First apps

.gitignore

@@ -0,0 +1,4 @@
+/.idea
+/bamboo-specs/src/main/resources/.credentials
+/bamboo-specs/.idea
+/bamboo-specs/target

apps/dragonfly-operator/argocd.json

@@ -0,0 +1,34 @@
+{
+  "apiVersion": "ysoft.com/v1",
+  "source": {
+    "repoURL": "https://repo.app.ysoft.com/scm/aws/k8s-apps.git",
+    "path": "helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl",
+    "chartRevision": "argocd",
+    "valuesRevision": "argocd",
+    "chart": ""
+  },
+  "destination": {
+    "namespace": "dragonfly-operator"
+  },
+  "syncPolicy": {
+    "syncOptions": {
+      "ServerSideApply": true,
+      "CreateNamespace": true
+    }
+  },
+  "valueFiles": [
+    "values/registry/%provider%-%stage%-values.yaml",
+    "values/app-version/%stage%-values.yaml"
+  ],
+  "stages": {
+    "poc": {
+      "enabled": false
+    },
+    "dev": {
+      "enabled": true
+    },
+    "prod": {
+      "enabled": true
+    }
+  }
+}

apps/dragonfly-operator/sources.yaml

@@ -0,0 +1,12 @@
+dragonfly-operator:
+
+  chart:
+    sourceRepo:  https://art.corp.ysoft.com/artifactory/helm-internal/
+
+  rbacProxy:
+    image:
+      sourceRepo: docker.dragonflydb.io/dragonflydb/operator
+
+  manager:
+    image:
+      sourceRepo: quay.io/brancz/kube-rbac-proxy

apps/dragonfly-operator/values/app-version/dev-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    tag: v0.13.1
+
+manager:
+  image:
+    tag: v1.1.10

apps/dragonfly-operator/values/app-version/poc-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    tag: v0.13.1
+
+manager:
+  image:
+    tag: v1.1.10

apps/dragonfly-operator/values/app-version/prod-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    tag: v0.13.1
+
+manager:
+  image:
+    tag: v1.1.10

apps/dragonfly-operator/values/app-version/staging-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    tag: v0.13.1
+
+manager:
+  image:
+    tag: v1.1.10

apps/dragonfly-operator/values/registry/aws-dev-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/kube-rbac-proxy
+
+manager:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/dragonfly-operator

apps/dragonfly-operator/values/registry/aws-poc-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/kube-rbac-proxy
+
+manager:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/dragonfly-operator

apps/dragonfly-operator/values/registry/aws-prod-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/kube-rbac-proxy
+
+manager:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/dragonfly-operator

apps/dragonfly-operator/values/registry/otc-dev-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/kube-rbac-proxy
+
+manager:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/dragonfly-operator

apps/dragonfly-operator/values/registry/otc-prod-values.yaml

@@ -0,0 +1,7 @@
+rbacProxy:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/kube-rbac-proxy
+
+manager:
+  image:
+    repository: 981311310930.dkr.ecr.eu-west-1.amazonaws.com/system_apps/dragonfly-operator

argocd/base/apps/argocd.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  project: default
+  sources:
+  - repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
+    path: argocd/base/install
+    targetRevision: argocd
+  - repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
+    path: argocd/base/config
+    targetRevision: argocd
+  - repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
+    path: argocd/base/apps
+    targetRevision: argocd
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true

argocd/base/apps/k8s-apps-helm-application-set-v1.yaml

@@ -0,0 +1,85 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: k8s-apps-helm-application-set-v1
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/debug: "true"
+spec:
+  goTemplate: true
+  goTemplateOptions: [ "missingkey=error" ]
+  applyNestedSelectors: true
+  generators:
+    # Create a matrix generator that will install all chart in all clusters
+    - matrix:
+        generators:
+          - matrix:
+              generators:
+                # Get all clusters, that are appropriately labeled
+                - clusters:
+                    selector:
+                      matchExpressions:
+                        - key: stage-name
+                          operator: Exists
+                        - key: cluster-name
+                          operator: Exists
+                # In this repo, find all files named argocd.json.
+                # The files are expected to contain {apiVersion: "ysoft.com/v1"}
+                - git:
+                    repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
+                    revision: argocd
+                    files:
+                      - path: "apps/**/argocd.json"
+                    values:
+                      stageName: '{{ index .metadata.labels "stage-name" }}'
+                      clusterName: '{{ index .metadata.labels "cluster-name" }}'
+                      provider: '{{ index .metadata.labels "provider" | default "aws" }}'
+                  selector:
+                    matchLabels:
+                      apiVersion: "ysoft.com/v1"
+          - list:
+              # List of one element is a workaround to Argo's inabilility to access '.values.enabled' (which is a result of git generator) in a selector.
+              # The list generator transforms that into '.enabled', which works
+              # As a side effect, it also allows access to previously defined values, like '.values.stageName'
+              elements:
+                # The selector also had troubles with booleans vs. strings, hence the 'yes' and not 'true'
+                - enabled: '{{ dig "stages" .values.stageName "enabled" false . | ternary "yes" "" }}'
+                  appName: '{{ .path.basename }}'
+            selector:
+              matchLabels:
+                enabled: "yes"
+  template:
+    metadata:
+      name: "{{ .path.basename }}-{{.values.stageName }}-{{ .values.clusterName }}"
+    spec:
+      project: default
+      destination:
+        server: "{{.server}}"
+        namespace: "{{ .destination.namespace }}"
+      syncPolicy:
+        automated:
+          prune: true
+        syncOptions:
+          - ServerSideApply={{ dig "syncPolicy" "syncOptions" "ServerSideApply" "true" . }}
+          - CreateNamespace={{ dig "syncPolicy" "syncOptions" "CreateNamespace" "true" . }}
+  templatePatch: |
+    spec:
+      sources:
+        # First source is for value files
+        # Default revision is HEAD but can be overriden with clusters.${name}.valuesRevision
+        - repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
+          targetRevision: '{{ dig "stages" .values.stageName "valuesRevision" (dig "valuesRevision" "" .source) . }}'
+          ref: values
+        # Second source is for chart
+        # Default revision is .source.targetRevision but can be overriden with clusters.${name}.chartRevision
+        - repoURL: "{{ .source.repoURL }}"
+          targetRevision: '{{ dig "stages" .values.stageName "chartRevision" (dig "chartRevision" "" .source)  . }}'
+          ref: chart
+          chart: '{{ default "" .source.chart }}'
+          path: '{{ default "" .source.path }}'
+          helm:
+            releaseName: "{{ .path.basename }}"
+            valueFiles: {{- $v := .values }}{{- $ := . }}
+            {{- range $valueFile := ( .valueFiles ) }}
+              - $values/apps/{{$.appName}}/{{ $valueFile | replace "%provider%" $v.provider | replace "%stage%" $v.stageName | replace "%cluster%" $v.clusterName  }}
+            {{- end }}

argocd/base/apps/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - argocd.yaml
+  - k8s-apps-helm-application-set-v1.yaml

argocd/base/config/cmd-params.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-cmd-params-cm
+    app.kubernetes.io/part-of: argocd
+  name: argocd-cmd-params-cm
+  namespace: argocd
+data:
+  server.insecure: "true"

argocd/base/config/config.yaml

@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+  name: argocd-cm
+  namespace: argocd
+data:
+  oidc.config: |
+    name: Ysoft SSO
+    issuer: https://sso.ysoft.cloud/auth/realms/SafeQEdgeCore
+    clientID: argocd
+    enablePKCEAuthentication: true
+    requestedScopes: ["openid", "profile", "email", "groups"]
+  url: "https://web.argo.ysoft-dev.com"
+  resource.customizations.ignoreResourceUpdates.ConfigMap: |
+    jqPathExpressions:
+      # Ignore the cluster-autoscaler status
+      - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
+      # Ignore the annotation of the legacy Leases election
+      - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
+  resource.customizations.ignoreResourceUpdates.Endpoints: |
+    jsonPointers:
+      - /metadata
+      - /subsets
+  resource.customizations.ignoreResourceUpdates.all: |
+    jsonPointers:
+      - /status
+  resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
+    jqPathExpressions:
+      - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
+      - '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
+      - '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
+  resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
+    jqPathExpressions:
+      - '.metadata.annotations."notified.notifications.argoproj.io"'
+      - '.metadata.annotations."argocd.argoproj.io/refresh"'
+      - '.metadata.annotations."argocd.argoproj.io/hydrate"'
+      - '.operation'
+  resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
+    jqPathExpressions:
+      - '.metadata.annotations."notified.notifications.argoproj.io"'
+  resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
+    jqPathExpressions:
+      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
+      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
+      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
+      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
+  resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
+    jsonPointers:
+      - /metadata
+      - /endpoints
+      - /ports
+  resource.exclusions: |
+    ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
+    - apiGroups:
+      - ''
+      - discovery.k8s.io
+      kinds:
+      - Endpoints
+      - EndpointSlice
+    ### Internal Kubernetes resources excluded reduce the number of watched events
+    - apiGroups:
+      - apiregistration.k8s.io
+      kinds:
+      - APIService
+    - apiGroups:
+      - coordination.k8s.io
+      kinds:
+      - Lease
+    ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
+    - apiGroups:
+      - authentication.k8s.io
+      - authorization.k8s.io
+      kinds:
+      - SelfSubjectReview
+      - TokenReview
+      - LocalSubjectAccessReview
+      - SelfSubjectAccessReview
+      - SelfSubjectRulesReview
+      - SubjectAccessReview
+    ### Intermediate Certificate Request excluded reduce the number of watched events
+    - apiGroups:
+      - certificates.k8s.io
+      kinds:
+      - CertificateSigningRequest
+    - apiGroups:
+      - cert-manager.io
+      kinds:
+      - CertificateRequest
+    ### Cilium internal resources excluded reduce the number of watched events and UI Clutter
+    - apiGroups:
+      - cilium.io
+      kinds:
+      - CiliumIdentity
+      - CiliumEndpoint
+      - CiliumEndpointSlice
+    ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
+    - apiGroups:
+      - kyverno.io
+      - reports.kyverno.io
+      - wgpolicyk8s.io
+      kinds:
+      - PolicyReport
+      - ClusterPolicyReport
+      - EphemeralReport
+      - ClusterEphemeralReport
+      - AdmissionReport
+      - ClusterAdmissionReport
+      - BackgroundScanReport
+      - ClusterBackgroundScanReport
+      - UpdateRequest

argocd/base/config/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - cmd-params.yaml
+  - config.yaml
+  - rbac.yaml

argocd/base/config/rbac.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-rbac-cm
+    app.kubernetes.io/part-of: argocd
+  name: argocd-rbac-cm
+  namespace: argocd
+data:
+  policy.csv: |
+    g, ArgoCDAdmins, role:admin
+    g, Y Soft Corporation a.s. Users, role:readonly

argocd/base/install/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - argocd.yaml

argocd/base/install/update.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env sh
+
+set -e
+
+VERSION=$1
+if [ -z "$VERSION" ]; then
+  echo "Usage: $0 <version>"
+  echo "Example: $0 v3.0.0-rc4"
+  exit 1
+fi
+
+URL="https://raw.githubusercontent.com/argoproj/argo-cd/$VERSION/manifests/install.yaml"
+
+echo "Downloading ArgoCD version $VERSION from $URL"
+
+cat >argocd.yaml <<EOF
+# Source:
+# $URL
+# To update, use ./update.sh <version>
+
+EOF
+
+if ! curl -sS -f -o - $URL >> argocd.yaml; then
+  echo "Error: Failed to download ArgoCD version $VERSION"
+  exit 1
+fi

argocd/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - install
+  - config
+  - apps

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: v1.1.10
+description: A Helm chart for dragonfly-operator
+name: dragonfly-operator
+type: application
+version: v1.1.10

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/_helpers.tpl

@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dragonfly-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dragonfly-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dragonfly-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "dragonfly-operator.labels" -}}
+helm.sh/chart: {{ include "dragonfly-operator.chart" . }}
+{{ include "dragonfly-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/created-by: {{ include "dragonfly-operator.name" . }}
+app.kubernetes.io/part-of: {{ include "dragonfly-operator.name" . }}
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "dragonfly-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dragonfly-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dragonfly-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "dragonfly-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/clusterrolebindings.yaml

@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-manager-clusterrolebinding
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "dragonfly-operator.fullname" . }}-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dragonfly-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-proxy-clusterrolebinding
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: kube-rbac-proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "dragonfly-operator.fullname" . }}-proxy-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dragonfly-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/clusterroles.yaml

@@ -0,0 +1,112 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-manager-role
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies/status
+    verbs:
+      - get
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-metrics-reader
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: kube-rbac-proxy
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-proxy-role
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: kube-rbac-proxy
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/deployment.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: controller
+    control-plane: controller-manager
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "dragonfly-operator.selectorLabels" . | nindent 6 }}
+      control-plane: controller-manager
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "dragonfly-operator.labels" . | nindent 8 }}
+        control-plane: controller-manager
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "dragonfly-operator.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=http://127.0.0.1:8080/
+            - --logtostderr=true
+            - --v=0
+          image: "{{ .Values.rbacProxy.image.repository }}:{{ .Values.rbacProxy.image.tag  }}"
+          imagePullPolicy: {{ .Values.rbacProxy.image.pullPolicy }}
+          name: kube-rbac-proxy
+          securityContext:
+            {{- toYaml .Values.rbacProxy.securityContext | nindent 12 }}
+          ports:
+            - containerPort: 8443
+              name: https
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.rbacProxy.resources | nindent 12 }}
+
+        - name: manager
+          args:
+            - --health-probe-bind-address=:8081
+            - --metrics-bind-address=127.0.0.1:8080
+            - --leader-elect
+          command:
+            - /manager
+          securityContext:
+            {{- toYaml .Values.manager.securityContext | nindent 12 }}
+          image: "{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag | default .Chart.AppVersion  }}"
+          imagePullPolicy: {{ .Values.manager.image.pullPolicy }}
+          livenessProbe:
+            {{- toYaml .Values.manager.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.manager.readinessProbe | nindent 12 }}
+          ports:
+            - containerPort: 8080
+              name: metrics
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.manager.resources | nindent 12 }}
+          {{- with .Values.manager.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.manager.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.manager.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/grafanadashboards.yaml

@@ -0,0 +1,47 @@
+{{ if .Values.grafanaDashboard.enabled -}}
+{{- $files := .Files.Glob "dashboards/*.json" }}
+{{- if $files }}
+---
+apiVersion: v1
+kind: ConfigMapList
+items:
+{{- range $path, $fileContents := $files }}
+{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" | lower }}
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    annotations:
+      {{ $.Values.grafanaDashboard.annotations.name }}: {{ $.Values.grafanaDashboard.folder }}
+    labels:
+      {{ $.Values.grafanaDashboard.labels.name }}: {{ $dashboardName }}
+      {{- include "dragonfly-operator.labels" $ | nindent 6 }}
+      app.kubernetes.io/component: dashboard
+    name: {{ printf "dashboard-dragonfly-operator-%s" $dashboardName | trunc 63 | trimSuffix "-"  }}
+  data:
+    {{ $dashboardName }}.json: |-
+{{ $.Files.Get $path | indent 6}}
+{{- end }}
+{{ if $.Values.grafanaDashboard.grafanaOperator.enabled -}}
+{{- range $path, $fileContents := $files }}
+{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" | lower }}
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  labels:
+    {{- include "dragonfly-operator.labels" $ | nindent 4 }}
+    app.kubernetes.io/component: dashboard
+  name: {{ printf "dragonfly-operator-%s" $dashboardName | trunc 63 | trimSuffix "-" }}
+spec:
+  allowCrossNamespaceImport: {{ $.Values.grafanaDashboard.grafanaOperator.allowCrossNamespaceImport }}
+  folder: {{ $.Values.grafanaDashboard.folder }}
+  instanceSelector:
+    matchLabels:
+      {{- toYaml $.Values.grafanaDashboard.grafanaOperator.matchLabels | nindent 6 }}
+  configMapRef:
+    name: {{ printf "dashboard-dragonfly-operator-%s" $dashboardName | trunc 63 | trimSuffix "-" }}
+    key: {{ $dashboardName }}.json
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/rolebindings.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-leader-election-rolebinding
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+  namespace: {{ .Release.Namespace | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "dragonfly-operator.fullname" . }}-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dragonfly-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/roles.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-leader-election-role
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+  namespace: {{ .Release.Namespace | quote }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-controller-manager-metrics-service
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: kube-rbac-proxy
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: https
+      protocol: TCP
+      name: https
+    - port: {{ .Values.service.metricsPort }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "dragonfly-operator.selectorLabels" . | nindent 4 }}
+    control-plane: controller-manager

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/serviceaccount.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "dragonfly-operator.serviceAccountName" . }}
+  namespace: {{.Release.Namespace | quote}}
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/servicemonitor.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+    app.kubernetes.io/component: controller-manager-metrics
+    {{- if .Values.serviceMonitor.labels }}
+    {{- toYaml .Values.serviceMonitor.labels | nindent 4}}
+    {{- end }}
+  name: {{ include "dragonfly-operator.fullname" . }}-controller-manager-metrics
+spec:
+  endpoints:
+  - targetPort: {{ .Values.service.metricsPort }}
+    {{- if .Values.serviceMonitor.interval }}
+    interval: {{ .Values.serviceMonitor.interval }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.telemetryPath }}
+    path: {{ .Values.serviceMonitor.path }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.timeout }}
+    scrapeTimeout: {{ .Values.serviceMonitor.timeout }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.relabelings }}
+    relabelings:
+    {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
+    {{- end }}
+    {{- if .Values.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+    {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 4 }}
+    {{- end }}
+  jobLabel: {{ template "dragonfly-operator.fullname" . }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "dragonfly-operator.selectorLabels" . | nindent 6 }}
+{{- end }}

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "dragonfly-operator.fullname" . }}-test-connection"
+  labels:
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "dragonfly-operator.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

helm-repo/dragonfly-operator/dragonfly-operator-v1.1.10-bagl/values.yaml

@@ -0,0 +1,170 @@
+# Default values for dragonfly-operator.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+## Custom resource configuration
+crds:
+  # -- Install and upgrade CRDs
+  install: true
+  # -- Keep CRDs on chart uninstall
+  keep: true
+
+nameOverride: ""
+fullnameOverride: ""
+
+# -- Additional labels to add to all resources
+additionalLabels: {}
+  # app: dragonfly-operator
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: dragonfly-operator-controller-manager
+
+podAnnotations:
+  kubectl.kubernetes.io/default-container: manager
+
+podLabels: {}
+
+podSecurityContext:
+  runAsNonRoot: true
+
+service:
+  type: ClusterIP
+  port: 8443
+  metricsPort: 8080
+
+terminationGracePeriodSeconds: 10
+
+rbacProxy:
+  image:
+    repository: quay.io/brancz/kube-rbac-proxy
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: v0.13.1
+
+  resources:
+    limits:
+      cpu: 500m
+      memory: 128Mi
+    requests:
+      cpu: 10m
+      memory: 64Mi
+
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+manager:
+  image:
+    repository: docker.dragonflydb.io/dragonflydb/operator
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+
+  resources: {}
+#    limits:
+#      cpu: 500m
+#      memory: 128Mi
+#    requests:
+#      cpu: 10m
+#      memory: 64Mi
+
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: 8081
+    initialDelaySeconds: 15
+    periodSeconds: 20
+
+  readinessProbe:
+    httpGet:
+      path: /readyz
+      port: 8081
+    initialDelaySeconds: 5
+    periodSeconds: 10
+
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+  nodeSelector: {}
+
+  tolerations: []
+
+
+  # -- Assign custom [TopologySpreadConstraints] rules to the application controller
+  # @default -- `[]` (defaults to global.topologySpreadConstraints)
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
+  topologySpreadConstraints: []
+    # - maxSkew: 1
+    #   topologyKey: topology.kubernetes.io/zone
+  #   whenUnsatisfiable: DoNotSchedule
+  affinity: {}
+#    nodeAffinity:
+#      requiredDuringSchedulingIgnoredDuringExecution:
+#        nodeSelectorTerms:
+#          - matchExpressions:
+#              - key: kubernetes.io/arch
+#                operator: In
+#                values:
+#                  - amd64
+#                  - arm64
+#                  - ppc64le
+#                  - s390x
+#              - key: kubernetes.io/os
+#                operator: In
+#                values:
+#                  - linux
+
+serviceMonitor:
+  # When set true then use a ServiceMonitor to configure scraping
+  enabled: false
+  # Set how frequently Prometheus should scrape
+  interval: 30s
+  # Set path to cloudwatch-exporter telemtery-path
+  path: /metrics
+  # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+  labels: {}
+  # Set timeout for scrape
+  timeout: 10s
+  # Set relabelings for the ServiceMonitor, use to apply to samples before scraping
+  relabelings: []
+  # Set metricRelabelings for the ServiceMonitor, use to apply to samples for ingestion
+  metricRelabelings: []
+  # Example - note the Kubernetes convention of camelCase instead of Prometheus' snake_case
+  # metricRelabelings:
+  #   - sourceLabels: [dbinstance_identifier]
+  #     action: replace
+  #     replacement: mydbname
+  #     targetLabel: dbname
+
+grafanaDashboard:
+  enabled: false
+  folder: database
+  # -- Grafana dashboard configmap annotations.
+  annotations:
+    name: grafana_folder
+  # -- Grafana dashboard configmap labels
+  labels:
+    name: grafana_dashboard
+  grafanaOperator:
+    enabled: false
+    allowCrossNamespaceImport: true
+    # -- Selected labels for Grafana instance
+    matchLabels:
+      dashboards: grafana