Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Toolbox update #2

Open
wants to merge 346 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
346 commits
Select commit Hold shift + click to select a range
f4b7138
Finish up k8s-node-image chart. Add chronyd container.
kfox1111 Apr 14, 2019
f29b676
Add library chart for chronyd. Main chart for dhcpd.
kfox1111 Apr 14, 2019
02a6057
Add iputils version of ping.
kfox1111 May 1, 2019
87976c4
Enable default server
kfox1111 May 12, 2019
44d00a5
Add authconfig package
kfox1111 May 12, 2019
48767ae
Update unchanged to code 42
kfox1111 May 12, 2019
bfb2805
Fix travis issue
kfox1111 May 12, 2019
eef778a
Work around travis issue
kfox1111 May 13, 2019
42d7c6c
Get more info from travis
kfox1111 May 13, 2019
3edd72a
Try to fix travis issue
kfox1111 May 13, 2019
b0e8b4c
Add inotify-tools container
kfox1111 May 13, 2019
78104e3
Add chronyd
kfox1111 May 15, 2019
82f8e22
Save library chart metadata into a readable format.
kfox1111 May 17, 2019
de22d44
Add python 2 lint
kfox1111 May 23, 2019
392628a
Add k8s 1.15
kfox1111 Jun 25, 2019
857a21a
Update containerd to 1.2.7. Fail if it finds newer versions to notify…
kfox1111 Jul 9, 2019
290b361
Release k8s 1.15 chart.
kfox1111 Jul 13, 2019
f0612d6
Add pixiecore container
kfox1111 Jul 30, 2019
0a968c4
Remove new build flag
kfox1111 Jul 30, 2019
1e00682
Add pixiecore image library chart
kfox1111 Jul 31, 2019
ff7e35a
Update pixiecore
kfox1111 Jul 31, 2019
2f84437
Add tenant namespace chart
kfox1111 Aug 2, 2019
b324505
Fix build.
kfox1111 Aug 2, 2019
e29510a
Add pixiecore and tenant-namespace charts
kfox1111 Aug 2, 2019
e6c5c44
add pixiecore chart
kfox1111 Aug 2, 2019
9a4d51b
Bump containerd to 1.2.8
kfox1111 Aug 22, 2019
25dfde5
Add pixiecore-simpleconfig chart.
kfox1111 Sep 5, 2019
c927bdf
Fix ingress support in the pixiecore-simpleconfig chart.
kfox1111 Sep 5, 2019
6f9b7cd
Bump containerd version.
kfox1111 Sep 6, 2019
00737d9
Make debug toolbox image andn namespace overridable. Fix scheduling o…
kfox1111 Sep 17, 2019
9373f89
Fix dhcpd when using multiple hosts.
kfox1111 Sep 17, 2019
8242732
Update NOTES for alternate namespaces.
kfox1111 Sep 18, 2019
e17748f
Update pixiecore chart to support setting interface or ip directly.
kfox1111 Sep 19, 2019
5c30c56
Drop k8s 1.13, add 1.16. Add missing Chart.yaml version bump.
kfox1111 Sep 20, 2019
6fc7851
Roll daemonset on configmap change.
kfox1111 Sep 20, 2019
57449da
Roll pixiecore-simpleconfig on configmap change. Fix rbac issue with …
kfox1111 Sep 21, 2019
845acc7
Update image library charts for k8s 1.16. Add missing bump on tenant …
kfox1111 Sep 23, 2019
cbda1dd
Update pixiecore/dhcpd to use newer api. Fix rolling upgrades on dhcpd.
kfox1111 Sep 23, 2019
59c368f
Add ipmi.sh and example to console chart.
kfox1111 Sep 24, 2019
09473c1
Bump containerd to 1.2.10
kfox1111 Sep 30, 2019
1a3cf3d
Bump contained to 1.3.0
kfox1111 Sep 30, 2019
7ec2c6b
Update containerd spec for 1.3.0
kfox1111 Sep 30, 2019
15387b4
add nginx-app basic chart
Oct 3, 2019
38e214d
add travis build
Oct 4, 2019
6be8084
Merge pull request #1 from karcaw/add-nginx-web
karcaw Oct 4, 2019
8dc981d
build a chart, not a container
Oct 5, 2019
a81f54d
add nginx annotation to nginx-app
Oct 5, 2019
71b1cc8
Work around issue with containerd and deleting containers.
kfox1111 Oct 9, 2019
d6a9278
Merge branch 'master' of https://github.com/pnnl-miscscripts/miscscripts
kfox1111 Oct 9, 2019
4d05bf0
Fixed missing podSelector
plnordquist Nov 15, 2019
61886ef
Updated tenant-namespace chart version
plnordquist Nov 15, 2019
7a953d4
Bump containerd version
kfox1111 Nov 25, 2019
abfc111
Bump containerd version again.
kfox1111 Dec 5, 2019
4abb82e
Merge pull request #2 from plnordquist/fix-net-pol
kfox1111 Dec 16, 2019
26307ec
Add missing selector to dhcpd daemonset.
kfox1111 Jan 2, 2020
b162fff
Merge branch 'master' of https://github.com/pnnl-miscscripts/miscscripts
kfox1111 Jan 2, 2020
21a44a0
Bump api's up to support 1.16+
kfox1111 Jan 2, 2020
7b9a420
Add initial stab at gitlab-runner-operator container.
kfox1111 Jan 2, 2020
21ea00f
Add helm chart for gitlab-runner-operator
kfox1111 Jan 2, 2020
60f2924
Build chart in travis.
kfox1111 Jan 2, 2020
52a45f3
Update buildall to use helm 3.
kfox1111 Jan 3, 2020
164879b
Add rbac permissions for users to use gitlabrunners
kfox1111 Jan 3, 2020
19e7456
gitlab-runner support for unregistering runners when secrets are used.
kfox1111 Jan 17, 2020
6dc7103
Fix build of gitlab-runner-operator chart
kfox1111 Jan 17, 2020
fe2ebdb
Update fingerprint so it will build.
kfox1111 Jan 17, 2020
e745414
Fix missing &
kfox1111 Jan 17, 2020
d3c74bf
Support extra volume mounts in gitlab-runner-operator
kfox1111 Jan 30, 2020
c732e1e
Add version to fingerprint
kfox1111 Jan 30, 2020
b0040f8
Fix adding version to fingerprint
kfox1111 Jan 30, 2020
b43a9e9
Bump up containerd version.
kfox1111 Feb 10, 2020
3afa17b
[tenant-namespace] Added generic extra quota spec
plnordquist Mar 20, 2020
c34202a
Merge pull request #4 from plnordquist/extra-quota
kfox1111 Mar 20, 2020
3483527
Add OperatorGroup to tenant-namespace chart.
kfox1111 Mar 20, 2020
ba3dd10
Bump up nginx ingress version to 1.34.2.
kfox1111 Mar 31, 2020
c3d3bdd
Initial checkin of tenant-namespace-operator
kfox1111 Mar 31, 2020
dfc10c7
Its no longer a new build.
kfox1111 Mar 31, 2020
8cdcbce
Add missing crds
kfox1111 Mar 31, 2020
04ed946
[tenant-namespace] Cleaned up values file
plnordquist Mar 31, 2020
363a3b1
Merge pull request #5 from plnordquist/values-cleanup
kfox1111 Mar 31, 2020
663a443
Bump version for new chart.
kfox1111 Apr 1, 2020
5cd9da7
Release new tenant-namespace-operator
kfox1111 Apr 1, 2020
19e0df8
Fix install notes. Fix image tag and bump version.
kfox1111 Apr 1, 2020
e989d0e
Remove extra state in the finalizer. Add servicemonitor permissions. …
kfox1111 Apr 1, 2020
8fb29aa
Update to operator sdk 0.16. Add back in reconsile loop to fix k8s < …
kfox1111 Apr 1, 2020
0040326
Add missing file
kfox1111 Apr 2, 2020
4e246fa
Upload initial kubeupdater script
kfox1111 Apr 8, 2020
2bdf5b7
Fix resources in chronyd
kfox1111 Apr 13, 2020
b9fe613
Bump containerd to 1.3.4
kfox1111 Apr 16, 2020
680998a
Add operatorgroup permissions to the tenant-namespace-operator
kfox1111 Apr 29, 2020
fcedd91
Switched to helm module in k8s ansible collection
plnordquist May 11, 2020
603bf3c
Updated versions
plnordquist May 12, 2020
5ee82b7
Merge pull request #9 from plnordquist/tno-helm-module
kfox1111 May 12, 2020
e748553
Updated rpms containers
plnordquist May 21, 2020
e3b650b
Merge pull request #10 from plnordquist/rpms-updates
kfox1111 May 21, 2020
496d20c
Ensure a new fingerprint for anaconda
kfox1111 May 22, 2020
59e8a5d
Merge branch 'master' of https://github.com/pnnl-miscscripts/miscscripts
kfox1111 May 22, 2020
f4631dd
Fix kubeupdater
kfox1111 May 22, 2020
73ffa8f
Fix broken anaconda dockerfile
kfox1111 May 22, 2020
32f4fdb
Scratch cant run things
kfox1111 May 23, 2020
1cddd62
Fix kubeupdater to use the right key
kfox1111 May 27, 2020
033cc6d
Add support for custom everything.repo.
kfox1111 Jun 9, 2020
d790120
Add container for ipmi-exporter
kfox1111 Jun 10, 2020
7c54e2c
Force initial build.
kfox1111 Jun 10, 2020
3067c80
Fix dockerfile
kfox1111 Jun 10, 2020
9368b2a
Remove new build flag
kfox1111 Jun 10, 2020
2b34f48
Add and release ipmi-exporter. Release kubeupdater.
kfox1111 Jun 10, 2020
dbc51f8
Remove k8s 1.14 and add 1.17 and 1.18.
kfox1111 Jun 12, 2020
84dafaf
Set new build on k8s-node-image
kfox1111 Jun 15, 2020
a5f2163
Add missing containers.
kfox1111 Jun 15, 2020
5cbc5e8
Remove newbuild flag.
kfox1111 Jun 15, 2020
35ab3c0
Updated kubeupdater chart
plnordquist Jul 1, 2020
b135f84
Fixed missing secret volume type
plnordquist Jul 1, 2020
f128e1e
Merge pull request #11 from plnordquist/kubeupdater-psp
kfox1111 Jul 1, 2020
9a446c0
Bumped kubeupdater chart version
plnordquist Jul 1, 2020
8f51246
Merge pull request #12 from plnordquist/kubeupdater-bump
kfox1111 Jul 1, 2020
88a562c
Update gitlab-runner-operator
kfox1111 Jul 7, 2020
1acbe2c
Merge pull request #13 from kfox1111/gitlab-runner-update
kfox1111 Jul 8, 2020
3c73fc3
Initial stab at smartd exporter
kfox1111 Jul 9, 2020
08b8b1c
Merge pull request #14 from kfox1111/gitlab-runner-update
kfox1111 Jul 9, 2020
b5cad15
Add initial chart for smartctl-exporter.
kfox1111 Jul 9, 2020
d80bf69
Add service monitor. Fix README.
kfox1111 Jul 9, 2020
31637af
Add container for curl-jq, initial checkin of grafana misc dashboards…
kfox1111 Aug 4, 2020
b135793
Add dryrun mode. Add management for gitlabRunner
kfox1111 Aug 12, 2020
77472e0
Import magic-namespace so it doesn't go away.
kfox1111 Aug 13, 2020
dd12f82
Add missing helm diff plugin back to the tenant-namespace-operator co…
kfox1111 Aug 20, 2020
c65a8bf
Let debug pods run on more nodes out of the box. Update api versions.
kfox1111 Sep 18, 2020
41bb68f
Add support for disabling quota or limitranges.
kfox1111 Sep 25, 2020
ce4b845
Update stable url
kfox1111 Oct 29, 2020
23d8d4f
Updated tenant-namespace stable url
plnordquist Dec 2, 2020
7710a19
Merge pull request #18 from plnordquist/tn-stable-url
kfox1111 Dec 2, 2020
24e0efd
GitHub Actions Workflow (#19)
plnordquist Dec 14, 2020
5fbd302
Fixed secret reference due to gh rules
plnordquist Dec 14, 2020
4d109bb
Added missing node-image chart builds
plnordquist Dec 14, 2020
f3fa5ba
Switched to GH Actions Badge
plnordquist Dec 14, 2020
9e454f8
Fixed another reference to node-image charts
plnordquist Dec 14, 2020
b52f254
Update volume patch to match new gitlab-runner chart
kfox1111 Dec 23, 2020
4efd2da
Added load balancer ip tracking to tenant-namespace-operator
kfox1111 Feb 4, 2021
4b30f11
Fixed duplicate when check
plnordquist Feb 4, 2021
a165530
Fixed gitlab tag support in tenant namespace operator
kfox1111 Feb 5, 2021
9e03c2b
Fixed usage of double quotes
plnordquist Feb 5, 2021
b7a1fe7
Release 0.1.9 of the tenant-namespace-operator
kfox1111 Feb 5, 2021
9d09fb6
Release 0.1.9 of the tenant-namespace-operator
kfox1111 Feb 5, 2021
a4cb534
Add some keywords
kfox1111 Feb 9, 2021
fc17c67
Disable new smartctl-exporter builds until upstream can fix the issue.
kfox1111 Feb 24, 2021
1ae3f05
Updated ingress dependency for tenant namespace chart
plnordquist Feb 24, 2021
48d6e86
Fix race condition in kubeupdater
kfox1111 Feb 25, 2021
c5fac52
Cleanup containers as we go.
kfox1111 Feb 25, 2021
9d14075
Updated tenant-namespace ingress resources
plnordquist Feb 25, 2021
7ac6d28
Updated workflow to split out all jobs
plnordquist Feb 26, 2021
13c01ff
Merge pull request #26 from plnordquist/new-workflow
plnordquist Mar 1, 2021
141f10f
Added missing ingress-nginx repo in build script
plnordquist Mar 1, 2021
79b2f62
Fix gitlab-runner volume patch
kfox1111 Apr 2, 2021
9720eb7
Workaround bad sigs in repo
kfox1111 Apr 5, 2021
1284392
Work around broken issue using google's recommendation
kfox1111 Apr 5, 2021
440ca6d
Bad comment parser
kfox1111 Apr 6, 2021
f8af8e2
Add git container
kfox1111 Apr 7, 2021
9f30dfa
Fix build string
kfox1111 Apr 7, 2021
d4d2181
No longer a new build
kfox1111 Apr 7, 2021
126bf0d
Updated tenant-namespace-operator for new tenant-namespace
plnordquist Mar 1, 2021
d8d6b1d
Added upgrade marker for ingress nginx upgrade
plnordquist Mar 3, 2021
6f50fff
Refactored ingress IP fetching
plnordquist Apr 22, 2021
96c8859
Added k8s 1.21 image and charts
plnordquist May 21, 2021
7411235
Removed 1.16 builds
plnordquist May 24, 2021
a63a50c
Removed reference to deleted 1.16 build
plnordquist May 24, 2021
39c162d
Allow custom upgrade scripts in kubeupdater
kfox1111 May 28, 2021
13eec99
Updated rpms-containerd to pull package from Docker
plnordquist May 28, 2021
b2a08b3
Updated ingress-nginx chart to 3.34.0
plnordquist Jul 7, 2021
7f819ca
Upgraded tenant-namespace-operator
plnordquist Jul 8, 2021
1b91124
Fixed tenant-namespace-operator issues
plnordquist Jul 14, 2021
db200c1
Remove tiller
kfox1111 Aug 9, 2021
af32c29
Remove extra tiller bits.
kfox1111 Aug 11, 2021
c313360
Remove extra tiller bits.
kfox1111 Aug 11, 2021
824f599
Remove more tiller
kfox1111 Aug 12, 2021
e0026ca
Disable build of tenant-namespace
kfox1111 Aug 18, 2021
e128796
Reenable tenant-namespace
kfox1111 Aug 18, 2021
25b1200
Add missing repo
kfox1111 Aug 18, 2021
524d66e
pylint2 is broken and pretty dead. Remove.
kfox1111 Oct 6, 2021
430582d
Updated node-image ingress
plnordquist Mar 8, 2022
6748ef5
Fixed ipmi-exporter base image
plnordquist Mar 16, 2022
92e71fd
Switched to go install for pixiecore
plnordquist Mar 16, 2022
a528e79
Added dependabot config
plnordquist Mar 24, 2022
b6603c3
Build a new version of pixiecore with efi ipxe
kfox1111 Mar 31, 2022
24435c9
Update pixiecore-simpleconfig for new ingress api.
kfox1111 Apr 15, 2022
d69c5d9
Add missing path type.
kfox1111 Apr 15, 2022
5220c09
Bump chart value.
kfox1111 Apr 15, 2022
0b8652d
Add the ability to override reboot with shutdown.
kfox1111 Jun 1, 2022
2395a83
Fix volume patch
kfox1111 Jun 1, 2022
94cf1ef
Stop building k8s 1.17-19. Add 1.22-24.
kfox1111 Jun 1, 2022
1440bf1
Fixed missing update for new k8s versions
plnordquist Jun 7, 2022
b5b75f3
Update the ingress controller. Switch to native namespace labels.
kfox1111 Jun 16, 2022
8ec22b7
Fix notes
kfox1111 Jun 16, 2022
dd37f6b
[k8s-node-image] Added PDBs
plnordquist Jun 23, 2022
d8dcfc2
Updated CRDs to apiext/v1
plnordquist Jun 23, 2022
0bce841
Fixed v1 CRDs
plnordquist Jun 23, 2022
3ce1f96
Disable volume patch for gitlab runner as most of the functionality i…
kfox1111 Jun 24, 2022
6f62534
Fix ClusterRoleBinding name to be unique
kfox1111 Jun 27, 2022
9f9135b
Upgrade tenant-namespace-operator to use the new version of the tenan…
kfox1111 Jun 27, 2022
f308a0e
Bump up versions
kfox1111 Jun 27, 2022
a28db3b
Bump up versions
kfox1111 Jun 27, 2022
2b97abe
Fix ingress class name
kfox1111 Jun 29, 2022
7fc3a66
Build 0.7 of the smartctl exporter
kfox1111 Aug 5, 2022
bda20ce
Add back smartctl exporter builds
kfox1111 Aug 5, 2022
721fa26
Stop building k8s 1.20 containers
kfox1111 Aug 5, 2022
a6454e6
Disable chart builds of k8s 1.20 too.
kfox1111 Aug 5, 2022
79215d7
Support multiple configurations of smartctl-exporter in one helm rele…
kfox1111 Aug 5, 2022
3416cc6
Fix workflow
kfox1111 Aug 5, 2022
bee8d41
Add some basic monitoring rules.
kfox1111 Aug 5, 2022
4e67160
Fix prometheusrule
kfox1111 Aug 6, 2022
28e10b8
[gitlab-runner-operator] Updated chart template content from helm 3.10
plnordquist Nov 1, 2022
b9b43c1
Add openssl to debug toolbox
kfox1111 Jan 17, 2023
e071e0e
Bump actions/checkout from 2 to 3.1.0
dependabot[bot] Oct 6, 2022
a6343ec
Bump actions/checkout from 3.1.0 to 3.3.0
dependabot[bot] Jan 19, 2023
8d8a7de
qemu-guest-agent
kfox1111 Jan 24, 2023
f8471d2
Initial stab at some rock9 based images
kfox1111 Feb 15, 2023
88f2d45
Fix buildenvs
kfox1111 Feb 23, 2023
d1428f0
Build 9 containers.
kfox1111 Mar 6, 2023
99727a4
Fix yaml
kfox1111 Mar 6, 2023
c83d536
Fix run quoting
kfox1111 Mar 6, 2023
a517240
Make sure keys are available.
kfox1111 Mar 6, 2023
e4618ea
Fix up some build stuff
kfox1111 Mar 6, 2023
cc6b0d8
Try fixing the build
kfox1111 Mar 6, 2023
d459191
Fix prefix
kfox1111 Mar 7, 2023
b0bb352
Make library charts for all the 9 stuff and remove new build flags.
kfox1111 Mar 8, 2023
4ab68f1
Fix subbuild.
kfox1111 Mar 8, 2023
7b2d676
Fix image references and start building 9 chart.
kfox1111 Mar 9, 2023
6c358e9
New build
kfox1111 Mar 10, 2023
1dfb243
Fix double rpm version issue
kfox1111 Mar 10, 2023
95f1d27
Add ingress path fixes for 9.
kfox1111 Mar 13, 2023
06ba9e0
Fixed issues with nfs-utils & sssd-common packages (#54)
plnordquist Mar 16, 2023
8c4799d
Remove newbuilds.
kfox1111 Mar 17, 2023
f886feb
Added Anaconda selected packages
plnordquist Mar 20, 2023
ae6e696
Add k8s9 chart builds
kfox1111 Apr 14, 2023
9f8ed0a
Add k8s-node-image9 to the list
kfox1111 Apr 20, 2023
b40671b
Add missing package.
kfox1111 May 16, 2023
afc5478
Update Dockerfile
kfox1111 May 25, 2023
3c99949
Bump actions/checkout from 3.3.0 to 3.5.3
dependabot[bot] Jun 12, 2023
bdfa3fc
Add package for rootless dnd
kfox1111 Jun 13, 2023
9ac5b27
Add 9 1.28
kfox1111 Oct 3, 2023
51f6cd6
Add missing jobs
kfox1111 Oct 4, 2023
d33f961
Bump actions/checkout from 3.5.3 to 4.1.0
dependabot[bot] Oct 4, 2023
0e11fcd
[tenant-namespace] Updated to ingress-nginx controller 1.3.0
plnordquist Oct 12, 2023
602e992
[tenant-namespace-operator] Updated to latest tenant-namespace chart
plnordquist Oct 12, 2023
837a71c
[tenant-namespace-operator] Added support for prometheus rules in the…
plnordquist Oct 18, 2023
959918b
[rpms-kubernetes9] Migrated to pkgs.k8s.io
plnordquist Oct 18, 2023
8d55c99
[tenant-namespace-operator] Upgraded to Operator SDK v1.4.0 (#23)
plnordquist Oct 26, 2023
4b98561
[tenant-namespace-operator] Upgraded to 1.32.0 (#70)
plnordquist Nov 6, 2023
c2ff188
Fixed Ansible issues with unsafe yaml (#71)
plnordquist Nov 13, 2023
4621fe4
Make kubeupdater local key configurable
kfox1111 Dec 5, 2023
6f8e74f
Update debug-toolbox
kfox1111 Dec 11, 2023
f078789
Fix package name. Add some more tools.
kfox1111 Dec 13, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove tiller
kfox1111 committed Aug 16, 2021
commit db200c1802f15450649a195a66c04d62b89fca97
6 changes: 3 additions & 3 deletions charts/charts/magic-namespace/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Copied from helm stable repo. Maintainer switched.
apiVersion: v1
appVersion: 2.8.1
description: Elegantly enables a Tiller per namespace in RBAC-enabled clusters
appVersion: 2.8.2
description: Manage resources per namespace using Helm
home: https://github.com/kubernetes/charts/tree/master/stable/magic-namespace
maintainers:
- email: kevin.fox@pnnl.gov
name: kfox1111
#- email: kent.rancourt@microsoft.com
# name: krancour
name: magic-namespace
version: 0.5.3
version: 0.5.4
63 changes: 9 additions & 54 deletions charts/charts/magic-namespace/README.md
Original file line number Diff line number Diff line change
@@ -19,38 +19,17 @@ A common paradigm that has emerged is that _teams_ are given their own namespace
and some degree of latitude to administer that namespace, whilst not being
permitted to perform actions on _other teams'_ namespaces.

Now bring Helm/Tiller into the equation. In an RBAC-enabled cluster, Tiller is
so often granted the `cluster-admin` role-- which gives it "root" access to the
entire cluster. While such a Tiller may be suitable for use by a cluster
operator, it's _not_ suitable for use by other teams, as it presents them with
an easy avenue for escalating their privileges.

To compensate for this, a pattern that has emmerged to complement the
namespace-per-team pattern is the _tiller-per-namespace_ pattern. This has been
widely adopted in multi-tenant, RBAC-enabled clusters. Until now, cluster
operators have tended to create their own bespoke scripts for performing all
requisite setup to implement these patterns.

Magic Namespace takes the pain out of this setup. It offers cluster operators an
easy, comprehensive avenue for using _their_ Tiller to manage namespaces,
service accounts, _other Tillers_, and role bindings for their consituent
teams. Magic Namespace permits cluster operators to manage all of this using
familiar Helm-based workflows.
easy, comprehensive avenue for using helm to manage namespaces, service
accounts, and role bindings for their consituent teams. Magic Namespace permits
cluster operators to manage all of this using familiar Helm-based workflows.

## How it Works

By default, Magic Namespace creates a service account for Tiller in the
designated namespace and binds it to the `admin` role for that namespace. It
also creates a deployment that utilizes this service account. This can be
disabled or configured further, but the default behavior is sensible. In fact,
the defaults _closes_ a variety of known Tiller-based attack vectors.

Magic Namespace also offers cluster operators to define additional service
accounts and role bindings for use within the namespace. _Typically, it would
be a good idea to define at least one role binding that grants a user or group
administrative privileges in the namespace._ Absent this, the namespace's own
Tiller will function, but no user (other than the cluster operator) will be
capable of interacting with it via Helm.
Magic Namespace offers cluster operators to define additional service accounts
and role bindings for use within the namespace. _Typically, it would be a good
idea to define at least one role binding that grants a user or group
administrative privileges in the namespace.

## Prerequisites

@@ -106,21 +85,14 @@ $ helm install stable/magic-namespace \

Deleting a release of a Magic Namespace will _not_ delete the namespace,
unless you have used the optional ```namespace``` setting. It will
only delete the Tiller, service accounts, role bindings, etc. from that
only delete service accounts, role bindings, etc. from that
namespace. This is actually desirable behavior, as anything the team has
deployed within that namespace is likely to be unaffected, though further
deployments to and management of that namespace will not be possible by anyone
other than the cluster operator.

If you have used the ```namespace``` setting, deleting the release will cleanup
all releases deployed with the tiller in the Magic Namespace, along with the
namespace. If other tillers, such as the one in ```kube-system``` have
deployed charts into the Magic Namespace, they will get orphaned when the namespace is
removed, but they can still be removed with the standard ```helm delete <name> --purge``` command.

```bash
$ helm delete foo --purge
```
the namespace.

## Configuration

@@ -130,23 +102,6 @@ reference the default `values.yaml` to understand further options.

| Parameter | Description | Default |
|-----------|-------------|---------|
| `tiller.enabled` | Whether to include a Tiller in the namespace | `true` |
| `tiller.replicaCount` | The number of Tiller replicas to run | `1` |
| `tiller.image.repository` | The Docker image to use for Tiller, minus version/label | `gcr.io/kubernetes-helm/tiller` |
| `tiller.image.tag` | The specific version/label of the Docker image used for Tiller | `v2.8.1` |
| `tiller.image.pullPolicy` | The pull policy to utilize when pulling Tiller images from a Docker repsoitory | `IfNotPresent` |
| `tiller.maxHistory` | The maximum number of releases Tiller should remember. A value of `0` is interpreted as no limit. | `0` |
| `tiller.role.type` | Identify the kind of role (`Role` or `ClusterRole`) that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `ClusterRole` |
| `tiller.role.type` | Identify the name of the `Role` or `ClusterRole` that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `admin` |
| `tiller.includeService` | This deploys a service resource for Tiller. This is not generally needed. Please understand the security implications of this before overriding the default. | `false` |
| `tiller.onlyListenOnLocalhost` | This prevents Tiller from binding to `0.0.0.0`. This is generally advisable to close known Tiller-based attack vectors. Please understand the security implications of this before overriding the default. | `true` |
| `tiller.storage` | The storage driver for Tiller to use. One of `configmap`, `memory`, or `secret` | `configmap` |
| `tiller.tls.enabled` | Whether to enable TLS encryption between Helm and Tiller. Specify either `tiller.tls.secretName` to mount an existing secret, or `tiller.tls.ca`, `tiller.tls.cert` and `tiller.tls.key` to create a secret from Base64 provided values | `false` |
| `tiller.tls.verify` | Whether to verify a remote Tiller certificate. | `true` |
| `tiller.tls.secretName` | Mount an existing TLS secret into the Tiller container. The secret must include data keys: `ca.crt`, `tls.crt` and `tls.key` | `nil` |
| `tiller.tls.ca` | Base64 encoded string to mount ca.crt into the Tiller container. This value requires `tiller.tls.cert` and `tiller.tls.key` to also be set. | `nil` |
| `tiller.tls.cert` | Base64 encoded string to mount tls.cert into the Tiller container. This value requires `tiller.tls.ca and `tiller.tls.key` to also be set. | `nil` |
| `tiller.tls.key` | Base64 encoded string to mount tls.key into the Tiller container. This value requires `tiller.tls.ca` and `tiller.tls.cert` to also be set. | `nil` |
| `serviceAccounts` | An optional array of names of additional service account to create | `nil` |
| `roleBindings` | An optional array of objects that define role bindings | `nil` |
| `roleBindings[n].role.kind` | Identify the kind of role (`Role` or `ClusterRole`) to be used in the role binding | |
19 changes: 0 additions & 19 deletions charts/charts/magic-namespace/templates/secret.yaml

This file was deleted.

118 changes: 0 additions & 118 deletions charts/charts/magic-namespace/templates/tiller-deployment.yaml

This file was deleted.

28 changes: 0 additions & 28 deletions charts/charts/magic-namespace/templates/tiller-rolebinding.yaml

This file was deleted.

25 changes: 0 additions & 25 deletions charts/charts/magic-namespace/templates/tiller-service.yaml

This file was deleted.

15 changes: 0 additions & 15 deletions charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml

This file was deleted.

10 changes: 5 additions & 5 deletions charts/charts/tenant-namespace/Chart.yaml
Original file line number Diff line number Diff line change
@@ -2,18 +2,18 @@ apiVersion: v2
type: application
description: Chart for setting up a tenants namespace with all the goodies
name: tenant-namespace
version: 0.7.8
version: 0.7.9
appVersion: "1.0"
dependencies:
- name: magic-namespace
alias: adminmagicnamespace
version: "0.5.2"
repository: "https://charts.helm.sh/stable"
version: "0.5.4"
repository: "https://pnnl-miscscripts.github.io/charts"
condition: adminmagicnamespace.enabled
- name: magic-namespace
alias: magicnamespace
version: "0.5.2"
repository: "https://charts.helm.sh/stable"
version: "0.5.4"
repository: "https://pnnl-miscscripts.github.io/charts"
- name: ingress-nginx
alias: ingress
version: "3.34.0"