Merge pull request #754 from MadOtis/add-vault-config

Add vault config

README.md

@@ -3,7 +3,7 @@
 This catalog provides templates created by the community, and they are not maintained or supported by Rancher Labs.
 
 # License
-Copyright (c) 2014-2016 [Rancher Labs, Inc.](http://rancher.com)
+Copyright (c) 2014-2017 [Rancher Labs, Inc.](http://rancher.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

infra-templates/alidns/1/README.md

@@ -0,0 +1,40 @@
+## Alibaba Cloud DNS
+
+Rancher External DNS service powered by Alibaba Cloud DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/alidns/1/docker-compose.yml

@@ -0,0 +1,14 @@
+alidns:
+  image: rancher/external-dns:v0.7.5
+  command: -provider=alidns
+  expose:
+   - 1000
+  environment:
+    ALICLOUD_ACCESS_KEY_ID: ${ALICLOUD_ACCESS_KEY_ID}
+    ALICLOUD_ACCESS_KEY_SECRET: ${ALICLOUD_ACCESS_KEY_SECRET}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/alidns/1/rancher-compose.yml

@@ -0,0 +1,48 @@
+# notemplating
+.catalog:
+  name: "Alibaba Cloud DNS"
+  version: "v0.2.0"
+  description: "Rancher External DNS service powered by Alibaba Cloud"
+  minimum_rancher_version: v1.6.8-rc1
+  questions:
+    - variable: "ALICLOUD_ACCESS_KEY_ID"
+      label: "Access Key ID"
+      description: "Access key id for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ALICLOUD_ACCESS_KEY_SECRET"
+      label: "Access Key Secret"
+      description: "Access key secret for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone (domain) managed by Alibaba Cloud. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+alidns:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/alidns/2/README.md

@@ -0,0 +1,40 @@
+## Alibaba Cloud DNS
+
+Rancher External DNS service powered by Alibaba Cloud DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/alidns/2/docker-compose.yml

@@ -0,0 +1,14 @@
+alidns:
+  image: rancher/external-dns:v0.7.9
+  command: -provider=alidns
+  expose:
+   - 1000
+  environment:
+    ALICLOUD_ACCESS_KEY_ID: ${ALICLOUD_ACCESS_KEY_ID}
+    ALICLOUD_ACCESS_KEY_SECRET: ${ALICLOUD_ACCESS_KEY_SECRET}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/alidns/2/rancher-compose.yml

@@ -0,0 +1,48 @@
+# notemplating
+.catalog:
+  name: "Alibaba Cloud DNS"
+  version: "v0.3.0"
+  description: "Rancher External DNS service powered by Alibaba Cloud"
+  minimum_rancher_version: v1.6.13-rc1
+  questions:
+    - variable: "ALICLOUD_ACCESS_KEY_ID"
+      label: "Access Key ID"
+      description: "Access key id for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ALICLOUD_ACCESS_KEY_SECRET"
+      label: "Access Key Secret"
+      description: "Access key secret for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone (domain) managed by Alibaba Cloud. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+alidns:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/alidns/config.yml

@@ -1,7 +1,7 @@
 name: Alibaba Cloud DNS
 description: |
   Rancher External DNS service powered by Alibaba Cloud
-version:  v0.1.0
+version:  v0.3.0
 category: External DNS
 labels:
   io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

infra-templates/aws-spot-instance-helper/0/README.md

@@ -0,0 +1,7 @@
+# AWS Spot Instance Helper
+
+### Info
+This is a simple service that runs globally. It monitors the state of the host, if the host is running on a spot instance it will check to see if the host is scheduled for termination then it will automatically deactive the host and evaculate the containers.
+
+The source code is available at [https://www.github.com/chrisurwin/aws-spot-instance-helper](https://www.github.com/chrisurwin/aws-spot-instance-helper)
+

infra-templates/aws-spot-instance-helper/0/docker-compose.yml

@@ -0,0 +1,8 @@
+aws-spot-instance-helper:
+  image: chrisurwin/aws-spot-instance-helper:v0.1.0
+  tty: true
+  labels:
+    io.rancher.container.create_agent: 'true'
+    io.rancher.container.agent.role: environment
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'

infra-templates/aws-spot-instance-helper/0/rancher-compose.yml

@@ -0,0 +1,16 @@
+.catalog:
+    name: "AWS Spot Instance Helper"
+    version: "v0.1.0"
+    description: "AWS Spot Instance Helper"
+    minimum_rancher_version: v1.5.5
+
+ 
+aws-spot-instance-helper:
+    health_check:
+        port: 9777
+        interval: 2000
+        unhealthy_threshold: 3
+        strategy: recreate
+        response_timeout: 2000
+        request_line: GET /ping HTTP/1.0
+        healthy_threshold: 2

infra-templates/aws-spot-instance-helper/1/README.md

@@ -0,0 +1,9 @@
+# AWS Spot Instance Helper
+
+### Info
+This is a simple service that runs globally. It monitors the state of the host, if the host is running on a spot instance it will check to see if the host is scheduled for termination then it will automatically deactive the host and evaculate the containers.
+
+The source code is available at [https://www.github.com/chrisurwin/aws-spot-instance-helper](https://www.github.com/chrisurwin/aws-spot-instance-helper)
+
+This version support notification to slack.
+

infra-templates/aws-spot-instance-helper/1/docker-compose.yml

@@ -0,0 +1,10 @@
+aws-spot-instance-helper:
+  image: chrisurwin/aws-spot-instance-helper:v0.2.0
+  tty: true
+  labels:
+    io.rancher.container.create_agent: 'true'
+    io.rancher.container.agent.role: environment
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'
+  environment:
+    SLACK_WEBHOOK: "${SLACK_WEBHOOK}"

infra-templates/aws-spot-instance-helper/1/rancher-compose.yml

@@ -0,0 +1,21 @@
+.catalog:
+    name: "AWS Spot Instance Helper"
+    version: "v0.2.0"
+    description: "AWS Spot Instance Helper"
+    minimum_rancher_version: v1.5.5
+    questions:
+     - variable: "SLACK_WEBHOOK"
+       description: "Slack Webhook"
+       label: "Slack Webhook"
+       required: false
+       type: "string"
+ 
+aws-spot-instance-helper:
+    health_check:
+        port: 9777
+        interval: 2000
+        unhealthy_threshold: 3
+        strategy: recreate
+        response_timeout: 2000
+        request_line: GET /ping HTTP/1.0
+        healthy_threshold: 2

infra-templates/aws-spot-instance-helper/catalogIcon-rahc.svg

@@ -0,0 +1,25 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="1200.000000pt" height="1200.000000pt" viewBox="0 0 1200.000000 1200.000000"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0.000000,1200.000000) scale(0.100000,-0.100000)"
+fill="#000000" stroke="none">
+<path d="M0 6000 l0 -6000 6000 0 6000 0 0 6000 0 6000 -6000 0 -6000 0 0
+-6000z m6369 5085 c174 -42 319 -177 377 -355 17 -50 18 -112 22 -717 l3 -663
+-1798 0 c-1983 0 -1850 4 -1977 -63 -118 -61 -226 -200 -255 -327 -7 -30 -11
+-651 -11 -1882 l0 -1838 -602 0 c-368 0 -628 4 -667 11 -228 37 -401 216 -432
+447 -6 51 -9 910 -7 2527 l3 2450 23 66 c43 129 132 234 250 297 121 64 -55
+60 2592 61 2121 1 2423 -1 2479 -14z m2142 -2183 c164 -46 299 -177 349 -340
+19 -61 20 -94 20 -728 l0 -664 -1804 0 c-1771 0 -1805 0 -1868 -20 -161 -50
+-286 -176 -344 -350 -18 -53 -19 -133 -22 -1892 l-2 -1838 -628 0 c-684 0
+-689 0 -796 58 -28 15 -81 57 -119 93 -78 78 -130 177 -147 279 -14 90 -14
+4900 0 4990 30 189 188 365 371 414 46 13 394 15 2489 15 2331 1 2438 0 2501
+-17z m2160 -2190 c82 -27 175 -88 230 -150 50 -57 105 -167 119 -241 15 -79
+14 -4962 -1 -5033 -40 -192 -212 -361 -404 -398 -44 -8 -715 -10 -2490 -8
+l-2430 3 -58 22 c-150 57 -263 170 -320 320 l-22 58 -3 2495 c-1 1709 1 2511
+8 2546 43 209 223 375 435 404 33 4 1142 7 2465 6 l2405 -1 66 -23z"/>
+</g>
+</svg>

infra-templates/aws-spot-instance-helper/config.yml

@@ -0,0 +1,5 @@
+name: AWS Spot Instance Helper
+description: |
+  Automatically evacuates spot instances that are marked for termination
+version: v0.2.0
+category: Rancher Services

infra-templates/digitalocean-dns/3/README.md

@@ -11,7 +11,7 @@ Rancher External DNS service powered by DigitalOcean
 #### Usage
 
 ##### DigitalOcean DNS record TTL
-The DigitalOcean API currently does not support per-record TTL setting. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60).
+The DigitalOcean API currently supports per-record TTL setting (https://developers.digitalocean.com/documentation/v2/#create-a-new-domain-record), but it is not yet implemented in this tool. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60).
 
 ##### Limitation when running the service on multiple Rancher servers
 

infra-templates/digitalocean-dns/3/docker-compose.yml

@@ -7,7 +7,7 @@ digitalocean:
     DO_PAT: ${DO_PAT}
     ROOT_DOMAIN: ${ROOT_DOMAIN}
     NAME_TEMPLATE: ${NAME_TEMPLATE}
-    TTL: 300
+    TTL: ${DNS_TTL}
   labels:
     io.rancher.container.create_agent: "true"
     io.rancher.container.agent.role: "external-dns"

infra-templates/digitalocean-dns/3/rancher-compose.yml

@@ -15,6 +15,13 @@
       description: "The domain name managed by DigitalOcean."
       type: "string"
       required: true
+    - variable: "DNS_TTL"
+      label: "TTL"
+      description: |
+        TTL used for new DNS records.
+      type: "string"
+      default: "300"
+      required: true      
     - variable: "NAME_TEMPLATE"
       label: "DNS Name Template"
       description: |

infra-templates/gandi-dns/1/docker-compose.yml

@@ -0,0 +1,13 @@
+gandidns:
+  image: rancher/external-dns:v0.7.6
+  command: -provider=gandi
+  expose:
+   - 1000
+  environment:
+    GANDI_APIKEY: ${GANDI_APIKEY}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/gandi-dns/1/rancher-compose.yml

@@ -0,0 +1,43 @@
+# notemplating
+.catalog:
+  name: "Gandi DNS"
+  version: "v0.1.1"
+  description: "Rancher External DNS service powered by Gandi. Requires Rancher version v1.1.0"
+  maintainer: "Frederic Leger <contact@webofmars.com>"
+  minimum_rancher_version: v1.6.0-rc1
+  #maximum_rancher_version:
+  questions:
+    - variable: "GANDI_APIKEY"
+      label: "Gandi API key"
+      description: "API key for your Gandi account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Root Domain"
+      description: "The domain name managed by Gandi."
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds (minimum 300)"
+      type: "int"
+      default: 300
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the root domain name) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+gandidns:
+  health_check:
+    port: 1000
+    interval: 15000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/gandi-dns/2/docker-compose.yml

@@ -0,0 +1,13 @@
+gandidns:
+  image: rancher/external-dns:v0.7.9
+  command: -provider=gandi
+  expose:
+   - 1000
+  environment:
+    GANDI_APIKEY: ${GANDI_APIKEY}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/gandi-dns/2/rancher-compose.yml

@@ -0,0 +1,43 @@
+# notemplating
+.catalog:
+  name: "Gandi DNS"
+  version: "v0.7.9"
+  description: "Rancher External DNS service powered by Gandi. Requires Rancher version v1.1.0"
+  maintainer: "Frederic Leger <contact@webofmars.com>"
+  minimum_rancher_version: v1.6.0-rc1
+  #maximum_rancher_version:
+  questions:
+    - variable: "GANDI_APIKEY"
+      label: "Gandi API key"
+      description: "API key for your Gandi account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Root Domain"
+      description: "The domain name managed by Gandi."
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds (minimum 300)"
+      type: "int"
+      default: 300
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the root domain name) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+gandidns:
+  health_check:
+    port: 1000
+    interval: 15000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/gandi-dns/config.yml

@@ -1,7 +1,7 @@
 name: GANDI DNS
 description: |
   Rancher External DNS service powered by Gandi.net
-version: v0.1.0
+version: v0.7.9
 category: External DNS
 labels:
-  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'
+  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

infra-templates/imagepuller/0/docker-compose.yml.tpl

@@ -0,0 +1,25 @@
+version: '2'
+services:
+  imagepuller:
+    image: superseb/imagepuller:0.1.5
+    {{- if eq .Values.PRIVILEGED "true"}}
+    privileged: true
+    {{- end}}
+    environment:
+      CHECK_CPU_USAGE: ${CHECK_CPU_USAGE}
+      CPU_USAGE_MAX: ${CPU_USAGE_MAX}
+      CPU_USAGE_SLEEP: ${CPU_USAGE_SLEEP}
+      RANCHER_VERSION: ${RANCHER_VERSION}
+      RANDOM_SLEEP: ${RANDOM_SLEEP}
+    stdin_open: true
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    {{- if eq .Values.MOUNT_DOCKER_CONFIG "true"}}
+    - ${DOCKER_CONFIG_LOCATION}:/root/.docker/config.json
+    {{- end}}
+    tty: true
+    labels:
+      io.rancher.container.agent.role: environment
+      io.rancher.container.start_once: 'true'
+      io.rancher.container.create_agent: 'true'
+      io.rancher.scheduler.global: 'true'

infra-templates/imagepuller/0/rancher-compose.yml

@@ -0,0 +1,58 @@
+version: '2'
+catalog:
+  name: imagepuller
+  version: 0.1.5
+  description: A script to pull images for a specific Rancher version to speed up upgrades
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: CHECK_CPU_USAGE
+      label: CHECK_CPU_USAGE
+      description: Enable CPU usage check
+      type: boolean
+      default: true
+      required: true
+    - variable: CPU_USAGE_MAX
+      label: CPU_USAGE_MAX
+      description: Maximum CPU usage in % to halt pulling images
+      type: int
+      default: 75
+      required: true
+    - variable: CPU_USAGE_SLEEP
+      label: CPU_USAGE_SLEEP
+      description: Amount of seconds to sleep when cpu usage is too high 
+      type: int
+      default: 120
+      required: true
+    - variable: MOUNT_DOCKER_CONFIG
+      label: MOUNT_DOCKER_CONFIG
+      description: Mount docker config as volume (for registries with authentication)
+      type: boolean
+      default: false
+      required: true
+    - variable: DOCKER_CONFIG_LOCATION
+      label: DOCKER_CONFIG_LOCATION
+      description: Docker config location on the host (for registries with authentication)
+      type: string
+      default: "/root/.docker/config.json"
+      required: true
+    - variable: PRIVILEGED
+      label: PRIVILEGED
+      description: Run as privileged (e.g. when SELinux is enabled)
+      type: boolean
+      default: false
+      required: true
+    - variable: RANDOM_SLEEP
+      label: RANDOM_SLEEP
+      description: Sleep a "random" amount of seconds between image pulls
+      type: boolean
+      default: false
+      required: true
+    - variable: RANCHER_VERSION
+      label: RANCHER_VERSION
+      description: Reference version to identify what images to pull
+      type: string
+      default: v1.6.14
+      required: true
+services:
+  imagepuller:
+    start_on_create: true

infra-templates/imagepuller/catalogIcon-imagepuller.svg

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg viewBox="0 0 640 480" xmlns="http://www.w3.org/2000/svg">
+ <defs>
+  <linearGradient id="d" x1=".49992" x2=".49992" y1=".29294" y2=".48514">
+   <stop stop-color="#919191" offset="0"/>
+   <stop stop-color="#919191" offset=".0056"/>
+   <stop stop-color="#bf0d00" offset="1"/>
+  </linearGradient>
+  <radialGradient id="c" cx="39.756" cy="24.221" r="120.09" gradientTransform="matrix(-3.2183 0 0 -3.7099 528.11 462.82)" gradientUnits="userSpaceOnUse">
+   <stop stop-color="#e88080" offset="0"/>
+   <stop stop-color="#de4848" offset=".6181"/>
+   <stop stop-color="#d82a2a" offset="1"/>
+  </radialGradient>
+ </defs>
+ <g transform="rotate(89.067 290.58 230.38)">
+  <path d="m294.18 450.89c112.45 0 198.11-95.137 206.99-223.43 5.0848-73.49-2.9544-149.56-34.967-214.24-8.4029-5.4128-32.662 0-42.198 0-8.8888 0-31.381-5.1679-36.572 6.6964-8.6217 19.677 0.40872 52.028 3.5208 72.143 5.0849 32.907 8.6314 64.46 6.2918 97.949-3.3953 48.552-18.968 91.019-63.567 102.07-38.014 9.4009-94.215 9.3342-123.11-25.828-32.212-39.177-29.045-108.23-19.857-156.75 4.821-25.476 17.884-60.509 11.937-86.812-3.5498-15.712-30.162-9.7756-40.193-9.9092-14.154-0.20404-41.915-8.1989-49.13 7.4161-17.591 38.019-27.996 78.75-31.6 121.62-6.6844 79.518 1.0588 161.26 47.312 224.34 40.721 55.534 102.63 84.738 165.15 84.738" fill="url(#c)"/>
+  <path d="m498.78 146.64c-2.964-33.564-8.2902-67.176-18.611-98.847-1.4514-4.4445-10.353-34.573-14.424-34.573h-17.585c-24.697 0-64.204-13.133-63.303 26.908 0.63077 28.099 7.1671 55.897 10.736 83.603 3.1282 24.252 0.048279 22.909 19.998 22.909h83.189m-313.47 0c2.8289-36.814 15.535-71.791 17.99-108.58 1.6992-25.469-9.4875-24.827-27.111-25.086-19.538-0.27826-39.073-0.55649-58.621-0.84958-6.1051-0.077911-18.785 46.912-20.684 53.545-7.4921 26.222-12.197 53.486-14.411 80.973h102.84" fill="#e5e5e5"/>
+  <path d="m504.83 201.55c0-37.938-1.4257-76.057-9.5293-113-5.7221-26.103-13.713-78.843-41.786-78.843-16.574 0-41.026-5.5204-56.902 0-28.742 0.43405-8.7956 80.149-6.414 95.916 7.4439 49.19 15.058 132.42-24.935 168.09-29.602 26.4-83.833 23.688-117.98 13.374-45.381-13.704-57.462-63.065-59.338-111.85-1.5512-40.56 9.1528-78.005 15.689-117.4 2.0243-12.202 6.1244-31.115-0.71767-42.397-5.0913-8.3733-18.212-5.8542-25.74-5.9618-12.094-0.18552-56.558-9.0077-63.902 4.003-17.63 31.171-27.284 73.39-32.154 109.78-9.4553 70.548-6.797 147.66 24.739 210.79 47.769 95.638 150.28 138.08 241.77 113.45 99.532-26.789 157.21-131.85 157.21-245.94m-5.558 0c0 129.36-76.366 237.89-191.32 245.39-111.66 7.2714-210.16-80.861-223.76-210.44-7.8912-75.178 2.8771-154.37 34.616-220.86 15.329 0.20035 30.651 0.44891 45.983 0.66409 18.528 0.27081 37.998-6.0694 35.613 23.016-5.7768 70.381-34.461 139.76-4.4284 208.93 19.706 45.387 64.272 52.143 104.02 51.349 35.424-0.71231 71.954-9.5382 88.251-49.921 23.851-59.103 8.8148-126.14 1.2712-187.06-2.3719-19.165-7.4985-45.906 14.547-45.906h54.875c16.294 0 27.568 57.029 31.082 73.238 7.9105 36.465 9.2397 74.165 9.2397 111.59" fill="url(#d)"/>
+  <path d="m120.86 317.55c0 10.499 30.168 38.19 36.659 44.597 34.519 34.068 77.792 53.938 123.28 55.842 48.094 1.9997 95.418-14.28 135.96-43.762 13.929-10.124 27.033-21.718 39.295-34.391 1.6574-1.7103 12.59-16.32 15.045-15.504 1.9696 0.65668-40.335 52.996-43.46 55.916-39.276 36.84-88.126 58.954-139.02 58.954-47.608 0-92.831-21.15-127.46-58.646-11.241-12.169-40.302-42.594-40.302-63.006" fill="#ffa3a3"/>
+  <path d="m187.96 243.85c0.63078 8.44 21.546 27.654 27.301 32.959 26.364 24.3 58.827 32.562 92.072 29.486 31.864-2.9531 84.56-21.391 95.834-62.735-11.56 42.386-45.7 72.804-82.652 81.333-48.525 11.185-127.29-11.13-132.55-81.043" fill="#b20d0d"/>
+  <g fill="#fff">
+   <path d="m405.87 36.096c7.1735-17.095 53.382 27.472 51.705 36.142 0.20273-1.0499-14.424-9.9166-16.497-9.6495-4.763 0.61954 20.291 54.495 23.564 53.716-11.734 2.8084-37.612-20.041-43.971-30.718-5.5161-9.2563-19.837-37.426-14.801-49.49"/>
+   <path d="m137.55 132.6c-4.5764-6.5703-10.231-13.107-16.951-16.669-14.077-7.4643-11.846 9.7571-20.336 12.495 5.4164-1.7474 15.763-100.47 38.497-73.601 13.584 16.049 42.546 101.66-1.2101 77.775"/>
+  </g>
+ </g>
+</svg>

infra-templates/imagepuller/config.yml

@@ -0,0 +1,8 @@
+name: Imagepuller
+description: |
+  A script to pull images for a specific Rancher version to speed up upgrades
+version: 0.1.5
+category: Automation
+maintainer: "Sebastiaan van Steenis <seb@rancher.com>"
+license: Apache 2.0
+projectURL: https://github.com/superseb/imagepuller

infra-templates/imagesyncer/0/docker-compose.yml.tpl

@@ -0,0 +1,24 @@
+version: '2'
+services:
+  imagesyncer:
+    image: superseb/imagesyncer:0.1.0
+    {{- if eq .Values.PRIVILEGED "true"}}
+    privileged: true
+    {{- end}}
+    environment:
+      CHECK_CPU_USAGE: ${CHECK_CPU_USAGE}
+      CHECK_INTERVAL: ${CHECK_INTERVAL}
+      CPU_USAGE_MAX: ${CPU_USAGE_MAX}
+      CPU_USAGE_SLEEP: ${CPU_USAGE_SLEEP}
+      RANDOM_SLEEP: ${RANDOM_SLEEP}
+    stdin_open: true
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    {{- if eq .Values.MOUNT_DOCKER_CONFIG "true"}}
+    - ${DOCKER_CONFIG_LOCATION}:/root/.docker/config.json
+    {{- end}}
+    tty: true
+    labels:
+      io.rancher.container.agent.role: environment
+      io.rancher.container.create_agent: 'true'
+      io.rancher.scheduler.global: 'true'

infra-templates/imagesyncer/0/rancher-compose.yml

@@ -0,0 +1,58 @@
+version: '2'
+catalog:
+  name: imagesyncer
+  version: 0.1.0
+  description: Sync all images in use in your environment to all hosts
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: CHECK_CPU_USAGE
+      label: CHECK_CPU_USAGE
+      description: Enable CPU usage check
+      type: boolean
+      default: true
+      required: true
+    - variable: CHECK_INTERVAL
+      label: CHECK_INTERVAL
+      description: Amount of seconds to sleep before checking images
+      type: int
+      default: 300
+      required: true
+    - variable: CPU_USAGE_MAX
+      label: CPU_USAGE_MAX
+      description: Maximum CPU usage in % to halt pulling images
+      type: int
+      default: 75
+      required: true
+    - variable: CPU_USAGE_SLEEP
+      label: CPU_USAGE_SLEEP
+      description: Amount of seconds to sleep when cpu usage is too high 
+      type: int
+      default: 120
+      required: true
+    - variable: MOUNT_DOCKER_CONFIG
+      label: MOUNT_DOCKER_CONFIG
+      description: Mount docker config as volume (for registries with authentication)
+      type: boolean
+      default: false
+      required: true
+    - variable: DOCKER_CONFIG_LOCATION
+      label: DOCKER_CONFIG_LOCATION
+      description: Docker config location on the host (for registries with authentication)
+      type: string
+      default: "/root/.docker/config.json"
+      required: true
+    - variable: PRIVILEGED
+      label: PRIVILEGED
+      description: Run as privileged (e.g. when SELinux is enabled)
+      type: boolean
+      default: false
+      required: true
+    - variable: RANDOM_SLEEP
+      label: RANDOM_SLEEP
+      description: Sleep a "random" amount of seconds between image pulls
+      type: boolean
+      default: false
+      required: true
+services:
+  imagesyncer:
+    start_on_create: true

infra-templates/imagesyncer/catalogIcon-imagesyncer.svg

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+ <defs>
+  <linearGradient id="a">
+   <stop stop-color="#fff" offset="0"/>
+   <stop stop-color="#fff" stop-opacity="0" offset="1"/>
+  </linearGradient>
+  <linearGradient id="e" x2="0" y1="7.7115" y2="24.463" gradientUnits="userSpaceOnUse">
+   <stop stop-color="#93b9dd" offset="0"/>
+   <stop stop-color="#6396cd" offset="1"/>
+  </linearGradient>
+  <linearGradient id="c" x2="0" y1="39.785" y2="23.034" gradientUnits="userSpaceOnUse">
+   <stop stop-color="#d7e866" offset="0"/>
+   <stop stop-color="#8cab2a" offset="1"/>
+  </linearGradient>
+  <linearGradient id="f" x1="34.119" x2="10.525" y1="13.085" y2="21.932" gradientUnits="userSpaceOnUse" xlink:href="#a"/>
+  <linearGradient id="d" x1="12.756" x2="36.35" y1="34.412" y2="25.564" gradientUnits="userSpaceOnUse" xlink:href="#a"/>
+  <radialGradient id="b" cx="62.625" cy="4.625" r="10.625" gradientTransform="matrix(2.1499 0 0 .87466 -110.64 34.661)" gradientUnits="userSpaceOnUse">
+   <stop offset="0"/>
+   <stop stop-opacity="0" offset="1"/>
+  </radialGradient>
+ </defs>
+ <path d="m46.842 38.707a22.842 9.2933 0 0 1 -45.685 0 22.842 9.2933 0 1 1 45.685 0z" fill="url(#b)" fill-rule="evenodd" opacity=".56044"/>
+ <path d="m23.531 4.5c-9.8484 0.39886-17.691 8.0151-18.906 17.656h10.625c1.0577-3.9266 4.8512-6.9835 9.0312-6.9375 2.3639 0.02602 4.646 0.79971 6.3438 2.4375l-4.4062 4.0625h16.031v-15.812l-4.2188 4.2188c-3.7082-3.644-7.9959-5.5648-13.469-5.625-0.34792-0.00383-0.68793-0.0139-1.0312 0z" fill="url(#e)" stroke="#387ab8" stroke-linejoin="round"/>
+ <path d="m14.219 21.75c1.2893-4.2881 5.5889-7.7538 10.125-7.6875 2.6731 0.03908 5.955 1.1919 7.9688 3.4688l-3.2188 3.0625 12.062 0.03125v-12.062l-3.1562 3.2188c-3.542-3.9509-8.0534-5.9758-13.594-6.0312-9.6095-0.09616-17.172 6.815-18.562 16" fill="none" opacity=".4" stroke="url(#f)" stroke-width="1.193"/>
+ <path d="m23.344 42.997c9.8484-0.39886 17.691-8.0151 18.906-17.656h-10.625c-1.0577 3.9266-4.8512 6.9835-9.0312 6.9375-2.3639-0.02602-4.646-0.79971-6.3438-2.4375l4.4062-4.0625h-16.031v15.812l4.2188-4.2188c3.7082 3.644 7.9959 5.5648 13.469 5.625 0.34792 0.0038 0.68793 0.01391 1.0312 0z" fill="url(#c)" stroke="#42770c" stroke-linejoin="round"/>
+ <path d="m32.656 25.747c-1.2893 4.2881-5.5889 7.7538-10.125 7.6875-2.6731-0.03908-5.955-1.1919-7.9688-3.4688l3.2188-3.0625-12.062-0.03125v12.062l3.1562-3.2188c3.542 3.9509 8.0534 5.9758 13.594 6.0312 9.6095 0.09616 17.172-6.815 18.562-16" fill="none" opacity=".4" stroke="url(#d)" stroke-width="1.193"/>
+</svg>

infra-templates/imagesyncer/config.yml

@@ -0,0 +1,8 @@
+name: Imagesyncer
+description: |
+  Sync all images in use in your environment to all hosts
+version: 0.1.0
+category: Automation
+maintainer: "Sebastiaan van Steenis <seb@rancher.com>"
+license: Apache 2.0
+projectURL: https://github.com/superseb/imagesyncer

infra-templates/infoblox/0/README.md

@@ -0,0 +1,40 @@
+## Infoblox DNS
+
+Rancher External DNS service powered by Infoblox DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/infoblox/0/docker-compose.yml

@@ -0,0 +1,16 @@
+infoblox:
+  image: rancher/external-dns:v0.7.5
+  command: -provider=infoblox
+  expose:
+   - 1000
+  environment:
+    INFOBLOX_URL: ${INFOBLOX_URL}
+    INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+    INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    SSL_VERIFY: ${SSL_VERIFY}
+    USE_COOKIES: ${USE_COOKIES}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/infoblox/0/rancher-compose.yml

@@ -0,0 +1,63 @@
+# notemplating
+.catalog:
+  name: "Infoblox DNS"
+  version: "v0.1.0"
+  description: "Rancher External DNS service powered by Infoblox"
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: "INFOBLOX_URL"
+      label: "Infoblox url"
+      description: "Infoblox url for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_USER_NAME"
+      label: "Infoblox user name"
+      description: "Infoblox user name for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_PASSWORD"
+      label: "Infoblox password"
+      description: "Infoblox password for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "SSL_VERIFY"
+      label: "Ssl verify"
+      description: "Infoblox Ssl verify for your Infoblox service"
+      type: "boolean"
+      required: true
+    - variable: "USE_COOKIES"
+      label: "Use cookies"
+      description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present"
+      type: "boolean"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+infoblox:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/infoblox/1/README.md

@@ -0,0 +1,47 @@
+## Infoblox DNS
+
+Rancher External DNS service powered by Infoblox DNS
+
+#### Usage
+
+##### Using Rancher Secrets for infloblox Password
+
+Optionally, you can use the Rancher Secrets to pass infloblox password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "infoblox-pass".
+3. Deploy this stack, emptying `Infoblox password` field.
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/infoblox/1/docker-compose.yml.tpl

@@ -0,0 +1,35 @@
+version: '2'
+services:
+  infoblox:
+    image: rancher/external-dns:v0.7.8
+    expose:
+     - 1000
+    environment:
+      INFOBLOX_URL: ${INFOBLOX_URL}
+      INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+      INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+      INFOBLOX_SECRET: '/run/secrets/infoblox-pass'
+      ROOT_DOMAIN: ${ROOT_DOMAIN}
+      SSL_VERIFY: ${SSL_VERIFY}
+      USE_COOKIES: ${USE_COOKIES}
+      TTL: ${TTL}
+    labels:
+      io.rancher.container.create_agent: "true"
+      io.rancher.container.agent.role: "external-dns"
+{{- if ne .Values.INFOBLOX_PASSWORD ""}}
+    command: -provider=infoblox
+{{- else}}
+    entrypoint:
+      - bash
+      - -c
+      - 'INFOBLOX_PASSWORD=$$(cat $${INFOBLOX_SECRET}) /usr/bin/rancher-entrypoint.sh -provider=infoblox'
+    secrets:
+      - mode: '0444'
+        uid: '0'
+        gid: '0'
+        source: 'infoblox-pass'
+        target: ''
+secrets:
+  infoblox-pass:
+    external: 'true' 
+{{- end}}

infra-templates/infoblox/1/rancher-compose.yml

@@ -0,0 +1,63 @@
+# notemplating
+.catalog:
+  name: "Infoblox DNS"
+  version: "v0.2.0"
+  description: "Rancher External DNS service powered by Infoblox"
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: "INFOBLOX_URL"
+      label: "Infoblox url"
+      description: "Infoblox url for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_USER_NAME"
+      label: "Infoblox user name"
+      description: "Infoblox user name for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_PASSWORD"
+      label: "Infoblox password"
+      description: "Infoblox password for your Infoblox service"
+      type: "password"
+      required: false
+    - variable: "SSL_VERIFY"
+      label: "Ssl verify"
+      description: "Infoblox Ssl verify for your Infoblox service"
+      type: "boolean"
+      required: true
+    - variable: "USE_COOKIES"
+      label: "Use cookies"
+      description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present"
+      type: "boolean"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+infoblox:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/infoblox/2/README.md

@@ -0,0 +1,57 @@
+## Infoblox DNS
+
+Rancher External DNS service powered by Infoblox DNS
+
+#### Usage
+
+##### Infloblox Password
+
+Infoblox password could be provided in 2 ways, depending what you set at `Infoblox password type` enum:
+
+- `env` by environment var.
+
+  Infoblox password is provided at `Infoblox password | secret name` field. This generates an enviroment variable inside container, `INFOBLOX_PASSWORD`, that contains the password in CLEAR.
+
+- `secret` by rancher secret. 
+
+  Infoblox password is provided by a Rancher Secret to secure it. Secret name is provided at `Infoblox password | secret name` field. 
+  
+  Previous steps are required to use rancher secrets:
+  1. Deploy Rancher Secrets service from library catalog, before deploying this  stack.
+  2. Create a rancher secret with your infoblox password. From ui, `Infrastructure -> Secrets`.
+  3. Deploy this stack, setting `Infoblox password type` enum to `secret`  and setting `Infoblox password | secret name` field to previously created secret name.
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/infoblox/2/docker-compose.yml.tpl

@@ -0,0 +1,32 @@
+version: '2'
+services:
+  infoblox:
+    image: rancher/external-dns:v0.7.10
+    command: -provider=infoblox {{if eq .Values.DEBUG_MODE "true" -}}-debug{{- end}}
+    expose:
+     - 1000
+    labels:
+      io.rancher.container.create_agent: "true"
+      io.rancher.container.agent.role: "external-dns"
+    environment:
+      INFOBLOX_URL: ${INFOBLOX_URL}
+      INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+      ROOT_DOMAIN: ${ROOT_DOMAIN}
+      SSL_VERIFY: ${SSL_VERIFY}
+      USE_COOKIES: ${USE_COOKIES}
+      TTL: ${TTL}
+{{- if eq .Values.INFOBLOX_PASSWORD_TYPE "env"}}
+      INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+{{- else}}
+      INFOBLOX_PASSWORD: ''
+      INFOBLOX_SECRET: '/run/secrets/${INFOBLOX_PASSWORD}'
+    secrets:
+      - mode: '0444'
+        uid: '0'
+        gid: '0'
+        source: '${INFOBLOX_PASSWORD}'
+        target: ''
+secrets:
+  {{- .Values.INFOBLOX_PASSWORD}}:
+    external: 'true' 
+{{- end}}

infra-templates/infoblox/2/rancher-compose.yml

@@ -0,0 +1,77 @@
+# notemplating
+.catalog:
+  name: "Infoblox DNS"
+  version: "v0.2.1"
+  description: "Rancher External DNS service powered by Infoblox"
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: "INFOBLOX_URL"
+      label: "Infoblox url"
+      description: "Infoblox url for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_USER_NAME"
+      label: "Infoblox user name"
+      description: "Infoblox user name for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_PASSWORD_TYPE"
+      label: "Infoblox password type"
+      description: "How infoblox password is provided by environment var or by rancher secret"
+      required: true
+      default: env
+      type: enum
+      options:
+        - env
+        - secret
+    - variable: "INFOBLOX_PASSWORD"
+      label: "Infoblox password | secret name"
+      description: "Infoblox password or secret name for your Infoblox service "
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Infoblox zone"
+      description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: true
+    - variable: "DEBUG_MODE"
+      label: "Debug mode"
+      description: "Activate debug mode"
+      type: "boolean"
+      required: true
+      default: false
+    - variable: "SSL_VERIFY"
+      label: "Ssl verify"
+      description: "Infoblox Ssl verify for your Infoblox service"
+      type: "boolean"
+      required: true
+    - variable: "USE_COOKIES"
+      label: "Use cookies"
+      description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present"
+      type: "boolean"
+      required: true
+infoblox:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/infoblox/config.yml

@@ -0,0 +1,7 @@
+name: Infoblox DNS
+description: |
+  Rancher External DNS service powered by Infoblox
+version:  v0.2.1
+category: External DNS
+labels:
+  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

infra-templates/ovh-dns/0/README.md

@@ -0,0 +1,44 @@
+## OVH DNS
+
+Rancher External DNS service powered by OVH
+
+#### Usage
+
+##### Limitation when running the service on multiple Rancher servers
+
+When running multiple instances of the External DNS service configured to use the same domain name, then only one of them can run in the "Default" environment of a Rancher server instance.
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`     
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+      
+`io.rancher.host.external_dns`    
+Accepts 'true' (default) or 'false'    
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`     
+Accepts 'always', 'never' or 'auto' (default)  
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+     
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.    
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.

infra-templates/ovh-dns/0/docker-compose.yml

@@ -0,0 +1,16 @@
+ovh:
+  image: rancher/external-dns:v0.7.10
+  command: -provider=ovh
+  expose:
+   - 1000
+  environment:
+    OVH_ENDPOINT: ${OVH_ENDPOINT}
+    OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY}
+    OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET}
+    OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: 300
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"

infra-templates/ovh-dns/0/rancher-compose.yml

@@ -0,0 +1,50 @@
+# notemplating
+.catalog:
+  name: "OVH DNS"
+  version: "v0.1.0"
+  description: "Rancher External DNS service powered by OVH"
+  minimum_rancher_version: v1.6.0-rc1
+  questions:
+    - variable: "OVH_ENDPOINT"
+      label: "OVH Endpoint"
+      description: "Enter your endpoint"
+      type: "string"
+      required: true
+    - variable: "OVH_APPLICATION_KEY"
+      label: "OVH Application Key"
+      description: "Enter your application key"
+      type: "string"
+      required: true
+    - variable: "OVH_APPLICATION_SECRET"
+      label: "OVH Application Secret"
+      description: "Enter your application secret"
+      type: "string"
+      required: true
+    - variable: "OVH_CONSUMER_KEY"
+      label: "OVH Consumer Key"
+      description: "Enter your consumer key"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain Name"
+      description: "The domain name managed by OVH."
+      type: "string"
+      required: true
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+ovh:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

infra-templates/ovh-dns/catalogIcon-ovh-dns.svg

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="354"
+   height="354"
+   version="1.1"
+   id="svg13"
+   sodipodi:docname="Logo-OVH.svg"
+   inkscape:version="0.92.2 (5c3e80d, 2017-08-06)">
+  <metadata
+     id="metadata17">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="1920"
+     inkscape:window-height="1009"
+     id="namedview15"
+     showgrid="false"
+     inkscape:zoom="1.0622592"
+     inkscape:cx="-55.59374"
+     inkscape:cy="118.73959"
+     inkscape:window-x="0"
+     inkscape:window-y="34"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="g11" />
+  <defs
+     id="defs5">
+    <clipPath
+       id="a">
+      <path
+         d="M 0,283.46 H 444.793 V 0 H 0 Z"
+         id="path2"
+         inkscape:connector-curvature="0" />
+    </clipPath>
+  </defs>
+  <g
+     clip-path="url(#a)"
+     transform="matrix(1.25,0,0,-1.25,-118.83,409.24)"
+     id="g11">
+    <path
+       d="m 298.47189,270.01024 -14.83054,-25.7701 H 268.0674 l -18.3813,-31.89637 h 15.60167 l -11.80016,-20.48806 h 38.32124 c 9.79547,11.97279 15.67854,27.27332 15.67854,43.94854 a 69.117606,69.117606 0 0 1 -9.0155,34.20725 m -75.8953,-78.15579 h 0.0378 l -0.0189,0.034 47.61648,82.69945 h -40.28312 l -27.46106,-47.72736 -24.85658,43.18874 a 69.112566,69.112566 0 0 1 -9.03819,-34.24757 c 0,-16.67522 5.88182,-31.97449 15.67854,-43.94728 z M 111.19132,135.76302 c 0,-13.73054 6.26612,-20.27891 17.03811,-20.27891 10.77324,0 17.03936,6.54837 17.03936,20.27765 0,13.79983 -6.26612,20.34694 -17.03936,20.34694 -10.77325,0 -17.03811,-6.54711 -17.03811,-20.34694 m -4.92922,0 c 0,16.68656 8.30862,24.71294 21.96733,24.71294 13.65871,0 21.96734,-8.02638 21.96734,-24.71294 0,-16.54419 -8.30737,-24.64239 -21.96734,-24.64239 -13.65871,0 -21.96733,8.09694 -21.96733,24.64239 m 81.60196,22.74225 c 0.21042,0.56324 0.91604,1.54858 2.25293,1.54858 1.33815,0 2.39405,-1.05591 2.39405,-2.39406 0,-0.4221 -0.14112,-0.84421 -0.21168,-1.0559 l -16.47487,-43.44075 c -0.35281,-0.98661 -1.33815,-1.6204 -2.25293,-1.6204 -0.91605,0 -1.90265,0.63379 -2.25294,1.6204 l -16.47613,43.44075 c -0.0706,0.21169 -0.21168,0.6338 -0.21168,1.0559 0,1.33815 1.05716,2.39406 2.39405,2.39406 1.33815,0 2.04125,-0.98534 2.25293,-1.54984 l 14.29377,-37.87772 z m 16.40305,-24.29083 v -20.27765 c 0,-1.26632 -1.0559,-2.39405 -2.39405,-2.39405 -1.33563,0 -2.39406,1.12773 -2.39406,2.39405 v 43.723 c 0,1.26759 1.05843,2.39406 2.39406,2.39406 1.33815,0 2.39405,-1.12647 2.39405,-2.39406 v -19.07935 h 24.50126 v 19.07935 c 0,1.26759 1.05842,2.39406 2.39405,2.39406 1.33815,0 2.39405,-1.12647 2.39405,-2.39406 v -43.723 c 0,-1.26632 -1.0559,-2.39405 -2.39405,-2.39405 -1.33563,0 -2.39405,1.12773 -2.39405,2.39405 v 20.27765 z"
+       id="path7"
+       inkscape:connector-curvature="0"
+       style="fill:#264670;stroke-width:1.2600286" />
+    <path
+       d="m 241.5123,114.85031 c 0,2.32476 1.26758,3.38066 3.30883,3.38066 2.04251,0 3.3101,-1.0559 3.3101,-3.38066 0,-2.32349 -1.26759,-3.30883 -3.3101,-3.30883 -2.04125,0 -3.30883,0.98534 -3.30883,3.30883 m 25.9087,30.20542 c 6.26612,0 9.71608,-3.30884 10.84129,-4.85741 0.35281,-0.49267 0.49393,-0.84548 0.49393,-1.33815 0,-1.19703 -0.91478,-2.04125 -2.04125,-2.04125 -0.70561,0 -1.19702,0.28099 -1.69096,0.84422 -1.0559,1.19703 -2.95602,3.30884 -7.60301,3.30884 -6.47654,0 -9.92776,-4.15306 -9.92776,-12.81324 0,-8.80256 3.44996,-12.88506 9.92902,-12.88506 4.08249,0 6.54585,1.82957 8.16499,3.02785 0.49393,0.35155 0.84548,0.49267 1.33815,0.49267 1.12772,0 2.0425,-0.91478 2.0425,-2.0425 0,-0.6338 -0.21168,-1.12521 -0.91478,-1.759 -1.54983,-1.26759 -4.93049,-3.80277 -10.63212,-3.80277 -9.08228,0 -14.50293,5.4219 -14.50293,16.96881 0,11.54691 5.42191,16.89699 14.50293,16.89699 m 41.53936,-16.89699 c 0,8.87061 -3.72968,12.81324 -10.20875,12.81324 -6.47654,0 -10.20875,-3.94389 -10.20875,-12.8145 0,-9.01047 3.73095,-12.8838 10.20875,-12.8838 6.47781,0 10.20875,3.87333 10.20875,12.88506 m 4.57769,0 c 0,-11.54691 -5.63233,-16.96881 -14.78644,-16.96881 -9.08354,0 -14.78517,5.4219 -14.78517,16.96881 0,11.54691 5.70163,16.89699 14.78517,16.89699 9.15285,0 14.78644,-5.35008 14.78644,-16.89699 m 55.47905,4.43405 v -18.79838 a 2.2239504,2.2239504 0 0 0 -2.25293,-2.25293 2.2239504,2.2239504 0 0 0 -2.25293,2.25293 v 17.8836 c 0,5.56176 -1.97194,9.36453 -8.80256,9.36453 -6.05317,0 -8.80004,-3.23828 -8.80004,-8.44975 v -18.79838 a 2.2239504,2.2239504 0 0 0 -2.25293,-2.25293 2.2239504,2.2239504 0 0 0 -2.25293,2.25293 v 17.8836 c 0,5.56176 -1.76026,9.36453 -8.66017,9.36453 -6.54711,0 -8.66018,-3.94389 -8.66018,-9.85722 v -17.39091 a 2.2239504,2.2239504 0 0 0 -2.25293,-2.25293 2.2239504,2.2239504 0 0 0 -2.25293,2.25293 v 28.58628 c 0,1.26633 0.98534,2.25293 2.25293,2.25293 a 2.2239504,2.2239504 0 0 0 2.25293,-2.25293 v -2.25419 c 1.19703,2.60574 4.57642,4.92923 9.15285,4.92923 5.77471,0 9.50439,-2.11181 11.19409,-4.92923 1.76152,2.74686 4.85993,4.92923 10.27931,4.92923 10.84381,0 13.30842,-6.47655 13.30842,-12.46168"
+       id="path9"
+       inkscape:connector-curvature="0"
+       style="fill:#8a8a89;stroke-width:1.2600286" />
+  </g>
+</svg>

infra-templates/ovh-dns/config.yml

@@ -0,0 +1,7 @@
+name: OVH DNS
+description: |
+  Rancher External DNS service powered by OVH
+version: v0.1.0
+category: External DNS
+labels:
+  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

infra-templates/pipeline/0/README.md

@@ -0,0 +1,40 @@
+# Rancher Pipeline
+
+Easier to use, Easier to integrate CI/CD with Rancher.
+
+## Description
+
+This template deploys Rancher Pipeline, the continuous integration service powered by Jenkins.
+
+It will be set up as an infrastructure stack in the Rancher environment.
+
+## Prerequisite
+
+Minimum system requirement of 2 core, 4 GB memory.
+
+## Features
+
+- Configure and manage your CI jobs in native Rancher UI.
+- Simple to use, container based continuous integration system.
+- multiple trigger types supported.
+- Flexible CI flow control(stop, rerun, timeout, parallel/serial run, approve/deny, etc. ).
+
+## Parameters
+
+- `# of slaves`: The number of Jenkins slave to set up. Please set at least one slave. You can also do scaling of slaves after installation. 
+- `# of executors`: The number of executors on each Jenkins slave. The maximum number of concurrent builds that Jenkins may perform on a agent. A good value to start with would be the number of CPU cores on the machine. Setting a higher value would cause each build to take longer, but could increase the overall throughput. For example, one build might be CPU-bound, while a second build running at the same time might be I/O-bound — so the second build could take advantage of the spare I/O capacity at that moment. Agents must have at least one executor. 
+
+
+- `Host with Label to put pipeline components on`: This parameter specify the host labels to use. Pipeline components will be scheduled to dedicated hosts matching these host labels.
+
+## Usage:
+
+Select the template from the catalog.
+
+Configure the parameters according to your workload and resource.
+
+Click `Launch`.
+
+After service is up, access Pipeline UI on top navigation bar of Rancher UI.
+
+See [Pipeline documentation](https://github.com/rancher/pipeline) for detail information.

infra-templates/pipeline/0/docker-compose.yml.tpl

@@ -0,0 +1,82 @@
+{{- $jenkinsMasterImage:="jenkins/jenkins:2.60.2-alpine"}}
+{{- $jenkinsBootImage:="rancher/jenkins-boot:v0.1.1"}}
+{{- $jenkinsSlaveImage:="rancher/pipeline-jenkins-slave:v0.1.0"}}
+{{- $pipelineServerImage:="rancher/pipeline:v0.1.0"}}
+{{- $pipelineUIImage:="rancher/pipeline-ui:v0.1.0"}}
+
+version: '2'
+services:
+  jenkins-master:
+    image: {{$jenkinsMasterImage}}
+    restart: always
+    environment:
+      - JENKINS_SLAVE_AGENT_PORT=50000
+      - JENKINS_HOME=/var/jenkins_home
+    volumes_from:
+      - jenkins-boot
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      io.rancher.sidekicks: jenkins-boot
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  jenkins-boot:
+    image: {{$jenkinsBootImage}}
+    volumes:
+      - jenkins_home:/var/jenkins_home
+    labels:
+      io.rancher.container.start_once: true
+  jenkins-slave:
+    image: {{$jenkinsSlaveImage}}
+    restart: always
+    links:
+      - jenkins-master
+    environment:
+      - SLAVE_EXECUTORS=${EXECUTORS}
+      - JENKINS_MASTER=http://jenkins-master:8080
+      - JENKINS_USERNAME=admin
+      - JENKINS_PASSWORD=admin
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/jenkins_home
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.pull_image: always
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  pipeline-server:
+    image: {{$pipelineServerImage}}
+    restart: always
+    links:
+      - jenkins-master
+    environment:
+      - JENKINS_ADDRESS=http://jenkins-master:8080
+      - JENKINS_USER=admin
+      - JENKINS_TOKEN=admin
+    labels:
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.pull_image: always
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  pipeline-ui:
+    image: {{$pipelineUIImage}}
+    restart: always
+    labels:
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environment
+      io.rancher.container.pull_image: always
+      io.rancher.service.ui_link.label: "{\"en-us\":\"PIPELINE\",\"zh-hans\":\"流水线\"}"
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+volumes:
+  jenkins_home:
+    driver: "local"

infra-templates/pipeline/0/rancher-compose.yml

@@ -0,0 +1,29 @@
+version: '2'
+catalog:
+  name: Pipeline
+  version: v0.1.0
+  minimum_rancher_version: 1.6.13-rc2
+  maximum_rancher_version: 1.6.13-rc2
+  description: "Rancher Pipeline"
+  questions:
+    - variable: SLAVES
+      type: "int"
+      default: "1"
+      label: "# of slaves"
+      description: "How many jenkins slaves to run ci tasks. At least 1."
+    - variable: EXECUTORS
+      type: "int"
+      default: "2"
+      label: "# of executors"
+      description: "How many executors on a jenkins slave"
+    - variable: HOST_LABEL
+      label: "Host with Label to put pipeline components on"
+      description: |
+        Run pipeline components on Host with specific labels. 
+        Example: 'pipeline=true'
+      required: false
+      default: ""
+      type: "string"
+services:
+  jenkins-slave:
+    scale: ${SLAVES}

infra-templates/pipeline/1/README.md

@@ -0,0 +1,40 @@
+# Rancher Pipeline
+
+Easier to use, Easier to integrate CI/CD with Rancher.
+
+## Description
+
+This template deploys Rancher Pipeline, the continuous integration service powered by Jenkins.
+
+It will be set up as an infrastructure stack in the Rancher environment.
+
+## Prerequisite
+
+Minimum system requirement of 2 core, 4 GB memory.
+
+## Features
+
+- Configure and manage your CI jobs in native Rancher UI.
+- Simple to use, container based continuous integration system.
+- multiple trigger types supported.
+- Flexible CI flow control(stop, rerun, timeout, parallel/serial run, approve/deny, etc. ).
+
+## Parameters
+
+- `# of slaves`: The number of Jenkins slave to set up. Please set at least one slave. You can also do scaling of slaves after installation. 
+- `# of executors`: The number of executors on each Jenkins slave. The maximum number of concurrent builds that Jenkins may perform on a agent. A good value to start with would be the number of CPU cores on the machine. Setting a higher value would cause each build to take longer, but could increase the overall throughput. For example, one build might be CPU-bound, while a second build running at the same time might be I/O-bound — so the second build could take advantage of the spare I/O capacity at that moment. Agents must have at least one executor. 
+
+
+- `Host with Label to put pipeline components on`: This parameter specify the host labels to use. Pipeline components will be scheduled to dedicated hosts matching these host labels.
+
+## Usage:
+
+Select the template from the catalog.
+
+Configure the parameters according to your workload and resource.
+
+Click `Launch`.
+
+After service is up, access Pipeline UI on top navigation bar of Rancher UI.
+
+See [Pipeline documentation](https://github.com/rancher/pipeline) for detail information.

infra-templates/pipeline/1/docker-compose.yml.tpl

@@ -0,0 +1,82 @@
+{{- $jenkinsMasterImage:="jenkins/jenkins:2.60.2-alpine"}}
+{{- $jenkinsBootImage:="rancher/pipeline-jenkins-boot:v1.0.0"}}
+{{- $jenkinsSlaveImage:="rancher/pipeline-jenkins-slave:v1.0.0"}}
+{{- $pipelineServerImage:="rancher/pipeline:v0.1.1"}}
+{{- $pipelineUIImage:="rancher/pipeline-ui:v1.0.1"}}
+
+version: '2'
+services:
+  jenkins-master:
+    image: {{$jenkinsMasterImage}}
+    restart: always
+    environment:
+      - JENKINS_SLAVE_AGENT_PORT=50000
+      - JENKINS_HOME=/var/jenkins_home
+    volumes_from:
+      - jenkins-boot
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      io.rancher.sidekicks: jenkins-boot
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  jenkins-boot:
+    image: {{$jenkinsBootImage}}
+    volumes:
+      - jenkins_home:/var/jenkins_home
+    labels:
+      io.rancher.container.start_once: true
+  jenkins-slave:
+    image: {{$jenkinsSlaveImage}}
+    restart: always
+    links:
+      - jenkins-master
+    environment:
+      - SLAVE_EXECUTORS=${EXECUTORS}
+      - JENKINS_MASTER=http://jenkins-master:8080
+      - JENKINS_USERNAME=admin
+      - JENKINS_PASSWORD=admin
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/jenkins_home
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.pull_image: always
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  pipeline-server:
+    image: {{$pipelineServerImage}}
+    restart: always
+    links:
+      - jenkins-master
+    environment:
+      - JENKINS_ADDRESS=http://jenkins-master:8080
+      - JENKINS_USER=admin
+      - JENKINS_TOKEN=admin
+    labels:
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.pull_image: always
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+  pipeline-ui:
+    image: {{$pipelineUIImage}}
+    restart: always
+    labels:
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environment
+      io.rancher.container.pull_image: always
+      io.rancher.service.ui_link.label: "{\"en-us\":\"PIPELINE\",\"zh-hans\":\"流水线\"}"
+  {{- if ne .Values.HOST_LABEL "" }}
+      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
+  {{- end }}
+volumes:
+  jenkins_home:
+    driver: "local"

infra-templates/pipeline/1/rancher-compose.yml

@@ -0,0 +1,28 @@
+version: '2'
+catalog:
+  name: Pipeline
+  version: v0.1.1
+  minimum_rancher_version: 1.6.13-rc2
+  description: "Rancher Pipeline"
+  questions:
+    - variable: SLAVES
+      type: "int"
+      default: "1"
+      label: "# of slaves"
+      description: "How many jenkins slaves to run ci tasks. At least 1."
+    - variable: EXECUTORS
+      type: "int"
+      default: "2"
+      label: "# of executors"
+      description: "How many executors on a jenkins slave"
+    - variable: HOST_LABEL
+      label: "Host with Label to put pipeline components on"
+      description: |
+        Run pipeline components on Host with specific labels. 
+        Example: 'pipeline=true'
+      required: false
+      default: ""
+      type: "string"
+services:
+  jenkins-slave:
+    scale: ${SLAVES}

infra-templates/pipeline/catalogIcon-CICD.svg

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 242.2 107.4" style="enable-background:new 0 0 242.2 107.4;" xml:space="preserve">
+<g>
+	<g>
+		<path d="M229,23.6l-2.5-14.9c-0.8-4.8-2.7-8.7-4.1-8.7c-1.5,0-2.7,4-2.7,8.8v3.9c0,4.8-4,8.8-8.8,8.8H207c-0.3,0-0.6,0-0.8,0v10.7
+			c0.3,0,0.6,0,0.8,0h14.7C226.5,32.2,229.8,28.3,229,23.6"/>
+		<path d="M193.9,11h-23.7c-0.2,0-0.4,0-0.6,0h-24.4c-0.3,0-0.6,0-0.8,0.1V8.8c0-4.8-1.2-8.8-2.7-8.8s-3.3,3.9-4.1,8.7l-2.5,14.9
+			c-0.8,4.8,2.5,8.7,7.4,8.7h14.6c1.5,0,2.9-0.2,4.2-0.6c-0.5,2.5-2.6,4.4-5.3,4.4h-20.5c-3.3,0-5.8-3-5.3-6.3l2.1-12.5
+			c0.5-3.3-2-6.3-5.3-6.3H24.8c-2.2,0-4,1.3-4.9,3.2L0.7,43.5c-0.3,0.5-0.3,1.1,0.1,1.6l3.7,4.4c0.5,0.6,1.3,0.6,1.9,0.2l13.1-10.3
+			V102c0,3,2.4,5.4,5.4,5.4h29c3,0,5.4-2.4,5.4-5.4V80.2c0-3,2.4-5.4,5.4-5.4h72.4c3,0,5.4,2.4,5.4,5.4V102c0,3,2.4,5.4,5.4,5.4h29
+			c3,0,5.4-2.4,5.4-5.4V78.6h-15.4c-4.8,0-8.8-4-8.8-8.8V54.7c0-2.9,1.4-5.4,3.5-7v18c0,4.8,4,8.8,8.8,8.8h23.7c4.8,0,8.8-4,8.8-8.8
+			V19.9C202.7,14.9,198.8,11,193.9,11"/>
+	</g>
+	<g>
+		<path d="M230.6,5.6c0-3.9,2.9-5.6,5.6-5.6s5.6,1.7,5.6,5.6c0,3.8-2.9,5.5-5.6,5.5S230.6,9.4,230.6,5.6z M240.5,5.6
+			c0-3.1-2-4.4-4.2-4.4S232,2.5,232,5.6c0,3,2.1,4.4,4.3,4.4C238.5,9.9,240.5,8.6,240.5,5.6z M234.4,2.8h2c1,0,2,0.3,2,1.7
+			c0,0.8-0.6,1.3-1.3,1.5l1.3,2.3h-1.2L236,6.1h-0.5v2.2h-1.1L234.4,2.8L234.4,2.8z M236.4,5.3c0.5,0,0.9-0.3,0.9-0.8
+			c0-0.6-0.5-0.7-0.9-0.7h-1v1.5H236.4z"/>
+	</g>
+</g>
+</svg>

infra-templates/pipeline/config.yml

@@ -0,0 +1,7 @@
+name: Rancher Pipeline 
+description: Rancher CI service
+version: v0.1.1
+category: Continuous Integration 
+labels:
+  io.rancher.certified: Experimental
+  io.rancher.orchestration.supported: 'cattle'

infra-templates/pipework/0/README.md

@@ -0,0 +1,30 @@
+# Pipework
+
+*Software-Defined Networking for Linux Containers*
+
+## Description
+
+* GitHub: [jpetazzo/pipework](https://github.com/jpetazzo/pipework)
+* Docker Hub: [dreamcat4/pipework](https://hub.docker.com/r/dreamcat4/pipework/)
+
+By this catalog, to configure more flexible container network is available.  
+A good example of this, there is multiple container networks.
+
+## Deployment
+
+1. Select the template from the catalog.
+2. Click `Launch`.
+
+## Usage
+
+To deploy a container having two NICs as an example, deploy it by the following steps.
+
+1. Create *Stack*.
+    * Already created *Stack* is available.
+2. Create *Service*.
+    * Already created *Service* is available.
+3. Set *Environment*.
+    * pipework_cmd_0: eth0 -i eth0 @CONTAINER_NAME@ 192.168.1.101/24 02:42:c0:a8:01:65@100
+    * pipework_cmd_1: eth1 -i eth0 @CONTAINER_NAME@ 192.168.2.101/24 02:42:c0:a8:02:65@200
+
+You can see the more details from [dreamcat4/pipework](https://github.com/dreamcat4/docker-images/tree/master/pipework).

infra-templates/pipework/0/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2'
+services:
+  pipework:
+    privileged: true
+    image: dreamcat4/pipework:1.1.6
+    stdin_open: true
+    network_mode: host
+    volumes:
+    - /var/run/docker.sock:/docker.sock
+    tty: true
+    pid: host
+    environment:
+      run_mode: batch,daemon
+    labels:
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.create_agent: 'true'
+      io.rancher.scheduler.global: 'true'

infra-templates/pipework/0/rancher-compose.yml

@@ -0,0 +1,10 @@
+version: '2'
+catalog:
+  name: "Pipework"
+  description: |
+    "Software-Defined Networking for Linux Containers"
+  version: v0.1.0
+  minimum_rancher_version: v1.6.10
+services:
+  pipework:
+    start_on_create: true

infra-templates/pipework/config.yml

@@ -0,0 +1,6 @@
+name: Pipework
+description: |
+  Software-Defined Networking for Linux Containers
+version: v0.1.0
+category: Network
+license:

machine-templates/hetzner/0/checksum

@@ -0,0 +1 @@
+5acf919d3c4d7e0be072717a3139990c

machine-templates/hetzner/0/rancher-compose.yml

@@ -0,0 +1,3 @@
+.catalog:
+  name: hetzner
+  version: "1.0.0"

machine-templates/hetzner/0/uiUrl

@@ -0,0 +1 @@
+https://mxschmitt.github.io/ui-driver-hetzner/dist/component.js

machine-templates/hetzner/0/url

@@ -0,0 +1 @@
+https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/0.2.7/docker-machine-driver-hetzner_0.2.7_linux_amd64.tar.gz

machine-templates/hetzner/1/checksum

@@ -0,0 +1 @@
+1b1c6e0ce8669ae76e7ea9fd7c8de32d

machine-templates/hetzner/1/rancher-compose.yml

@@ -0,0 +1,3 @@
+.catalog:
+  name: hetzner
+  version: "1.0.1"

machine-templates/hetzner/1/uiUrl

@@ -0,0 +1 @@
+https://storage.googleapis.com/hcloud-rancher-v1-ui-driver/component.js

machine-templates/hetzner/1/url

@@ -0,0 +1 @@
+https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.1.0/docker-machine-driver-hetzner_1.1.0_linux_amd64.tar.gz

machine-templates/hetzner/config.yml

@@ -0,0 +1,2 @@
+name: hetzner
+version: "1.0.1"

machine-templates/profitbricks/1/rancher-compose.yml

@@ -0,0 +1,3 @@
+.catalog:
+  name: "profitbricks"
+  version: "v1.3.3"

machine-templates/profitbricks/1/uiUrl

@@ -0,0 +1 @@
+https://profitbricks.github.io/ui-driver-profitbricks/docs/1.2.0/component.js

machine-templates/profitbricks/1/url

@@ -0,0 +1 @@
+https://github.com/profitbricks/docker-machine-driver-profitbricks/releases/download/v1.3.3/docker-machine-driver-profitbricks-v1.3.3-linux-amd64.tar.gz

templates/Prometheus/6/README.md

@@ -0,0 +1,26 @@
+# Prometheus
+
+### Info:
+
+This template deploys a collection of monitoring services based upon the technologies listed below, once deployed you should have a monitoring platform capable of querying a wide variety of metrics that represent your environment, also included are somehandy pre-configured dashboards to get you started.
+
+In this catalog item, the following technologies are utilised to make this as useful as possible;
+
+* [Prometheus](https://github.com/prometheus/prometheus) - Used to scrape and store metrics from our data sources.
+* [Prometheus Node Exporter](https://github.com/prometheus/node_exporter) - Gets host level metrics and exposes them to Prometheus.
+* [cAdvisor](https://github.com/google/cadvisor) - Deploys and Exposes the cadvsior stats used by Rancher's agent container, to Prometheus.
+* [Grafana](https://github.com/grafana/grafana/) - Used to visualise the data from Prometheus and InfluxDB.
+* [Prometheus Rancher Exporter](https://github.com/infinityworksltd/prometheus-rancher-exporter/) - Allows Prometheus to access the Rancher API and return the status of any stack or service in the rancher environment associated with the API key used.
+
+The full compliment of metrics from the Rancher server itsself are now available for graphing directly in Prometheus, this is easily enabled with an environment variable. For those interested, I've documented the steps [here].(https://github.com/infinityworksltd/Guide_Rancher_Monitoring)
+
+All components in this stack are open source tools available in the community. All this template does is to bound them together in an easy to use package. I expect most people who find this useful will make use of this as a starting point and develop it further around their own needs.
+ 
+## Deployment:
+1. Select Prometheus from the community catalog.
+2. Enter the IP Address of your Rancher server (used for accessing Ranchers own metrics, optional)
+3. Click deploy.
+
+## Usage
+* Grafana will now be available on, running on port 3000. I've added a number of dashboards to help get you started. Authentication is with the default `admin/admin`.
+* Prometheus will now be available, running on port 9090. Have a play around with some of the data. For more information on Prometheus, check out their [documentation](https://prometheus.io/docs/introduction/overview/).

templates/Prometheus/6/docker-compose.yml

@@ -0,0 +1,74 @@
+cadvisor:
+  labels:
+    io.rancher.scheduler.global: 'true'
+  tty: true
+  image: google/cadvisor:latest
+  stdin_open: true
+  volumes:
+    - "/:/rootfs:ro"
+    - "/var/run:/var/run:rw"
+    - "/sys:/sys:ro"
+    - "/var/lib/docker/:/var/lib/docker:ro"
+
+node-exporter:
+  labels:
+    io.rancher.scheduler.global: 'true'
+  tty: true
+  image: prom/node-exporter:latest
+  stdin_open: true
+
+prom-conf:
+    tty: true
+    image: infinityworks/prom-conf:20
+    volumes:
+      - /etc/prom-conf/
+    net: none
+
+prometheus:
+    tty: true
+    image: prom/prometheus:v2.1.0
+    command: --config.file=/etc/prom-conf/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/etc/prometheus/console_libraries --web.console.templates=/etc/prometheus/consoles
+    ports:
+      - 9090:9090
+    labels:
+      io.rancher.sidekicks: prom-conf
+    volumes_from:
+      - prom-conf
+    volumes:
+      - prometheus-data:/prometheus
+    volume_driver: ${VOLUME_DRIVER}
+    links:
+    - cadvisor:cadvisor
+    - node-exporter:node-exporter
+    - prometheus-rancher-exporter:prometheus-rancher-exporter
+    extra_hosts:
+    - "rancher-server:${RANCHER_SERVER}"
+
+graf-db:
+    tty: true
+    image: infinityworks/graf-db:11
+    command: cat
+    volumes:
+      - grafana-data:/var/lib/grafana/
+    volume_driver: ${VOLUME_DRIVER}
+    net: none
+
+grafana:
+    tty: true
+    image: grafana/grafana:5.0.0
+    ports:
+      - 3000:3000
+    labels:
+      io.rancher.sidekicks: graf-db
+    volumes_from:
+       - graf-db
+    links:
+      - prometheus:prometheus
+      - prometheus-rancher-exporter:prometheus-rancher-exporter
+
+prometheus-rancher-exporter:
+    tty: true
+    labels:
+      io.rancher.container.create_agent: true
+      io.rancher.container.agent.role: environment
+    image: infinityworks/prometheus-rancher-exporter:v0.22.52

templates/Prometheus/6/rancher-compose.yml

@@ -0,0 +1,54 @@
+.catalog:
+  name: "Prometheus"
+  version: "4.0.0"
+  description: "Prometheus Monitoring Solution"
+  uuid: prometheus-2
+  minimum_rancher_version: v1.5.5
+  questions:
+  - variable: "RANCHER_SERVER"
+    label: "Rancher Server"
+    description: "IP Address of the rancher server, no HTTP or slashes. This is only required for users that have enabled metrics to be exported by Rancher"
+    default: "0.0.0.0"
+    required: false
+    type: "string"
+  - variable: "VOLUME_DRIVER"
+    description: "The VOLUME driver to associate with this server"
+    label: "VOLUME Driver"
+    required: true
+    default: "local"
+    type: enum
+    options:
+      - local
+      - rancher-nfs
+      - rancher-efs
+      - rancher-ebs
+
+prometheus:
+  scale: 1
+  health_check:
+    port: 9090
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: ''
+    healthy_threshold: 2
+    response_timeout: 5000
+
+grafana:
+  scale: 1
+  health_check:
+    port: 3000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: ''
+    healthy_threshold: 2
+    response_timeout: 5000
+
+prometheus-rancher-exporter:
+  scale: 1
+  health_check:
+    port: 9173
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: ''
+    healthy_threshold: 2
+    response_timeout: 5000

templates/Prometheus/config.yml

@@ -1,5 +1,5 @@
 name: Prometheus
 description: |
   Prometheus and friends, auto-discovering monitoring solution for Rancher deployments.
-version: 3.0.0
+version: 4.0.0
 category: Monitoring

templates/apache-guacamole/0/README.md

@@ -0,0 +1,19 @@
+# Apache Guacamole
+
+Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
+We call it clientless because no plugins or client software are required.
+Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
+
+This service uses the official Apache [http://guacamole.incubator.apache.org](https://hub.docker.com/r/glyptodon/guacamole/) Guacamole image. It also uses the official MariaDB image as its backend.
+Health checks are enabled on all services.
+
+## How to use
+
+Using all default settings will work. The MySQL root password is randomly generated and has "one time password" set.
+After starting, the initial database setup will be executed by a runonce container.
+The default login will be `guacadmin/guacadmin`.
+
+This stack exposes Guacamole on port 8080 by default. You can use it as it is, or map a load balancer to it and not expose the port.
+
+Once all containers are running, Guacamole is available on `http://[container_ip]:8080/`.
+If the page is blank, try refreshing the page after 5-10 seconds, since the database container might still be initializing.

templates/apache-guacamole/0/docker-compose.yml

@@ -0,0 +1,49 @@
+database-data:
+  image: busybox
+  labels:
+    io.rancher.container.start_once: 'true'
+  net: none
+  entrypoint: /bin/true
+  volumes:
+    - /var/lib/mysql
+    - /docker-entrypoint-initdb.d
+database:
+  image: mariadb
+  environment:
+    MYSQL_DATABASE: ${guacamole_db}
+    MYSQL_ONETIME_PASSWORD: 'true'
+    MYSQL_PASSWORD: ${guacamole_password}
+    MYSQL_RANDOM_ROOT_PASSWORD: 'true'
+    MYSQL_USER: ${guacamole_user}
+  volumes_from:
+    - database-data
+  labels:
+    io.rancher.sidekicks: setup-get-db-script, database-data
+setup-get-db-script:
+  image: glyptodon/guacamole:0.9.10-incubating
+  net: none
+  volumes_from:
+    - database-data
+  command:
+  - bash
+  - -c
+  - /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql
+  labels:
+    io.rancher.container.start_once: 'true'
+guacd:
+  image: glyptodon/guacd:0.9.10-incubating
+guacamole:
+  image: glyptodon/guacamole:0.9.10-incubating
+  environment:
+    MYSQL_DATABASE: ${guacamole_db}
+    MYSQL_HOSTNAME: database
+    MYSQL_PASSWORD: ${guacamole_password}
+    MYSQL_USER: ${guacamole_user}
+  links:
+   - guacd:guacd
+  ports:
+    - ${public_port}:8080/tcp
+  command:
+    - /bin/bash
+    - -c
+    - cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh;

templates/apache-guacamole/0/rancher-compose.yml

@@ -0,0 +1,68 @@
+version: '2'
+services:
+  guacamole:
+    scale: 1
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 8080
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      strategy: recreate
+      request_line: GET "/guacamole" "HTTP/1.0"
+      reinitializing_timeout: 60000
+  guacd:
+    scale: 1
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 4822
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      strategy: recreate
+      reinitializing_timeout: 60000
+  setup-get-db-script:
+    scale: 1
+  database:
+    scale: 1
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 3306
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      strategy: recreate
+      reinitializing_timeout: 60000
+.catalog:
+  name: "apache-guacamole"
+  version: "0.1-rancher1"
+  description: " Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH."
+  minimum_rancher_version: v0.46.0
+  questions:
+    - variable: "guacamole_db"
+      label: "MySQL Database Name"
+      description: "Your MYSQL guacamole database name"
+      default: "guacamole_db"
+      required: true
+      type: "string"
+    - variable: "guacamole_user"
+      label: "MySQL Database User"
+      description: "Your MYSQL guacamole user name"
+      required: true
+      default: "guacamole_user"
+      type: "string"
+    - variable: "guacamole_password"
+      label: "MySQL Database Password"
+      description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\""
+      required: true
+      default: "guacamole_password"
+      type: "password"
+    - variable: "public_port"
+      label: "Public Port"
+      description: "The public port that Guacamole listens on, defaults to 8080"
+      required: true
+      default: 8080
+      type: "int"

templates/apache-guacamole/config.yml

@@ -0,0 +1,8 @@
+name: Apache Guacamole
+description: |
+  Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
+version: 0.1-rancher1
+category: Applications
+license: 
+maintainer: "Kevin Xu <accoleon@gmail.com>"
+projectURL: https://github.com/glyptodon/guacamole-docker

templates/aqua/0/README.md

@@ -0,0 +1,11 @@
+# Aqua
+Aqua’s comprehensive, purpose-built platform for container security provides full visibility and control over containerized environments, with tight runtime security controls and intrusion prevention capabilities, at any scale. The platform provides programmatic access to all its functions through an API.
+#### Features
+- **Continuous Image Assurance:** Scan images for vulnerabilities and malicious behavior, enforce image integrity and permissions from dev to production.
+- **Runtime Protection:** Gain real-time visibility into container activity, enforce policies, and detect and prevent configuration errors, exploits and attacks.
+- **Docker Security:** Scalable security controls for Docker environments that provide optimal, contextualized hardening and runtime protection.of the entire stack.
+- **Network Nano-Segmentation:** Lock down container network activity to permit only legitimate connections in the application context, limiting the "blast radius" in case of an attack.
+- **User Access Control:** Fine-grained access control that enforces role-based access privileges at the container level.with full end-user accountability.
+- **Auditing & Compliance:** Track and audit events in your containerized applications, with real-time logging of granular event data and SIEM integration.
+#### Request a Trial
+For trail please contact <a style="font-weight:bold" href="mailto:contact@aquasec.com">contact@aquasec.com</a>

templates/aqua/0/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2'
+services:
+  aqua-csp-service:
+    image: aquasec/csp:2.6.3
+    hostname: aqua-csp
+    environment:
+      BATCH_INSTALL_ENFORCE_MODE: n
+      BATCH_INSTALL_GATEWAY: csp
+      BATCH_INSTALL_NAME: default
+      BATCH_INSTALL_TOKEN: aqua-csp
+      SCALOCK_GATEWAY_NAME: csp
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /tmp/aqua-data:/var/lib/postgresql/data
+    ports:
+    - ${console_port}:8080/tcp
+    - 3622:3622/tcp
+    user: root

templates/aqua/0/rancher-compose.yml

@@ -0,0 +1,12 @@
+.catalog:
+  name: "aqua"
+  version: "2.6.3"
+  description: "aqua csp 2.6.3"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: console_port
+      description: "Port of the management console"
+      label: "Console Port"
+      type: "int"
+      required: true
+      default: "9090"

templates/aqua/1/README.md

@@ -0,0 +1,11 @@
+# Aqua
+Aqua’s comprehensive, purpose-built platform for container security provides full visibility and control over containerized environments, with tight runtime security controls and intrusion prevention capabilities, at any scale. The platform provides programmatic access to all its functions through an API.
+#### Features
+- **Continuous Image Assurance:** Scan images for vulnerabilities and malicious behavior, enforce image integrity and permissions from dev to production.
+- **Runtime Protection:** Gain real-time visibility into container activity, enforce policies, and detect and prevent configuration errors, exploits and attacks.
+- **Docker Security:** Scalable security controls for Docker environments that provide optimal, contextualized hardening and runtime protection.of the entire stack.
+- **Network Nano-Segmentation:** Lock down container network activity to permit only legitimate connections in the application context, limiting the "blast radius" in case of an attack.
+- **User Access Control:** Fine-grained access control that enforces role-based access privileges at the container level.with full end-user accountability.
+- **Auditing & Compliance:** Track and audit events in your containerized applications, with real-time logging of granular event data and SIEM integration.
+#### Request a Trial
+For trail please contact <a style="font-weight:bold" href="mailto:contact@aquasec.com">contact@aquasec.com</a>

templates/aqua/1/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2'
+services:
+  aqua-csp-service:
+    image: aquasec/csp:2.6.4
+    hostname: aqua-csp
+    environment:
+      BATCH_INSTALL_ENFORCE_MODE: n
+      BATCH_INSTALL_GATEWAY: csp
+      BATCH_INSTALL_NAME: default
+      BATCH_INSTALL_TOKEN: aqua-csp
+      SCALOCK_GATEWAY_NAME: csp
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /tmp/aqua-data:/var/lib/postgresql/data
+    ports:
+    - ${console_port}:8080/tcp
+    - 3622:3622/tcp
+    user: root

templates/aqua/1/rancher-compose.yml

@@ -0,0 +1,12 @@
+.catalog:
+  name: "aqua"
+  version: "2.6.4"
+  description: "aqua csp 2.6.4"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: console_port
+      description: "Port of the management console"
+      label: "Console Port"
+      type: "int"
+      required: true
+      default: "9090"

templates/aqua/catalogIcon-aqua.svg

@@ -0,0 +1 @@
+<svg id="_02" data-name="02" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 452 138"><defs><style>.cls-1{fill:#f1df36;}.cls-2{fill:#faaf42;}.cls-3{fill:#9ad7ec;}.cls-4{fill:#08b1d5;}.cls-5{fill:#f69421;}.cls-6{fill:#1180c4;}.cls-7{fill:#464547;}</style></defs><title>logo_aqua</title><polygon class="cls-1" points="70.65 1 35.84 35 105.45 35 105.45 1 70.65 1"/><polygon class="cls-2" points="105.45 103 140.25 69 140.25 35 105.45 35 105.45 103"/><polygon class="cls-3" points="35.84 103 35.84 137 70.65 137 105.45 103 35.84 103"/><polygon class="cls-4" points="1.05 69 1.05 103 35.84 103 35.84 35 1.05 69"/><rect class="cls-5" x="105.45" y="1" width="34.8" height="34"/><rect class="cls-6" x="1.05" y="103" width="34.8" height="34"/><path class="cls-7" d="M225,32.45A25.86,25.86,0,0,0,215.22,28a59.53,59.53,0,0,0-12.93-1.21A70,70,0,0,0,189.54,28c-4.24.79-7.54,1.52-9.82,2.18l-1.08.31v15h2.52l0.28-.12a65.57,65.57,0,0,1,11.17-3.59,45.5,45.5,0,0,1,9.61-1.23A47.4,47.4,0,0,1,209,41a12.9,12.9,0,0,1,5.15,1.78,8.09,8.09,0,0,1,3.07,3.44,14.35,14.35,0,0,1,1.14,6.25v0.92c-5.91.35-11.49,0.86-16.62,1.52a51.69,51.69,0,0,0-14.84,4,23.27,23.27,0,0,0-10.73,9,26,26,0,0,0-3.4,13.6,26.31,26.31,0,0,0,1.86,9.81,23.78,23.78,0,0,0,5,7.87,23.46,23.46,0,0,0,16.65,6.87,31.87,31.87,0,0,0,8.91-1,38,38,0,0,0,6.5-2.69,29.78,29.78,0,0,0,5.1-3.32l1.56-1.23v6.2h15.14V52.94a32.05,32.05,0,0,0-2.06-12.13A19.67,19.67,0,0,0,225,32.45ZM218.32,84a44,44,0,0,1-8,5.5,20.44,20.44,0,0,1-9.75,2.32c-4.1,0-7.21-.94-9.25-2.79s-3-4.56-3-8.3c0-3.29.89-5.75,2.73-7.53A18.22,18.22,0,0,1,198.5,69,58.31,58.31,0,0,1,209,67.13c3.59-.37,6.72-0.68,9.35-0.92V84Zm73.45-53.16a40.8,40.8,0,0,0-6.95-3,33.78,33.78,0,0,0-10.13-1.37,28.89,28.89,0,0,0-12.26,2.74A29.53,29.53,0,0,0,252.33,37a39,39,0,0,0-7.07,12.52,50.69,50.69,0,0,0-2.65,17c0,12.05,2.57,21.63,7.63,28.46a24.78,24.78,0,0,0,20.88,10.51A29.1,29.1,0,0,0,283,103.12a37.47,37.47,0,0,0,8.28-5.21v32.91h15.21V28.52h-14.1Zm-0.52,52.82a35,35,0,0,1-8.08,5.1,22.6,22.6,0,0,1-9.38,2.08c-5.33,0-9.14-2-11.64-6.13-2.61-4.31-3.94-10.63-3.94-18.8,0-8.33,1.65-14.76,4.9-19.1s7.64-6.35,13.61-6.35a30.68,30.68,0,0,1,7.43.87A39.15,39.15,0,0,1,291.25,44V83.69Zm74.16-.19A42.28,42.28,0,0,1,357,89.07a20,20,0,0,1-8.88,2.38,15.39,15.39,0,0,1-6.69-1.14A7.82,7.82,0,0,1,338,86.86a17.3,17.3,0,0,1-1.75-6.13,88,88,0,0,1-.41-9.41V28.52H320.6V77.1A41.14,41.14,0,0,0,322.4,90a24.82,24.82,0,0,0,5.16,9,20.29,20.29,0,0,0,7.89,5.32,27,27,0,0,0,9.45,1.65,26.25,26.25,0,0,0,12-2.73,50.21,50.21,0,0,0,8.54-5.63v6.34h15.21V28.52H365.41v55Zm83.48-42.68a19.67,19.67,0,0,0-6.4-8.36A25.86,25.86,0,0,0,432.7,28a59.53,59.53,0,0,0-12.93-1.21A70,70,0,0,0,407,28c-4.24.79-7.54,1.52-9.82,2.18l-1.08.31v15h2.52l0.28-.12a65.57,65.57,0,0,1,11.17-3.59,45.5,45.5,0,0,1,9.61-1.23,47.4,47.4,0,0,1,6.74.47,12.9,12.9,0,0,1,5.15,1.78,8.09,8.09,0,0,1,3.07,3.44,14.35,14.35,0,0,1,1.14,6.25v0.92c-5.91.35-11.49,0.86-16.62,1.52a51.69,51.69,0,0,0-14.84,4,23.27,23.27,0,0,0-10.73,9,26,26,0,0,0-3.4,13.6,26.31,26.31,0,0,0,1.86,9.81,23.78,23.78,0,0,0,5,7.87,23.46,23.46,0,0,0,16.65,6.87,31.87,31.87,0,0,0,8.91-1,38,38,0,0,0,6.5-2.69,29.78,29.78,0,0,0,5.1-3.32l1.56-1.23v6.2H451V52.94A32.05,32.05,0,0,0,448.89,40.81ZM435.81,84a44,44,0,0,1-8,5.5,20.44,20.44,0,0,1-9.75,2.32c-4.1,0-7.21-.94-9.25-2.79s-3-4.56-3-8.3c0-3.29.89-5.75,2.73-7.53A18.22,18.22,0,0,1,416,69a58.31,58.31,0,0,1,10.47-1.86c3.59-.37,6.72-0.68,9.35-0.92V84Z"/></svg>

templates/aqua/config.yml

@@ -0,0 +1,5 @@
+name: Aqua
+description: |
+  Aqua Container Security Platform
+version: 2.6.4
+category: Security

templates/avi/1/README.md

@@ -0,0 +1,32 @@
+Avi Vantage Platform Load Balancer Provider
+========
+
+## About Avi Vantage Platform
+The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications.
+
+## About this provider
+This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services.
+
+## Usage
+
+1. Deploy the stack for this provider from Rancher Community Catalog.
+   While deploying, you need to give the username, password (optional,
+   read below), Avi Controller IP address, Avi Controller Port, the
+   Cloud name where Virtual Services and Pools are created.
+2. Create Virtual Services using Avi Controller console. Make sure you
+   create VS in given cloud in Avi. Leave the Virtual Service pool as
+   empty. Configure any policies or rules for Virtual Service.
+3. Create services in Rancher with public host port mapping and adding
+   label `io.rancher.service.external_lb.endpoint` with value as Virtual
+   Service name created in previous step. You can scale out/in the
+   service or stop the service and the changes will get reflected on Avi
+   Controller and Service Engine.
+
+### Using Rancher Secrets for Avi Password
+
+Optionally, you can use the Rancher Secrets to pass the Avi controller
+password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "avi-creds".
+3. While deploying the Avi provider stack, use the "avi-creds" secret
+   for Avi Provider service.

templates/avi/1/docker-compose.yml

@@ -0,0 +1,16 @@
+avi:
+  image: rancher/external-lb:v0.3.4
+  command: -provider=Avi
+  expose: 
+   - 1000
+  environment:
+    AVI_USER: ${AVI_USER}
+    AVI_PASSWORD: ${AVI_PASSWORD}
+    AVI_CONTROLLER_ADDR: ${AVI_CONTROLLER_ADDR}
+    AVI_CONTROLLER_PORT: ${AVI_CONTROLLER_PORT}
+    AVI_SSL_VERIFY: ${AVI_SSL_VERIFY}
+    AVI_CLOUD_NAME: ${AVI_CLOUD_NAME}
+    LB_TARGET_RANCHER_SUFFIX: ${LB_TARGET_RANCHER_SUFFIX}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-lb"

templates/avi/1/rancher-compose.yml

@@ -0,0 +1,52 @@
+.catalog:
+  name: Avi Vantange Platform Load Balancer
+  version: "v0.3.4-rancher1"
+  description: "External LB service powered by Avi Vantage Platform"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: "AVI_USER"
+      label: "Avi account username"
+      description: "User name for your account on Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_PASSWORD"
+      label: "Avi user account password"
+      description: "Password for your account on Avi Controller"
+      type: "string"
+      required: false
+    - variable: "AVI_CONTROLLER_ADDR"
+      label: "Avi Controller IP Address"
+      description: "IP Address of the Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_CONTROLLER_PORT"
+      label: "Avi Controller Port (Optional)"
+      description: "Port on which Avi Controller is listening for API requests"
+      type: "string"
+      required: false
+    - variable: "AVI_CLOUD_NAME"
+      label: "Avi Cloud Name (Optional)"
+      description: "Name of Avi Cloud in which Virtual Services are created"
+      required: false
+      type: "string"
+    - variable: "AVI_SSL_VERIFY"
+      label: "Avi SSL Verify (Optional)"
+      description: "SSL certificate validation while connecting to Avi Controller"
+      required: false
+      type: "boolean"
+      default: false
+    - variable: "LB_TARGET_RANCHER_SUFFIX"
+      label: "Avi pool name suffix"
+      description: "Pool names in Avi created/updated by Rancher will have this suffix"
+      type: "string"
+      required: true
+      default: rancher.internal
+
+avi:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

templates/avi/2/README.md

@@ -0,0 +1,29 @@
+Avi Vantage Platform Load Balancer Provider
+========
+
+## About Avi Vantage Platform
+The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications.
+
+## About this provider
+This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services.
+
+## Usage
+
+1. Deploy the stack for this provider from Rancher Community Catalog.
+   While deploying, you need to give the username, password,
+   Avi Controller IP address, Avi Controller Port, the Cloud name
+   where Virtual Services and Pools are created.
+2. Create services in Rancher with public host port mapping and corresponding
+   Virtual services are created in Avi. All CRUD operations on services get
+   reflected in Avi Controller and Service Engine.
+3. You can scale out/in the service and the changes will get reflected on
+   Avi Controller and Service Engine.
+
+### Using Rancher Secrets for Avi Password
+
+Optionally, you can use the Rancher Secrets to pass the Avi controller
+password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "avi-creds".
+3. While deploying the Avi provider stack, use the "avi-creds" secret
+   for Avi Provider service.