v1 and v2 charts

charts/worker-upgrade-v1/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: kubernetes-agent
+description: A Helm chart for the Octopus Kubernetes Agent
+home: "https://octopus.com"
+sources:
+  - "https://github.com/OctopusDeploy/helm-charts"
+maintainers:
+  - name: "Octopus Deploy"
+    email: "[email protected]"
+    url: "https://octopus.com"
+type: application
+version: "1.17.0"
+# This version number should be the same as the agent.image.tag value as this is the primary application version
+appVersion: "8.2.2165"

charts/worker-upgrade-v1/README.md

@@ -0,0 +1,103 @@
+# kubernetes-agent
+
+![Version: 1.17.0](https://img.shields.io/badge/Version-1.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.2.2165](https://img.shields.io/badge/AppVersion-8.2.2165-informational?style=flat-square) ![Octopus Deploy Version: 2024.2.6580+](https://img.shields.io/badge/Octopus_Deploy-2024.2.6580%2B-2F93E0?style=flat-square&logo=octopusdeploy&logoColor=%232F93E0&logoSize=auto)
+
+A Helm chart for the Octopus Kubernetes Agent
+
+**Homepage:** <https://octopus.com> 
+**Documentation:** [https://octopus.com/docs/](https://octopus.com/docs/kubernetes/targets/kubernetes-agent)
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Octopus Deploy | <[email protected]> | <https://octopus.com> |
+
+## Source Code
+
+* <https://github.com/OctopusDeploy/helm-charts>
+
+## Values
+
+### Agent values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| agent.acceptEula | string | `"N"` | Setting to Y accepts the [Customer Agreement](https://octopus.com/company/legal) |
+| agent.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]},{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}` | The affinities to apply to the agent pod |
+| agent.bearerToken | string | `""` | A JWT bearer token used to authenticate with the target Octopus Server |
+| agent.bearerTokenSecretName | string | `""` | The name of an existing Secret that contains a base64-encoded Octopus Server JWT bearer token. Value must be set in `data.bearer-token` in secret. |
+| agent.certificate | string | `""` | A base64-encoded x509 certificate used to setup a trust between the agent and target Octopus Server |
+| agent.debug.disableAutoPodCleanup | bool | `false` | Disables automatic pod cleanup |
+| agent.defaultNamespace | string | `""` | The default Kubernetes namespace for deployments |
+| agent.enableMetricsCapture | bool | `true` | True if events should be scraped and added to the metrics config map |
+| agent.image | object | `{"pullPolicy":"IfNotPresent","repository":"octopusdeploy/kubernetes-agent-tentacle","tag":"8.2.2165","tagSuffix":""}` | The repository, pullPolicy, tag & tagSuffix to use for the agent image |
+| agent.logLevel | string | `"Info"` | The log level of the agent. Logs are written to the pod logs as well as to file |
+| agent.machinePolicyName | string | `""` | The machine policy to register the agent with |
+| agent.metadata | object | `{"annotations":{},"labels":{}}` | Additional metadata to add to the agent pod & container |
+| agent.password | string | `""` | The password of the user used to authenticate with the target Octopus Server |
+| agent.pollingConnectionCount | int | `5` | The number of polling TCP connections to open with the target Octopus Server |
+| agent.pollingProxy | object | `{"host":"","password":"","port":80,"username":""}` | The host, port, username and password of the proxy server to use for polling connections |
+| agent.resources | object | `{"requests":{"cpu":"100m","memory":"150Mi"}}` | The resource limits and requests assigned to the agent container |
+| agent.securityContext | object | `{}` | The security context to apply to the agent pod. runAsGroup and fsGroup should be blank or set to `0` |
+| agent.serverApiKey | string | `""` | An Octopus Server API key used to authenticate with the target Octopus Server |
+| agent.serverApiKeySecretName | string | `""` | The name of an existing Secret that contains a base64-encoded Octopus Server API Key.  Value must be set in `data.api-key` in secret. |
+| agent.serverCertificate | string | `""` | The base64-encoded public key of the self-signed x509 certificate or root CA certificate used by the target Octopus Server. Must be in the PEM/CER format. See [documentation](https://octopus.com/docs/kubernetes/targets/kubernetes-agent#trusting-custominternal-octopus-server-certificates) for more information. |
+| agent.serverCommsAddress | string | `""` | The polling communication URL of the target Octopus Server |
+| agent.serverCommsAddresses | list | `[]` | The polling communication URLs of the target Octopus Servers when running in High Availability (HA) |
+| agent.serverSubscriptionId | string | `""` | The subscription ID that is used to by the agent to identify itself with Octopus Server |
+| agent.serverUrl | string | `""` | The URL of the target Octopus Server to register this agent with |
+| agent.serviceAccount.annotations | object | `{}` | Annotations to add to the autogenerated service account |
+| agent.serviceAccount.name | string | Generates a name based on `targetName` | The name of the service account for the agent pod |
+| agent.space | string | `"Default"` | The Space to register the agent in |
+| agent.targetEnvironments | list | `[]` | The target environments to register the agent with |
+| agent.targetName | string | `""` | The name of the deployment target |
+| agent.targetRoles | list | `[]` | The target roles to register the agent with |
+| agent.targetTenantTags | list | `[]` | The target tenant tags to register the agent with |
+| agent.targetTenantedDeploymentParticipation | string | `"Untenanted"` | Can be `Untenanted`, `TenantedOrUntenanted` or `Tenanted`. |
+| agent.targetTenants | list | `[]` | The target tenants to register the agent with |
+| agent.tolerations | list | `[]` | The tolerations to apply to the agent pod |
+| agent.username | string | `""` | The username of the user used to authenticate with the target Octopus Server |
+| agent.usernamePasswordSecretName | string | `""` | The name of an existing Secret that contains a base64-encoded username and password for an Octopus Server user. Values must be set in `data.username` and `data.password` in secret. |
+
+### Persistence
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| persistence.nfs.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]},{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}` | The affinities to apply to the NFS pod |
+| persistence.nfs.image | object | `{"pullPolicy":"IfNotPresent","repository":"octopusdeploy/nfs-server","tag":"1.0.1"}` | The repository, pullPolicy & tag to use for the NFS server |
+| persistence.nfs.metadata | object | `{"annotations":{},"labels":{}}` | Additional metadata to add to the NFS pod & container |
+| persistence.nfs.tolerations | list | `[]` | The tolerations to apply to the NFS pod |
+| persistence.nfs.watchdog.enabled | bool | `true` | If enabled, the NFS watchdog will monitor NFS availability and restart Tentacle and Script Pods if the NFS server is unresponsive |
+| persistence.nfs.watchdog.image | object | `{"pullPolicy":"IfNotPresent","repository":"octopusdeploy/kubernetes-agent-nfs-watchdog","tag":"0.2.0"}` | The repository, pullPolicy & tag to use for the NFS watchdog |
+| persistence.nfs.watchdog.initial_backoff_seconds | string | `""` | The initial backoff time in seconds to retry failed NFS checks @default 0.5 |
+| persistence.nfs.watchdog.loop_seconds | string | `""` | The frequency in seconds to check the NFS server @default 5 |
+| persistence.nfs.watchdog.timeout_seconds | string | `""` | The total time to retry failed NFS checks before giving up and deleting the pod @default 10 |
+| persistence.size | string | `"10Gi"` | The size of the volume to create |
+| persistence.storageClassName | string | `""` | if provided, will disable the default persistence configuration and create a PVC with the provided storage class |
+
+### Script pod values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| scriptPods.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]},{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}` | The affinities to apply to script pods |
+| scriptPods.disruptionBudgetEnabled | bool | `true` | If true, the script pods will be created with a disruption budget to prevent them from being evicted |
+| scriptPods.image | object | `{"pullPolicy":"","repository":"","tag":""}` | The repository, pullPolicy & tag to use for the script pod image. If left blank, will use the `octopusdeploy/kubernetes-agent-tools-base` image. |
+| scriptPods.logging.disablePodEventsInTaskLog | bool | `false` | Disables script pod events being written to Octopus Server task log |
+| scriptPods.resources | object | `{"requests":{"cpu":"25m","memory":"100Mi"}}` | The resource limits and requests assigned to script pod containers |
+| scriptPods.securityContext | object | `{}` | The security context to apply to the script pods |
+| scriptPods.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| scriptPods.serviceAccount.clusterRole | object | `[{"apiGroups":["*"],"resources":["*"],"verbs":["*"]},{"nonResourceURLs":["*"],"verbs":["*"]}]` | if defined, overrides the default ClusterRole rules |
+| scriptPods.serviceAccount.name | string | `""` | The name of the service account used for executing script pods |
+| scriptPods.serviceAccount.targetNamespaces | list | Uses a ClusterRoleBinding to allow the service account to run in any namespace | Specifies that the pod service account should be constrained to target namespaces |
+| scriptPods.tolerations | list | `[]` | The tolerations to apply to script pods |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| imagePullSecrets | list | `[]` | custom registry pullSecret<br> See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod These are used for the tentacle and script pods |
+| nameOverride | string | `""` | Override the name of the app |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

charts/worker-upgrade-v1/README.md.gotmpl

@@ -0,0 +1,17 @@
+{{ template "chart.header" . }}
+
+{{ template "chart.badgesSection" . }}![Octopus Deploy Version: 2024.2.6580+](https://img.shields.io/badge/Octopus_Deploy-2024.2.6580%2B-2F93E0?style=flat-square&logo=octopusdeploy&logoColor=%232F93E0&logoSize=auto)
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}  
+**Documentation:** [https://octopus.com/docs/](https://octopus.com/docs/kubernetes/targets/kubernetes-agent)
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

charts/worker-upgrade-v1/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "kubernetes-agent",
+  "version": "1.17.0",
+  "private": true,
+  "description": "The Octopus Kubernetes Agent",
+  "author": "Octopus Deploy Ptd Ltd",
+  "scripts": {
+    "test": "cross-env-shell docker run -ti --rm -v $INIT_CWD:/apps helmunittest/helm-unittest:latest .",
+    "update-test-snapshots": "cross-env-shell docker run -ti --rm -v $INIT_CWD:/apps helmunittest/helm-unittest:latest . -u",
+    "generate-agent-docs": "docker run --rm --volume \".:/helm-docs\" jnorwood/helm-docs:latest"
+  },
+  "dependencies": {
+    "cross-env": "^7.0.3"
+  }
+}

charts/worker-upgrade-v1/templates/NOTES.txt

@@ -0,0 +1,3 @@
+This is the official Helm chart for the Octopus Deploy Kubernetes Agent.
+
+You can read more on how to use this at https://octopus.com/docs/infrastructure/deployment-targets/kubernetes/kubernetes-agent

charts/worker-upgrade-v1/templates/_helpers.tpl

@@ -0,0 +1,183 @@
+{{/*
+The name for the agent
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "kubernetes-agent.name" -}}
+{{ .Values.nameOverride | default "octopus-agent" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "kubernetes-agent.fullName" -}}
+{{ (printf "%s-%s" ( include "kubernetes-agent.name" .) .Release.Name) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernetes-agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernetes-agent.labels" -}}
+helm.sh/chart: {{ include "kubernetes-agent.chart" . }}
+{{ include "kubernetes-agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubernetes-agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubernetes-agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use for Tentacle
+*/}}
+{{- define "kubernetes-agent.serviceAccountName" -}}
+{{- .Values.agent.serviceAccount.name | default (printf "%s-tentacle" (include "kubernetes-agent.name" .)) }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use for script pods
+*/}}
+{{- define "kubernetes-agent.scriptPodServiceAccountName" -}}
+{{- .Values.scriptPods.serviceAccount.name | default (printf "%s-scripts" (include "kubernetes-agent.name" .)) }}
+{{- end }}
+
+{{/*
+Used for the pod cluster role & clusterrole binding as they are not namespaced.
+*/}}
+{{- define "kubernetes-agent.scriptPodServiceAccountFullName" -}}
+{{- printf "%s-%s" ( include "kubernetes-agent.scriptPodServiceAccountName" .) .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create the name of the service account used by Octopus Server to perform automatic upgrades
+*/}}
+{{- define "kubernetes-agent.autoUpgraderServiceAccountName" -}}
+{{- print "octopus-agent-auto-upgrader" }}
+{{- end }}
+
+{{/*
+Used for the auto upgrader service account cluster role & clusterrole binding as they are not namespaced
+*/}}
+{{- define "kubernetes-agent.autoUpgraderServiceAccountFullName" -}}
+{{- printf "%s-%s" ( include "kubernetes-agent.autoUpgraderServiceAccountName" .) .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create the name of the pod cluster role to use
+*/}}
+{{- define "kubernetes-agent.scriptPodClusterRoleName" -}}
+{{- printf "%s-role" (include "kubernetes-agent.scriptPodServiceAccountFullName" .) }}
+{{- end }}
+
+{{/*
+Create the name of the pod cluster role for deleting pods
+*/}}
+{{- define "kubernetes-agent.scriptPodDeleterClusterRoleName" -}}
+{{- printf "%s-delete-role" (include "kubernetes-agent.scriptPodServiceAccountFullName" .) }}
+{{- end }}
+
+{{/*
+Create the name of the cluster role for performing auto upgrades
+*/}}
+{{- define "kubernetes-agent.autoUpgraderClusterRoleName" -}}
+{{- printf "%s-role" (include "kubernetes-agent.autoUpgraderServiceAccountFullName" .) }}
+{{- end }}
+
+{{/*
+Create the name of the auto upgrader cluster role binding to use
+*/}}
+{{- define "kubernetes-agent.autoUpgraderClusterRoleBindingName" -}}
+{{- printf "%s-binding" (include "kubernetes-agent.autoUpgraderServiceAccountFullName" .) }}
+{{- end }}
+
+{{/*
+Create the name of the pod cluster role binding to use
+*/}}
+{{- define "kubernetes-agent.scriptPodClusterRoleBindingName" -}}
+{{- printf "%s-binding" (include "kubernetes-agent.scriptPodServiceAccountFullName" .) }}
+{{- end }}
+
+{{/*
+The name of the secret to store the authentication information (bearer token/api key)
+*/}}
+{{- define "kubernetes-agent.secrets.serverAuth" -}}
+{{- printf "%s-tentacle-server-auth" ( include "kubernetes-agent.name" . ) }}
+{{- end }}
+
+{{/*
+The name of the secret to store the agent's base64 certificate
+*/}}
+{{- define "kubernetes-agent.secrets.certificate" -}}
+{{- printf "%s-tentacle-certificate" ( include "kubernetes-agent.name" . ) }}
+{{- end }}
+
+{{/*
+The name of the PersistentVolumeClaim to configure
+*/}}
+{{- define "kubernetes-agent.pvcName" -}}
+{{- if .Values.persistence.storageClassName }}
+{{- printf "%s-pvc" (include "kubernetes-agent.fullName" .) }}
+{{- else }}
+{{- include "nfs.pvcName" . }}
+{{- end }}
+{{- end }}
+
+{{/* 
+Turns the imagePullSecrets map into a CSV.
+*/}}
+{{- define "kubernetes-agent.imagePullSecretsCsv" -}}
+{{- if .Values.imagePullSecrets }}
+{{- $imagePullSecretCsv := (first .Values.imagePullSecrets).name }}
+{{- range $i, $val := (rest .Values.imagePullSecrets) }}
+    {{- $imagePullSecretCsv = (printf "%s,%s" $imagePullSecretCsv $val.name) }}
+{{- end }}
+{{- $imagePullSecretCsv }}
+{{- end }}
+{{- end }}
+
+{{/*
+The Env-var block required to set image name, tag and pullpolicy
+*/}}
+{{- define "kubernetes-agent.scriptPodEnvVars" -}}
+{{- if .repository }}
+- name: "OCTOPUS__K8STENTACLE__SCRIPTPODIMAGE"
+  value: {{ .repository | quote}}
+{{- end }}
+{{- if .tag }}
+- name: "OCTOPUS__K8STENTACLE__SCRIPTPODIMAGETAG"
+  value: {{ .tag | quote}}
+{{- end }}
+{{- if .pullPolicy }}
+- name: "OCTOPUS__K8STENTACLE__SCRIPTPODIMAGEPULLPOLICY"
+  value: {{ .pullPolicy | quote}}
+{{- end }}
+{{- end }}
+
+{{/*
+The base image for the agent, without any suffixes.
+Defaults to the Chart Appversion.
+*/}}
+{{- define "kubernetes-agent.image" -}}
+{{- printf "%s:%s" .Values.agent.image.repository (.Values.agent.image.tag | default .Chart.AppVersion) }}
+{{- end }}
+
+{{/*
+The complete image for the agent, including any optional suffixes.
+*/}}
+{{- define "kubernetes-agent.fullImage" -}}
+{{- if .Values.agent.image.tagSuffix }}
+{{- printf "%s-%s" (include "kubernetes-agent.image" .) .Values.agent.image.tagSuffix }}
+{{- else }}
+{{- (include "kubernetes-agent.image" .) }}
+{{- end }}
+{{- end }}

charts/worker-upgrade-v1/templates/_nfs-helpers.tpl

@@ -0,0 +1,27 @@
+{{/* 
+These are used for the NFS container & resources
+*/}}
+
+{{- define "nfs.name"}}
+{{- printf "%s-nfs" (include "kubernetes-agent.name" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "nfs.fullName"}}
+{{- printf "%s-%s" (include "nfs.name" .) .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "nfs.pvName"}}
+{{- printf "%s-pv-%s" (include "nfs.fullName" .) .Values.persistence.size | lower  }}
+{{- end }}
+
+{{- define "nfs.pvcName"}}
+{{- printf "%s-pvc-%s" (include "nfs.fullName" .) .Values.persistence.size | lower }}
+{{- end }}
+
+{{- define "nfs.storageClassName"}}
+{{- printf "%s-csi" (include "nfs.fullName" .) }} 
+{{- end }}
+
+{{- define "nfs.serverAddress"}}
+{{- printf "%s.%s.svc.cluster.local" (include "nfs.name" .) .Release.Namespace }}
+{{- end }}

charts/worker-upgrade-v1/templates/auto-upgrader-clusterbinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  {{ include "kubernetes-agent.autoUpgraderClusterRoleBindingName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubernetes-agent.autoUpgraderServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "kubernetes-agent.autoUpgraderClusterRoleName" . }}
+  apiGroup: rbac.authorization.k8s.io

charts/worker-upgrade-v1/templates/auto-upgrader-clusterrole.yaml

@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kubernetes-agent.autoUpgraderClusterRoleName" . }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]