diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c43ebe..334cde3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - VERSION: 0.11.0-RC1 + VERSION: 0.11.0-RC2 jobs: build: @@ -19,7 +19,7 @@ jobs: image-digest: ${{ steps.image-info.outputs.image_digest }} steps: - name: Checkout source code - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.0 - name: Set up Carvel uses: carvel-dev/setup-action@v1.3.0 @@ -87,7 +87,7 @@ jobs: IMAGE_DIGEST: ${{ needs.build.outputs.image-digest }} steps: - name: Install Cosign - uses: sigstore/cosign-installer@v3.0.1 + uses: sigstore/cosign-installer@v3.0.2 - name: Log into container registry uses: redhat-actions/podman-login@v1.6 diff --git a/repo/packages/contour.packages.kadras.io/1.24.3+kadras.1.yml b/repo/packages/contour.packages.kadras.io/1.24.3+kadras.1.yml new file mode 100644 index 0000000..02c6032 --- /dev/null +++ b/repo/packages/contour.packages.kadras.io/1.24.3+kadras.1.yml @@ -0,0 +1,222 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: contour.packages.kadras.io.1.24.3+kadras.1 +spec: + licenses: + - Apache 2.0 + refName: contour.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-contour/releases + releasedAt: "2023-04-09T20:21:58Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + - --kube-api-qps=50 + - --kube-api-burst=100 + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-contour@sha256:0c532f64333cc088407fda1fc1a685949d1caf1b48a61ba7445f4c13a34b854f + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + certificates: + additionalProperties: false + description: TLS configuration to secure the communication between Contour + and Envoy. + properties: + duration: + default: 8760h + description: If using cert-manager, how long the certificates should + be valid for. If `useCertManager` is false, this field is ignored. + type: string + renewBefore: + default: 360h + description: If using cert-manager, how long before expiration the certificates + should be renewed. If `useCertManager` is false, this field is ignored. + type: string + useCertManager: + default: true + description: 'Whether to use cert-manager to provision TLS certificates + for securing the communication between Contour and Envoy. If `false`, + the `contour-certgen` Job will be used to provision certificates. + If `true`, cert-manager must be installed in the cluster. See: https://github.com/kadras-io/package-for-cert-manager.' + type: boolean + type: object + contour: + additionalProperties: false + description: Settings for the Contour component. + properties: + config: + additionalProperties: false + description: Configuration for the Contour Deployment. + properties: + logFormat: + default: text + description: Log output format for Contour. Either `text` (default) + or `json`. + type: string + logLevel: + default: info + description: The Contour log level. Valid options are `info` and + `debug`. + type: string + useProxyProtocol: + default: false + description: Whether to enable PROXY protocol for all Envoy listeners. + type: boolean + type: object + configFileContents: + default: {} + description: The YAML contents of the Contour config file. See https://projectcontour.io/docs/latest/configuration/#configuration-file + for more information. + nullable: true + replicas: + default: 2 + description: The number of Contour replicas. In order to enable high + availability, it should be greater than 1. + type: integer + type: object + envoy: + additionalProperties: false + description: Settings for the Envoy component. + properties: + config: + additionalProperties: false + description: Configuration for the Envoy workload. + properties: + logLevel: + default: info + description: The Envoy log level. + type: string + type: object + service: + additionalProperties: false + description: Envoy service settings. + properties: + annotations: + default: null + description: Annotations to set on the Envoy service. + nullable: true + aws: + additionalProperties: false + description: AWS-specific settings for the Envoy service. If `infrastructureProvider` + is not `aws`, these settings are ignored. + properties: + loadBalancerType: + default: classic + description: The type of AWS load balancer to provision. Options + are 'classic' and 'nlb'. + type: string + type: object + externalTrafficPolicy: + default: null + description: The external traffic policy for the Envoy service. + If type is `ClusterIP`, this field is ignored. Otherwise, it defaults + to `Cluster` for vsphere and `Local` for others. + nullable: true + type: string + loadBalancerIP: + default: "" + description: The desired load balancer IP. If `type` is not `LoadBalancer', + this field is ignored. It is up to the cloud provider whether + to honor this request. If not specified, then load balancer IP + will be assigned by the cloud provider. + type: string + nodePorts: + additionalProperties: false + description: NodePort settings for the Envoy service. If type is + not `NodePort` or `LoadBalancer`, these settings are ignored. + properties: + http: + default: 0 + description: The node port number to expose Envoy's HTTP listener + on. If not specified, a node port will be auto-assigned by + Kubernetes. + type: integer + https: + default: 0 + description: The node port number to expose Envoy's HTTPS listener + on. If not specified, a node port will be auto-assigned by + Kubernetes. + type: integer + type: object + type: + default: null + description: The type of Kubernetes service to provision for Envoy. + If not specified, it will default to `NodePort` for local and + vsphere and `LoadBalancer` for others. + nullable: true + type: string + type: object + workload: + additionalProperties: false + description: Envoy workload settings. + properties: + hostNetwork: + default: false + description: Whether to enable host networking for the Envoy pods. + type: boolean + hostPorts: + additionalProperties: false + description: Host port settings for the Envoy pods. + properties: + enabled: + default: false + description: Whether to enable host ports. If false, http & + https are ignored. + type: boolean + http: + default: 80 + description: If enabled, the host port number to expose Envoy's + HTTP listener on. + type: integer + https: + default: 443 + description: If enabled, the host port number to expose Envoy's + HTTPS listener on. + type: integer + type: object + replicas: + default: 2 + description: The number of Envoy replicas to deploy when `type` + is set to `Deployment`. + type: integer + terminationGracePeriodSeconds: + default: 300 + description: The termination grace period, in seconds, for the Envoy + pods. + type: integer + type: + default: DaemonSet + description: The type of Kubernetes workload that Envoy is deployed + as. Options are `Deployment` or `DaemonSet`. If not specified, + it defaults to `DaemonSet`. + type: string + type: object + type: object + infrastructureProvider: + default: null + description: The underlying infrastructure provider. Options are `aws`, + `azure`, `local` and `vsphere`. This field is not required, but it enables + better validation and defaulting if provided. + nullable: true + type: string + namespace: + default: projectcontour + description: The namespace in which to deploy Contour and Envoy. + type: string + type: object + version: 1.24.3+kadras.1 diff --git a/repo/packages/knative-serving.packages.kadras.io/1.9.3+kadras.1.yml b/repo/packages/knative-serving.packages.kadras.io/1.9.3+kadras.1.yml new file mode 100644 index 0000000..c0e2abc --- /dev/null +++ b/repo/packages/knative-serving.packages.kadras.io/1.9.3+kadras.1.yml @@ -0,0 +1,230 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: knative-serving.packages.kadras.io.1.9.3+kadras.1 +spec: + licenses: + - Apache 2.0 + refName: knative-serving.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-knative-serving/releases + releasedAt: "2023-04-09T20:50:31Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-knative-serving@sha256:1a2c2097864d408b01587e03255d0276245a19f56c96766264e0a598ea48e322 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data to trust TLS connections with + a custom CA. + type: string + config: + additionalProperties: false + description: Settings for the Knative Serving ConfigMaps. + properties: + network: + additionalProperties: false + description: Network configuration stored in the `config-network` ConfigMap. + properties: + default-external-scheme: + default: http + description: Defines the scheme used for external URLs if autoTLS + is not enabled. This can be used for making Knative report all + URLs as `https`, for example, if you're fronting Knative with + an external loadbalancer that deals with TLS termination and Knative + doesn't know about that otherwise. + type: string + domain-template: + default: '{{.Name}}.{{.Namespace}}.{{.Domain}}' + description: The golang text template string to use when constructing + the Knative Service's DNS name. + type: string + http-protocol: + default: Enabled + description: 'Controls the behavior of the HTTP endpoint for the + Knative ingress. `Enabled`: The Knative ingress will be able to + serve HTTP connection. `Redirected`: The Knative ingress will + send a 301 redirect for all http connections, asking the clients + to use HTTPS.' + type: string + namespace-wildcard-cert-selector: + default: "" + description: A LabelSelector which determines which namespaces should + have a wildcard certificate provisioned. + type: string + rollout-duration: + default: 0 + description: The minimal duration in seconds over which the Configuration + traffic targets are rolled out to the newest revision. + type: integer + type: object + tracing: + additionalProperties: false + description: Network configuration stored in the `config-tracing` ConfigMap. + properties: + backend: + default: none + description: The type of distributed tracing backend. + type: string + debug: + default: "false" + description: Enable the Zipkin debug mode. This allows all spans + to be sent to the server bypassing sampling. + type: string + sample-rate: + default: "0.1" + description: The percentage (0-1) of requests to trace. + type: string + zipkin-endpoint: + default: http://tempo.observability-system.svc.cluster.local:9411/api/v2/spans + description: The Zipkin collector endpoint where traces are sent. + type: string + type: object + type: object + domain_name: + default: "" + description: Domain name for Knative Services. It must be a valid DNS name. + Stored in the `config-domain` ConfigMap. + type: string + ingress: + additionalProperties: false + description: Settings for the Ingress controller. + properties: + contour: + additionalProperties: false + description: Ingress configuration stored in the `config-contour` ConfigMap. + properties: + default-tls-secret: + default: "" + description: If auto-TLS is disabled, fallback to this certificate. + An operator is required to setup a TLSCertificateDelegation for + this Secret to be used. + type: string + external: + additionalProperties: false + description: Configuration for the external Ingress controller + properties: + namespace: + default: projectcontour + description: The namespace where the external Ingress controller + is installed. + type: string + type: object + internal: + additionalProperties: false + description: Configuration for the internal Ingress controller + properties: + namespace: + default: projectcontour + description: The namespace where the internal Ingress controller + is installed. + type: string + type: object + type: object + type: object + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + proxy: + additionalProperties: false + description: Settings for the corporate proxy. + properties: + http_proxy: + default: "" + description: The HTTP proxy to use for network traffic + type: string + https_proxy: + default: "" + description: The HTTPS proxy to use for network traffic + type: string + no_proxy: + default: "" + description: A comma-separated list of hostnames, IP addresses, or IP + ranges in CIDR format that should not use a proxy + type: string + type: object + tls: + additionalProperties: false + description: Settings for TLS certificates. + properties: + certmanager: + additionalProperties: false + description: Cert Manager configuration stored in the `config-certmanager` + ConfigMap. + properties: + clusterissuer: + default: "" + description: A reference to the ClusterIssuer to use if you want + to enable autoTLS. + type: string + type: object + type: object + workloads: + additionalProperties: false + description: Settings for the Knative Serving workloads. + properties: + activator: + additionalProperties: false + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than + 1. + type: integer + type: object + autoscaler: + additionalProperties: false + properties: + replicas: + default: 1 + description: The number of replicas for this Deployment. In order + to enable high availability, it should be greater than 1. + type: integer + type: object + controller: + additionalProperties: false + properties: + replicas: + default: 1 + description: The number of replicas for this Deployment. In order + to enable high availability, it should be greater than 1. + type: integer + type: object + webhook: + additionalProperties: false + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than + 1. + type: integer + type: object + type: object + type: object + version: 1.9.3+kadras.1 diff --git a/repo/packages/workspace-provisioner.packages.kadras.io/0.1.1.yml b/repo/packages/workspace-provisioner.packages.kadras.io/0.1.1.yml new file mode 100644 index 0000000..e361667 --- /dev/null +++ b/repo/packages/workspace-provisioner.packages.kadras.io/0.1.1.yml @@ -0,0 +1,123 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: workspace-provisioner.packages.kadras.io.0.1.1 +spec: + licenses: + - Apache 2.0 + refName: workspace-provisioner.packages.kadras.io + releaseNotes: https://github.com/kadras-io/workspace-provisioner/releases + releasedAt: "2023-04-09T20:47:52Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/workspace-provisioner@sha256:1c6d72d155a3378c4c46aeee795c1bedeafe198b0e2ccbb78e9e3203ef4292c5 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + cosign: + additionalProperties: false + description: Settings for Cosign, used for signing and verifying OCI artifacts. + properties: + secret: + additionalProperties: false + description: Configuration for the Secret holding the Cosign key pair. + properties: + name: + default: "" + description: The name of the Secret holding the Cosign key pair. + type: string + namespace: + default: "" + description: The namespace of the Secret holding the Cosign key + pair. + type: string + type: object + type: object + git: + additionalProperties: false + description: Configuration to access the Git repositories used in the GitOps + workflows. + properties: + credentials: + additionalProperties: false + description: Configuration for Git credentials. + properties: + password: + default: "" + description: The password to access the Git repositories. + type: string + username: + default: "" + description: The username to access the Git repositories. + type: string + type: object + secret: + additionalProperties: false + description: Configuration for the Secret holding the Git credentials. + properties: + name: + default: supply-chain-git-credentials + description: The name of the Secret holding the Git credentials. + type: string + type: object + server: + default: https://github.com + description: The Git server hosting the Git repositories used in the + GitOps workflows. + type: string + type: object + namespaces: + default: [] + description: Configuration for the namespaces the platform will provision + and manage. + items: + additionalProperties: false + description: Details about the namespace to configure. + properties: + name: + default: "" + type: string + type: object + type: array + oci_registry: + additionalProperties: false + description: Settings for the OCI registry that the workspace will use. + properties: + secret: + additionalProperties: false + description: Configuration for the Secret holding the credentials to + access the OCI registry. + properties: + name: + default: "" + description: The name of the Secret holding the credentials to access + the OCI registry. + type: string + namespace: + default: "" + description: The namespace of the Secret holding the credentials + to access the OCI registry. + type: string + type: object + type: object + service_account: + default: default + description: The `ServiceAccount` to be configured with credentials and + roles in each workspace. + type: string + type: object + version: 0.1.1 diff --git a/repo/packages/workspace-provisioner.packages.kadras.io/metadata.yml b/repo/packages/workspace-provisioner.packages.kadras.io/metadata.yml new file mode 100644 index 0000000..91aeb81 --- /dev/null +++ b/repo/packages/workspace-provisioner.packages.kadras.io/metadata.yml @@ -0,0 +1,17 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: PackageMetadata +metadata: + creationTimestamp: null + name: workspace-provisioner.packages.kadras.io +spec: + categories: + - environment provisioning + displayName: workspace-provisioner + longDescription: Provisions and configures workspaces for the platform users, such + as application developers. A workspace can be a namespace or a virtual cluster. + maintainers: + - name: Thomas Vitale + providerName: Kadras + shortDescription: Provisions and configures workspaces for the platform users. + supportDescription: Go to https://kadras.io for documentation and https://github.com/kadras-io/workspace-provisioner + for community support.