Revert "Revert "oran-shell-release: release image for F""

[pti/rtp.git] / meta-starlingx / meta-stx-flock / stx-monitor-armada-app / monitor-helm / 0009-add-curator-as-of-2019-10-10.patch

From 21cd4d9720064f89843551e7da4c1e0528b6cbf5 Mon Sep 17 00:00:00 2001
From: Kevin Smith <kevin.smith@windriver.com>
Date: Thu, 10 Oct 2019 15:43:20 -0400
Subject: [PATCH 1/1] add curator as of 2019-10-10

---
 stable/elasticsearch-curator/Chart.yaml            |  6 +--
 stable/elasticsearch-curator/OWNERS                |  6 +--
 stable/elasticsearch-curator/README.md             | 34 ++++++++++---
 .../ci/initcontainer-values.yaml                   |  9 ++++
 .../elasticsearch-curator/templates/_helpers.tpl   | 22 +++++++++
 .../elasticsearch-curator/templates/cronjob.yaml   | 10 ++++
 stable/elasticsearch-curator/templates/psp.yml     | 35 +++++++++++++
 stable/elasticsearch-curator/templates/role.yaml   | 23 +++++++++
 .../templates/rolebinding.yaml                     | 21 ++++++++
 .../templates/serviceaccount.yaml                  | 12 +++++
 stable/elasticsearch-curator/values.yaml           | 57 ++++++++++++++++++++--
 11 files changed, 218 insertions(+), 17 deletions(-)
 create mode 100644 stable/elasticsearch-curator/ci/initcontainer-values.yaml
 create mode 100644 stable/elasticsearch-curator/templates/psp.yml
 create mode 100644 stable/elasticsearch-curator/templates/role.yaml
 create mode 100644 stable/elasticsearch-curator/templates/rolebinding.yaml
 create mode 100644 stable/elasticsearch-curator/templates/serviceaccount.yaml

diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml
index 24a37ce..7a8e0a7 100644
--- a/stable/elasticsearch-curator/Chart.yaml
+++ b/stable/elasticsearch-curator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "5.5.4"
 description: A Helm chart for Elasticsearch Curator
 name: elasticsearch-curator
-version: 1.3.2
+version: 2.0.2
 home: https://github.com/elastic/curator
 keywords:
 - curator
@@ -12,7 +12,7 @@ sources:
 - https://github.com/kubernetes/charts/elasticsearch-curator
 - https://github.com/pires/docker-elasticsearch-curator
 maintainers:
-  - name: tmestdagh
-    email: mestdagh.tom@gmail.com
+  - name: desaintmartin
+    email: cedric.dsm@gmail.com
   - name: gianrubio
     email: gianrubio@gmail.com
diff --git a/stable/elasticsearch-curator/OWNERS b/stable/elasticsearch-curator/OWNERS
index d8c0ba0..89df1c0 100644
--- a/stable/elasticsearch-curator/OWNERS
+++ b/stable/elasticsearch-curator/OWNERS
@@ -1,6 +1,6 @@
 approvers:
-  - tmestdagh
+  - desaintmartin
   - gianrubio
 reviewers:
-  - tmestdagh
-  - gianrubio
\ No newline at end of file
+  - desaintmartin
+  - gianrubio
diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md
index 0a9f311..2057b85 100644
--- a/stable/elasticsearch-curator/README.md
+++ b/stable/elasticsearch-curator/README.md
@@ -23,6 +23,17 @@ To install the chart, use the following:
 $ helm install stable/elasticsearch-curator
 ```
 
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 2.0.0
+
+v2.0.0 uses docker image from `elasticsearch-curator` author, which differs in its way to install curator.
+
+If you have a hardcoded `command` value, please update it to follow the new `curator` executable path: `/curator/curator` (which is not in PATH).
+
 ## Configuration
 
 The following table lists the configurable parameters of the docker-registry chart and
@@ -31,8 +42,8 @@ their default values.
 |          Parameter                   |                         Description                         |                   Default                    |
 | :----------------------------------- | :---------------------------------------------------------- | :------------------------------------------- |
 | `image.pullPolicy`                   | Container pull policy                                       | `IfNotPresent`                               |
-| `image.repository`                   | Container image to use                                      | `quay.io/pires/docker-elasticsearch-curator` |
-| `image.tag`                          | Container image tag to deploy                               | `5.5.4`                                      |
+| `image.repository`                   | Container image to use                                      | `untergeek/curator`                          |
+| `image.tag`                          | Container image tag to deploy                               | `5.7.6`                                      |
 | `hooks`                              | Whether to run job on selected hooks                        | `{ "install": false, "upgrade": false }`     |
 | `cronjob.schedule`                   | Schedule for the CronJob                                    | `0 1 * * *`                                  |
 | `cronjob.annotations`                | Annotations to add to the cronjob                           | {}                                           |
@@ -43,15 +54,22 @@ their default values.
 | `dryrun`                             | Run Curator in dry-run mode                                 | `false`                                      |
 | `env`                                | Environment variables to add to the cronjob container       | {}                                           |
 | `envFromSecrets`                     | Environment variables from secrets to the cronjob container | {}                                           |
-| `envFromSecrets.*.from.secret`       | - `secretKeyRef.name` used for environment variable         |                                              |              
-| `envFromSecrets.*.from.key`          | - `secretKeyRef.key` used for environment variable          |                                              |              
-| `command`                            | Command to execute                                          | ["curator"]                                  |
-| `configMaps.action_file_yml`         | Contents of the Curator action_file.yml                     | See values.yaml                              |
-| `configMaps.config_yml`              | Contents of the Curator config.yml (overrides config)       | See values.yaml                              |
+| `envFromSecrets.*.from.secret`       | - `secretKeyRef.name` used for environment variable         |                                              |
+| `envFromSecrets.*.from.key`          | - `secretKeyRef.key` used for environment variable          |                                              |
+| `command`                            | Command to execute                                          | ["/curator/curator"]                         |
+| `configMaps.action_file_yml`           | Contents of the Curator action_file.yml                      | See values.yaml                              |
+| `configMaps.config_yml`                | Contents of the Curator config.yml (overrides config)         | See values.yaml                              |
 | `resources`                          | Resource requests and limits                                | {}                                           |
 | `priorityClassName`                  | priorityClassName                                           | `nil`                                        |
 | `extraVolumeMounts`                  | Mount extra volume(s),                                      |                                              |
 | `extraVolumes`                       | Extra volumes                                               |                                              |
-| `securityContext`                    | Configure PodSecurityContext                          |
+| `extraInitContainers`                | Init containers to add to the cronjob container             | {}                                           |
+| `securityContext`                    | Configure PodSecurityContext                                 | `false`                                      |
+| `rbac.enabled`                       | Enable RBAC resources                                       | `false`                                      |
+| `psp.create`                         | Create pod security policy resources                        | `false`                                      |
+| `serviceAccount.create`              | Create a default serviceaccount for elasticsearch curator   | `true`                                       |
+| `serviceAccount.name`                | Name for elasticsearch curator serviceaccount               | `""`                                         |
+
+
 Specify each parameter using the `--set key=value[,key=value]` argument to
 `helm install`.
diff --git a/stable/elasticsearch-curator/ci/initcontainer-values.yaml b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
new file mode 100644
index 0000000..578becf
--- /dev/null
+++ b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
@@ -0,0 +1,9 @@
+extraInitContainers:
+  test:
+    image: alpine:latest
+    command:
+    - "/bin/sh"
+    - "-c"
+    args:
+    - |
+      true
diff --git a/stable/elasticsearch-curator/templates/_helpers.tpl b/stable/elasticsearch-curator/templates/_helpers.tpl
index c786fb5..8018c5d 100644
--- a/stable/elasticsearch-curator/templates/_helpers.tpl
+++ b/stable/elasticsearch-curator/templates/_helpers.tpl
@@ -12,6 +12,17 @@ Return the appropriate apiVersion for cronjob APIs.
 {{- end -}}
 
 {{/*
+Return the appropriate apiVersion for podsecuritypolicy.
+*/}}
+{{- define "podsecuritypolicy.apiVersion" -}}
+{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
 Expand the name of the chart.
 */}}
 {{- define "elasticsearch-curator.name" -}}
@@ -42,3 +53,14 @@ Create chart name and version as used by the chart label.
 {{- define "elasticsearch-curator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch-curator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "elasticsearch-curator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml
index d0388f4..37274f6 100644
--- a/stable/elasticsearch-curator/templates/cronjob.yaml
+++ b/stable/elasticsearch-curator/templates/cronjob.yaml
@@ -53,6 +53,16 @@ spec:
           imagePullSecrets:
             - name: {{ .Values.image.pullSecret }}
 {{- end }}
+{{- if .Values.extraInitContainers }}
+          initContainers:
+{{- range $key, $value := .Values.extraInitContainers }}
+          - name: "{{ $key }}"
+{{ toYaml $value | indent 12 }}
+{{- end }}
+{{- end }}
+        {{- if .Values.rbac.enabled }}
+          serviceAccountName: {{ template "elasticsearch-curator.serviceAccountName" .}}
+        {{- end }}
           containers:
             - name: {{ .Chart.Name }}
               image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/stable/elasticsearch-curator/templates/psp.yml b/stable/elasticsearch-curator/templates/psp.yml
new file mode 100644
index 0000000..5f62985
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/psp.yml
@@ -0,0 +1,35 @@
+{{- if .Values.psp.create }}
+apiVersion: {{ template "podsecuritypolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+  labels:
+    app: {{ template "elasticsearch-curator.name" . }}
+    chart: {{ template "elasticsearch-curator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "elasticsearch-curator.fullname" . }}-psp
+spec:
+  privileged: true
+  #requiredDropCapabilities:
+  volumes:
+    - 'configMap'
+    - 'secret'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
diff --git a/stable/elasticsearch-curator/templates/role.yaml b/stable/elasticsearch-curator/templates/role.yaml
new file mode 100644
index 0000000..8867f67
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.rbac.enabled  }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    app: {{ template "elasticsearch-curator.name" . }}
+    chart: {{ template "elasticsearch-curator.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    component: elasticsearch-curator-configmap
+  name: {{ template "elasticsearch-curator.name" . }}-role
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["update", "patch"]
+{{- if .Values.psp.create }}
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies"]
+  verbs: ["use"]
+  resourceNames:
+  - {{ template "elasticsearch-curator.fullname" . }}-psp
+{{- end -}}
+{{- end -}}
diff --git a/stable/elasticsearch-curator/templates/rolebinding.yaml b/stable/elasticsearch-curator/templates/rolebinding.yaml
new file mode 100644
index 0000000..d25d2e1
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.enabled -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    app: {{ template "elasticsearch-curator.name" . }}
+    chart: {{ template "elasticsearch-curator.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    component: elasticsearch-curator-configmap
+  name: {{ template "elasticsearch-curator.name" . }}-rolebinding
+roleRef:
+  kind: Role
+  name: {{ template "elasticsearch-curator.name" . }}-role
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "elasticsearch-curator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
+
diff --git a/stable/elasticsearch-curator/templates/serviceaccount.yaml b/stable/elasticsearch-curator/templates/serviceaccount.yaml
new file mode 100644
index 0000000..ad9c5c9
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "elasticsearch-curator.serviceAccountName" .}}
+  labels:
+    app: {{ template "elasticsearch-curator.fullname" . }}
+    chart: {{ template "elasticsearch-curator.chart" . }}
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+{{- end }}
+
diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml
index 3779be1..460f2a4 100644
--- a/stable/elasticsearch-curator/values.yaml
+++ b/stable/elasticsearch-curator/values.yaml
@@ -13,9 +13,25 @@ cronjob:
 pod:
   annotations: {}
 
+rbac:
+  # Specifies whether RBAC should be enabled
+  enabled: false
+
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+
+psp:
+  # Specifies whether a podsecuritypolicy should be created
+  create: false
+
 image:
-  repository: quay.io/pires/docker-elasticsearch-curator
-  tag: 5.5.4
+  repository: untergeek/curator
+  tag: 5.7.6
   pullPolicy: IfNotPresent
 
 hooks:
@@ -25,7 +41,7 @@ hooks:
 # run curator in dry-run mode
 dryrun: false
 
-command: ["curator"]
+command: ["/curator/curator"]
 env: {}
 
 configMaps:
@@ -101,5 +117,40 @@ priorityClassName: ""
 #     mountPath: /certs
 #     readOnly: true
 
+# Add your own init container or uncomment and modify the given example.
+extraInitContainers: {}
+  ## Don't configure S3 repository till Elasticsearch is reachable.
+  ## Ensure that it is available at http://elasticsearch:9200
+  ##
+  # elasticsearch-s3-repository:
+  #   image: jwilder/dockerize:latest
+  #   imagePullPolicy: "IfNotPresent"
+  #   command:
+  #   - "/bin/sh"
+  #   - "-c"
+  #   args:
+  #   - |
+  #     ES_HOST=elasticsearch
+  #     ES_PORT=9200
+  #     ES_REPOSITORY=backup
+  #     S3_REGION=us-east-1
+  #     S3_BUCKET=bucket
+  #     S3_BASE_PATH=backup
+  #     S3_COMPRESS=true
+  #     S3_STORAGE_CLASS=standard
+  #     apk add curl --no-cache && \
+  #     dockerize -wait http://${ES_HOST}:${ES_PORT} --timeout 120s && \
+  #     cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+  #     {
+  #       "type": "s3",
+  #       "settings": {
+  #         "bucket": "${S3_BUCKET}",
+  #         "base_path": "${S3_BASE_PATH}",
+  #         "region": "${S3_REGION}",
+  #         "compress": "${S3_COMPRESS}",
+  #         "storage_class": "${S3_STORAGE_CLASS}"
+  #       }
+  #     }
+
 securityContext:
   runAsUser: 16  # run as cron user instead of root
-- 
1.8.3.1