[dev-v2.9] Csp adapter release v4.0.0 rc1

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/Chart.yaml

@@ -0,0 +1,17 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher CSP Adapter
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-csp-adapter-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
+  catalog.cattle.io/release-name: rancher-csp-adapter
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 4.0.0-rc1
+description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher
+  entitlements against usage.
+name: rancher-csp-adapter
+version: 104.0.0+up4.0.0-rc1

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/templates/_helpers.tpl

@@ -0,0 +1,57 @@
+{{- define "csp-adapter.labels" -}}
+app: rancher-csp-adapter
+{{- end }}
+
+{{- define "csp-adapter.outputConfigMap" -}}
+csp-config
+{{- end }}
+
+{{- define "csp-adapter.outputNotification" -}}
+csp-compliance
+{{- end }}
+
+{{- define "csp-adapter.cacheSecret" -}}
+csp-adapter-cache
+{{- end }}
+
+{{- define "csp-adapter.hostnameSetting" -}}
+server-url
+{{- end }}
+
+{{- define "csp-adapter.versionSetting" -}}
+server-version
+{{- end }}
+
+{{- define "csp-adapter.csp" -}}
+{{- if .Values.aws -}}
+    {{- if .Values.aws.enabled -}}
+aws
+    {{- end -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end }}
+
+{{- define "csp-adapter.awsValuesSet" -}}
+{{- if .Values.aws -}}
+    {{- if and .Values.aws.accountNumber .Values.aws.roleName -}}
+    true
+    {{- else -}}
+    false
+    {{- end -}}
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+    {{- if eq (include "csp-adapter.csp" .) "aws" -}}
+    {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}}
+    {{- else -}}
+    {{- "" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/templates/deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - env:
+        - name: CATTLE_DEBUG
+          value: {{ .Values.debug | quote }}
+        - name: CATTLE_DEV_MODE
+          value: {{ .Values.devMode | quote }}
+        - name: K8S_OUTPUT_CONFIGMAP
+          value: '{{ template "csp-adapter.outputConfigMap"  }}'
+        - name: K8S_OUTPUT_NOTIFICATION
+          value: '{{ template "csp-adapter.outputNotification" }}'
+        - name: K8S_CACHE_SECRET
+          value: '{{ template "csp-adapter.cacheSecret"  }}'
+        - name: K8S_HOSTNAME_SETTING
+          value: '{{ template "csp-adapter.hostnameSetting"  }}'
+        - name: K8S_RANCHER_VERSION_SETTING
+          value: '{{ template "csp-adapter.versionSetting"  }}'
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: {{ .Chart.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+{{- if .Values.additionalTrustedCAs }}
+        volumeMounts:
+          - mountPath: /etc/ssl/certs/rancher-cert.pem
+            name: tls-ca-volume
+            subPath: ca-additional.pem
+            readOnly: true
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+{{- if .Values.additionalTrustedCAs }}
+      volumes:
+        - name: tls-ca-volume
+          secret:
+            defaultMode: 0444
+            secretName: tls-ca-additional
+{{- end }}

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/templates/rbac.yaml

@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-cluster-role
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  resourceNames:
+  - {{ template "csp-adapter.outputNotification" }}
+  verbs:
+  - "*"
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  verbs:
+  - create
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  resourceNames:
+  - {{ template "csp-adapter.hostnameSetting"  }}
+  - {{ template "csp-adapter.versionSetting"  }}
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-role
+  namespace: cattle-csp-adapter-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ template "csp-adapter.cacheSecret"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - {{ template "csp-adapter.outputConfigMap"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-binding
+  namespace: cattle-csp-adapter-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/templates/serviceAccount.yaml

@@ -0,0 +1,17 @@
+{{- if eq (include "csp-adapter.csp" . ) "aws" -}}
+  {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}}
+  {{- else -}}
+  {{- fail "If the aws provider is enabled, account number and role name must be provided" -}}
+  {{- end -}}
+{{- else -}}
+{{- fail "One cloud provider must be enabled" -}}
+{{- end -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+  {{- if eq (include "csp-adapter.csp" . ) "aws" }}
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }}
+  {{- end }}

charts/rancher-csp-adapter/104.0.0+up4.0.0-rc1/values.yaml

@@ -0,0 +1,24 @@
+debug: false
+# used for development only - not supported in production
+devMode: false
+
+image:
+  repository: rancher/rancher-csp-adapter
+  tag: v4.0.0-rc1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+tolerations: []
+
+# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the
+# readme/docs for more details
+#additionalTrustedCAs: true
+
+# at least one csp must be enabled like below
+aws:
+  enabled: false
+  accountNumber: ""
+  roleName: ""

index.yaml

@@ -9912,6 +9912,27 @@ entries:
     - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-csp-adapter:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher CSP Adapter
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-csp-adapter-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
+      catalog.cattle.io/release-name: rancher-csp-adapter
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 4.0.0-rc1
+    created: "2024-05-01T12:06:18.022559802-07:00"
+    description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors
+      Rancher entitlements against usage.
+    digest: 1d5ba56099c57b9ef8f15173a6649f795200b575c0aad269cd4185bdf9c35c7a
+    name: rancher-csp-adapter
+    urls:
+    - assets/rancher-csp-adapter/rancher-csp-adapter-104.0.0+up4.0.0-rc1.tgz
+    version: 104.0.0+up4.0.0-rc1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Rancher CSP Adapter

packages/rancher-csp-adapter/package.yaml

@@ -1,2 +1,2 @@
-url: https://github.com/rancher/csp-adapter/releases/download/v3.0.0/rancher-csp-adapter-3.0.0.tgz
-version: 103.0.0
+url: https://github.com/rancher/csp-adapter/releases/download/v4.0.0-rc1/rancher-csp-adapter-4.0.0-rc1.tgz
+version: 104.0.0

release.yaml

@@ -193,6 +193,7 @@ sriov-crd:
 rancher-csp-adapter:
   - 2.0.4
   - 103.0.1+up3.0.1
+  - 104.0.0+up4.0.0-rc1
 rancher-pushprox:
   - 102.0.2
   - 103.0.1