- - name: tmestdagh
+- email: mestdagh.tom@gmail.com
++ - name: desaintmartin
++ email: cedric.dsm@gmail.com
+ - name: gianrubio
+ email: gianrubio@gmail.com
+diff --git a/stable/elasticsearch-curator/OWNERS b/stable/elasticsearch-curator/OWNERS
+index d8c0ba0..89df1c0 100644
+--- a/stable/elasticsearch-curator/OWNERS
++++ b/stable/elasticsearch-curator/OWNERS
+@@ -1,6 +1,6 @@
+ approvers:
+- - tmestdagh
++ - desaintmartin
+ - gianrubio
+ reviewers:
+- - tmestdagh
+- - gianrubio
+\ No newline at end of file
++ - desaintmartin
++ - gianrubio
+diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md
+index 0a9f311..2057b85 100644
+--- a/stable/elasticsearch-curator/README.md
++++ b/stable/elasticsearch-curator/README.md
+@@ -23,6 +23,17 @@ To install the chart, use the following:
+ $ helm install stable/elasticsearch-curator
+ ```
+
++## Upgrading an existing Release to a new major version
++
++A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
++incompatible breaking change needing manual actions.
++
++### To 2.0.0
++
++v2.0.0 uses docker image from `elasticsearch-curator` author, which differs in its way to install curator.
++
++If you have a hardcoded `command` value, please update it to follow the new `curator` executable path: `/curator/curator` (which is not in PATH).
++
+ ## Configuration
+
+ The following table lists the configurable parameters of the docker-registry chart and
+@@ -31,8 +42,8 @@ their default values.
+ | Parameter | Description | Default |
+ | :----------------------------------- | :---------------------------------------------------------- | :------------------------------------------- |
+ | `image.pullPolicy` | Container pull policy | `IfNotPresent` |
+-| `image.repository` | Container image to use | `quay.io/pires/docker-elasticsearch-curator` |
+-| `image.tag` | Container image tag to deploy | `5.5.4` |
++| `image.repository` | Container image to use | `untergeek/curator` |
++| `image.tag` | Container image tag to deploy | `5.7.6` |
+ | `hooks` | Whether to run job on selected hooks | `{ "install": false, "upgrade": false }` |
+ | `cronjob.schedule` | Schedule for the CronJob | `0 1 * * *` |
+ | `cronjob.annotations` | Annotations to add to the cronjob | {} |
+@@ -43,15 +54,22 @@ their default values.
+ | `dryrun` | Run Curator in dry-run mode | `false` |
+ | `env` | Environment variables to add to the cronjob container | {} |
+ | `envFromSecrets` | Environment variables from secrets to the cronjob container | {} |
+-| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
+-| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
+-| `command` | Command to execute | ["curator"] |
+-| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
+-| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
++| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
++| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
++| `command` | Command to execute | ["/curator/curator"] |
++| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
++| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
+ | `resources` | Resource requests and limits | {} |
+ | `priorityClassName` | priorityClassName | `nil` |
+ | `extraVolumeMounts` | Mount extra volume(s), | |
+ | `extraVolumes` | Extra volumes | |
+-| `securityContext` | Configure PodSecurityContext |
++| `extraInitContainers` | Init containers to add to the cronjob container | {} |
++| `securityContext` | Configure PodSecurityContext | `false` |
++| `rbac.enabled` | Enable RBAC resources | `false` |
++| `psp.create` | Create pod security policy resources | `false` |
++| `serviceAccount.create` | Create a default serviceaccount for elasticsearch curator | `true` |
++| `serviceAccount.name` | Name for elasticsearch curator serviceaccount | `""` |
++
++
+ Specify each parameter using the `--set key=value[,key=value]` argument to
+ `helm install`.
+diff --git a/stable/elasticsearch-curator/ci/initcontainer-values.yaml b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
+new file mode 100644
+index 0000000..578becf
+--- /dev/null
++++ b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
+@@ -0,0 +1,9 @@
++extraInitContainers:
++ test:
++ image: alpine:latest
++ command:
++ - "/bin/sh"
++ - "-c"
++ args:
++ - |
++ true
+diff --git a/stable/elasticsearch-curator/templates/_helpers.tpl b/stable/elasticsearch-curator/templates/_helpers.tpl
+index c786fb5..8018c5d 100644
+--- a/stable/elasticsearch-curator/templates/_helpers.tpl
++++ b/stable/elasticsearch-curator/templates/_helpers.tpl
+@@ -12,6 +12,17 @@ Return the appropriate apiVersion for cronjob APIs.
+ {{- end -}}
+
+ {{/*
++Return the appropriate apiVersion for podsecuritypolicy.
++*/}}
++{{- define "podsecuritypolicy.apiVersion" -}}
++{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
++{{- print "extensions/v1beta1" -}}
++{{- else -}}
++{{- print "policy/v1beta1" -}}
++{{- end -}}
++{{- end -}}
++
++{{/*
+ Expand the name of the chart.
+ */}}
+ {{- define "elasticsearch-curator.name" -}}
+@@ -42,3 +53,14 @@ Create chart name and version as used by the chart label.
+ {{- define "elasticsearch-curator.chart" -}}
+ {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+ {{- end -}}
++
++{{/*
++Create the name of the service account to use
++*/}}
++{{- define "elasticsearch-curator.serviceAccountName" -}}
++{{- if .Values.serviceAccount.create -}}
++ {{ default (include "elasticsearch-curator.fullname" .) .Values.serviceAccount.name }}
++{{- else -}}
++ {{ default "default" .Values.serviceAccount.name }}
++{{- end -}}
++{{- end -}}
+diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml
+index d0388f4..37274f6 100644
+--- a/stable/elasticsearch-curator/templates/cronjob.yaml
++++ b/stable/elasticsearch-curator/templates/cronjob.yaml
+@@ -53,6 +53,16 @@ spec:
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecret }}
+ {{- end }}
++{{- if .Values.extraInitContainers }}
++ initContainers:
++{{- range $key, $value := .Values.extraInitContainers }}
++ - name: "{{ $key }}"
++{{ toYaml $value | indent 12 }}
++{{- end }}
++{{- end }}
++ {{- if .Values.rbac.enabled }}
++ serviceAccountName: {{ template "elasticsearch-curator.serviceAccountName" .}}
++ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+diff --git a/stable/elasticsearch-curator/templates/psp.yml b/stable/elasticsearch-curator/templates/psp.yml
+new file mode 100644
+index 0000000..5f62985
+--- /dev/null
++++ b/stable/elasticsearch-curator/templates/psp.yml
+@@ -0,0 +1,35 @@
++{{- if .Values.psp.create }}
++apiVersion: {{ template "podsecuritypolicy.apiVersion" . }}
++kind: PodSecurityPolicy
++metadata:
++ labels:
++ app: {{ template "elasticsearch-curator.name" . }}
++ chart: {{ template "elasticsearch-curator.chart" . }}
++ release: {{ .Release.Name }}
++ heritage: {{ .Release.Service }}
++ name: {{ template "elasticsearch-curator.fullname" . }}-psp
++spec:
++ privileged: true
++ #requiredDropCapabilities:
++ volumes:
++ - 'configMap'
++ - 'secret'
++ hostNetwork: false
++ hostIPC: false
++ hostPID: false
++ runAsUser:
++ rule: 'RunAsAny'
++ seLinux:
++ rule: 'RunAsAny'
++ supplementalGroups:
++ rule: 'MustRunAs'
++ ranges:
++ - min: 1
++ max: 65535
++ fsGroup:
++ rule: 'MustRunAs'
++ ranges:
++ - min: 1
++ max: 65535
++ readOnlyRootFilesystem: false
++{{- end }}
+diff --git a/stable/elasticsearch-curator/templates/role.yaml b/stable/elasticsearch-curator/templates/role.yaml
+new file mode 100644
+index 0000000..8867f67
+--- /dev/null
++++ b/stable/elasticsearch-curator/templates/role.yaml
+@@ -0,0 +1,23 @@
++{{- if .Values.rbac.enabled }}
++kind: Role
++apiVersion: rbac.authorization.k8s.io/v1
++metadata:
++ labels:
++ app: {{ template "elasticsearch-curator.name" . }}
++ chart: {{ template "elasticsearch-curator.chart" . }}
++ heritage: {{ .Release.Service }}
++ release: {{ .Release.Name }}
++ component: elasticsearch-curator-configmap
++ name: {{ template "elasticsearch-curator.name" . }}-role
++rules:
++- apiGroups: [""]
++ resources: ["configmaps"]
++ verbs: ["update", "patch"]
++{{- if .Values.psp.create }}
++- apiGroups: ["extensions"]
++ resources: ["podsecuritypolicies"]
++ verbs: ["use"]
++ resourceNames:
++ - {{ template "elasticsearch-curator.fullname" . }}-psp
++{{- end -}}
++{{- end -}}
+diff --git a/stable/elasticsearch-curator/templates/rolebinding.yaml b/stable/elasticsearch-curator/templates/rolebinding.yaml
+new file mode 100644
+index 0000000..d25d2e1
+--- /dev/null
++++ b/stable/elasticsearch-curator/templates/rolebinding.yaml
+@@ -0,0 +1,21 @@
++{{- if .Values.rbac.enabled -}}
++kind: RoleBinding
++apiVersion: rbac.authorization.k8s.io/v1
++metadata:
++ labels:
++ app: {{ template "elasticsearch-curator.name" . }}
++ chart: {{ template "elasticsearch-curator.chart" . }}
++ heritage: {{ .Release.Service }}
++ release: {{ .Release.Name }}
++ component: elasticsearch-curator-configmap
++ name: {{ template "elasticsearch-curator.name" . }}-rolebinding
++roleRef:
++ kind: Role
++ name: {{ template "elasticsearch-curator.name" . }}-role
++ apiGroup: rbac.authorization.k8s.io
++subjects:
++ - kind: ServiceAccount
++ name: {{ template "elasticsearch-curator.serviceAccountName" . }}
++ namespace: {{ .Release.Namespace }}
++{{- end -}}
++
+diff --git a/stable/elasticsearch-curator/templates/serviceaccount.yaml b/stable/elasticsearch-curator/templates/serviceaccount.yaml
+new file mode 100644
+index 0000000..ad9c5c9
+--- /dev/null
++++ b/stable/elasticsearch-curator/templates/serviceaccount.yaml
+@@ -0,0 +1,12 @@
++{{- if and .Values.serviceAccount.create .Values.rbac.enabled }}
++apiVersion: v1
++kind: ServiceAccount
++metadata:
++ name: {{ template "elasticsearch-curator.serviceAccountName" .}}
++ labels:
++ app: {{ template "elasticsearch-curator.fullname" . }}
++ chart: {{ template "elasticsearch-curator.chart" . }}
++ release: "{{ .Release.Name }}"
++ heritage: "{{ .Release.Service }}"
++{{- end }}
++
+diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml
+index 3779be1..460f2a4 100644
+--- a/stable/elasticsearch-curator/values.yaml
++++ b/stable/elasticsearch-curator/values.yaml
+@@ -13,9 +13,25 @@ cronjob:
+ pod:
+ annotations: {}
+
++rbac:
++ # Specifies whether RBAC should be enabled
++ enabled: false
++
++serviceAccount:
++ # Specifies whether a ServiceAccount should be created
++ create: true
++ # The name of the ServiceAccount to use.
++ # If not set and create is true, a name is generated using the fullname template
++ name:
++
++
++psp:
++ # Specifies whether a podsecuritypolicy should be created
++ create: false
++
+ image:
+- repository: quay.io/pires/docker-elasticsearch-curator
+- tag: 5.5.4
++ repository: untergeek/curator
++ tag: 5.7.6
+ pullPolicy: IfNotPresent
+
+ hooks:
+@@ -25,7 +41,7 @@ hooks:
+ # run curator in dry-run mode
+ dryrun: false
+
+-command: ["curator"]
++command: ["/curator/curator"]
+ env: {}
+
+ configMaps:
+@@ -101,5 +117,40 @@ priorityClassName: ""
+ # mountPath: /certs
+ # readOnly: true
+
++# Add your own init container or uncomment and modify the given example.
++extraInitContainers: {}
++ ## Don't configure S3 repository till Elasticsearch is reachable.
++ ## Ensure that it is available at http://elasticsearch:9200
++ ##
++ # elasticsearch-s3-repository:
++ # image: jwilder/dockerize:latest
++ # imagePullPolicy: "IfNotPresent"
++ # command:
++ # - "/bin/sh"
++ # - "-c"
++ # args:
++ # - |
++ # ES_HOST=elasticsearch
++ # ES_PORT=9200
++ # ES_REPOSITORY=backup
++ # S3_REGION=us-east-1
++ # S3_BUCKET=bucket
++ # S3_BASE_PATH=backup
++ # S3_COMPRESS=true
++ # S3_STORAGE_CLASS=standard
++ # apk add curl --no-cache && \
++ # dockerize -wait http://${ES_HOST}:${ES_PORT} --timeout 120s && \
++ # cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
++ # {
++ # "type": "s3",
++ # "settings": {
++ # "bucket": "${S3_BUCKET}",
++ # "base_path": "${S3_BASE_PATH}",
++ # "region": "${S3_REGION}",
++ # "compress": "${S3_COMPRESS}",
++ # "storage_class": "${S3_STORAGE_CLASS}"
++ # }
++ # }
++
+ securityContext:
+ runAsUser: 16 # run as cron user instead of root
+--
+1.8.3.1
+
Code Review / pti / rtp.git / blobdiff