andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  argo/argo-cd:
    - 5.19.15
  bitnami/mariadb:
    - 11.4.6
  bitnami/redis:
    - 17.7.2
  bitnami/tomcat:
    - 10.5.14
  bitnami/wordpress:
    - 15.2.38
  clastix/kamaji:
    - 0.11.0
  datadog/datadog:
    - 3.10.5
  hashicorp/consul:
    - 1.0.3
  intel/intel-device-plugins-operator:
    - 0.26.0
  jenkins/jenkins:
    - 4.3.1
  kong/kong:
    - 2.16.1
  nats/nats:
    - 0.19.8
  redpanda/redpanda:
    - 2.8.0
  speedscale/speedscale-operator:
    - 1.2.20
  yugabyte/yugabyte:
    - 2.16.1
  yugabyte/yugaware:
    - 2.16.1
```
pull/659/head
github-actions[bot] 2023-02-07 14:35:29 +00:00
parent 7083bad327
commit 0b1275fb10
148 changed files with 4440 additions and 3336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/argo/argo-cd-5.19.15.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-11.4.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-17.7.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.5.14.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.38.tgz Normal file
View File

Binary file not shown.

BIN
assets/clastix/kamaji-0.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.10.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/hashicorp/consul-1.0.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/intel/intel-device-plugins-operator-0.26.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/jenkins/jenkins-4.3.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.16.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/nats/nats-0.19.8.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-2.8.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.2.20.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugabyte-2.16.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/yugabyte/yugaware-2.16.1.tgz Normal file
View File

Binary file not shown.

8
charts/argo/argo-cd/Chart.yaml
View File

@ -1,13 +1,13 @@
annotations: annotations:
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: added
description: Align changelog structure to show changelogs on Artifact Hub description: Configurable dnsPolicy / hostNetwork
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: argo-cd catalog.cattle.io/release-name: argo-cd
apiVersion: v2 apiVersion: v2
appVersion: v2.5.9 appVersion: v2.5.10
dependencies: dependencies:
- condition: redis-ha.enabled - condition: redis-ha.enabled
name: redis-ha name: redis-ha
@ -29,4 +29,4 @@ name: argo-cd
sources: sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-cd
version: 5.19.12 version: 5.19.15

6
charts/argo/argo-cd/README.md
View File

@ -464,10 +464,12 @@ NAME: my-release
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
| controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerPorts.metrics | int | `8082` | Metrics container port |
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
| controller.env | list | `[]` | Environment variables to pass to application controller | | controller.env | list | `[]` | Environment variables to pass to application controller |
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | | controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller |
@ -543,10 +545,12 @@ NAME: my-release
| repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerPorts.server | int | `8081` | Repo server container port |
| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context |
| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment |
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
| repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server |
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | | repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server |
| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | | repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server |
| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server |
@ -643,6 +647,7 @@ NAME: my-release
| server.containerPorts.server | int | `8080` | Server container port | | server.containerPorts.server | int | `8080` | Server container port |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
| server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.env | list | `[]` | Environment variables to pass to Argo CD server |
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
@ -653,6 +658,7 @@ NAME: my-release
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
| server.hostNetwork | bool | `false` | Host Network for Server pods |
| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server |
| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server |
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |

2
charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml
View File

@ -312,3 +312,5 @@ spec:
{{- with .Values.controller.priorityClassName }} {{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}

2
charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -356,3 +356,5 @@ spec:
{{- with .Values.repoServer.priorityClassName }} {{- with .Values.repoServer.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
hostNetwork: {{ .Values.repoServer.hostNetwork }}
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}

2
charts/argo/argo-cd/templates/argocd-server/deployment.yaml
View File

@ -415,3 +415,5 @@ spec:
{{- with .Values.server.priorityClassName }} {{- with .Values.server.priorityClassName }}
priorityClassName: {{ . }} priorityClassName: {{ . }}
{{- end }} {{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
dnsPolicy: {{ .Values.server.dnsPolicy }}

2
charts/argo/argo-cd/templates/redis/pdb.yaml
View File

@ -16,7 +16,7 @@ metadata:
{{- end }} {{- end }}
{{- end }} {{- end }}
spec: spec:
{{- with .Values.dex.pdb.maxUnavailable }} {{- with .Values.redis.pdb.maxUnavailable }}
maxUnavailable: {{ . }} maxUnavailable: {{ . }}
{{- else }} {{- else }}
minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }}

18
charts/argo/argo-cd/values.yaml
View File

@ -580,6 +580,12 @@ controller:
# -- Metrics container port # -- Metrics container port
metrics: 8082 metrics: 8082
# -- Host Network for application controller pods
hostNetwork: false
# -- Alternative DNS policy for application controller pods
dnsPolicy: "ClusterFirst"
# -- Application controller container-level security context # -- Application controller container-level security context
# @default -- See [values.yaml] # @default -- See [values.yaml]
containerSecurityContext: containerSecurityContext:
@ -1448,6 +1454,12 @@ server:
# -- Metrics container port # -- Metrics container port
metrics: 8082 metrics: 8082
# -- Host Network for Server pods
hostNetwork: false
# -- Alternative DNS policy for Server pods
dnsPolicy: "ClusterFirst"
# -- Server container-level security context # -- Server container-level security context
# @default -- See [values.yaml] # @default -- See [values.yaml]
containerSecurityContext: containerSecurityContext:
@ -1931,6 +1943,12 @@ repoServer:
# -- Metrics container port # -- Metrics container port
metrics: 8084 metrics: 8084
# -- Host Network for Repo server pods
hostNetwork: false
# -- Alternative DNS policy for Repo server pods
dnsPolicy: "ClusterFirst"
# -- Repo server container-level security context # -- Repo server container-level security context
# @default -- See [values.yaml] # @default -- See [values.yaml]
containerSecurityContext: containerSecurityContext:

4
charts/bitnami/mariadb/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
category: Database category: Database
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 10.6.11 appVersion: 10.6.12
dependencies: dependencies:
- name: common - name: common
repository: file://./charts/common repository: file://./charts/common
@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter - https://github.com/prometheus/mysqld_exporter
- https://mariadb.org - https://mariadb.org
version: 11.4.5 version: 11.4.6

50
charts/bitnami/mariadb/README.md
View File

@ -83,28 +83,28 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters ### MariaDB common parameters
| Name | Description | Value | | Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MariaDB image registry | `docker.io` | | `image.registry` | MariaDB image registry | `docker.io` |
| `image.repository` | MariaDB image repository | `bitnami/mariadb` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` |
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.11-debian-11-r22` | | `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r0` |
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` | | `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | | `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | | `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
| `auth.database` | Name for a custom database to create | `my_database` | | `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` | | `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | | `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MariaDB replication user | `replicator` | | `auth.replicationUser` | MariaDB replication user | `replicator` |
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` | | `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` | | `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
| `auth.forcePassword` | Force users to specify required passwords | `false` | | `auth.forcePassword` | Force users to specify required passwords | `false` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` | | `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | | `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` | | `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | | `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters ### MariaDB Primary parameters
@ -311,7 +311,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r71` | | `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r80` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -326,7 +326,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` | | `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r86` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -551,7 +551,7 @@ $ kubectl delete statefulset opencart-mariadb --cascade=false
## License ## License
Copyright © 2022 Bitnami Copyright © 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

6
charts/bitnami/mariadb/values.yaml
View File

@ -81,7 +81,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/mariadb repository: bitnami/mariadb
tag: 10.6.11-debian-11-r22 tag: 10.6.12-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -989,7 +989,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/bitnami-shell repository: bitnami/bitnami-shell
tag: 11-debian-11-r71 tag: 11-debian-11-r80
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@ -1025,7 +1025,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/mysqld-exporter repository: bitnami/mysqld-exporter
tag: 0.14.0-debian-11-r77 tag: 0.14.0-debian-11-r86
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

2
charts/bitnami/redis/Chart.yaml
View File

@ -28,4 +28,4 @@ maintainers:
name: redis name: redis
sources: sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis - https://github.com/bitnami/containers/tree/main/bitnami/redis
version: 17.6.0 version: 17.7.2

3
charts/bitnami/redis/README.md
View File

@ -89,6 +89,7 @@ The command removes all the Kubernetes components associated with the chart and
| `secretAnnotations` | Annotations to add to secret | `{}` | | `secretAnnotations` | Annotations to add to secret | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | | `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `useHostnames` | Use hostnames internally when announcing replication | `true` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
@ -934,7 +935,7 @@ $ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "re
## License ## License
Copyright © 2022 Bitnami Copyright © 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

2
charts/bitnami/redis/templates/master/service.yaml
View File

@ -30,7 +30,7 @@ spec:
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }} {{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }} {{- end }}
{{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }}
clusterIP: {{ .Values.master.service.clusterIP }} clusterIP: {{ .Values.master.service.clusterIP }}

2
charts/bitnami/redis/templates/replicas/service.yaml
View File

@ -30,7 +30,7 @@ spec:
loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
{{- end }} {{- end }}
{{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }} {{- end }}
{{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }}
clusterIP: {{ .Values.replica.service.clusterIP }} clusterIP: {{ .Values.replica.service.clusterIP }}

62
charts/bitnami/redis/templates/scripts-configmap.yaml
View File

@ -44,11 +44,17 @@ data:
hostname="$1" hostname="$1"
{{- if .Values.useExternalDNS.enabled }} {{- if .Values.useExternalDNS.enabled }}
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }} {{- else if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}" full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }} {{- else }}
echo "${hostname}.${HEADLESS_SERVICE}" full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
{{- if .Values.useHostnames }}
echo "${full_hostname}"
{{- else }}
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
{{- end }} {{- end }}
} }
@ -262,11 +268,17 @@ data:
hostname="$1" hostname="$1"
{{- if .Values.useExternalDNS.enabled }} {{- if .Values.useExternalDNS.enabled }}
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }} {{- else if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}" full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }} {{- else }}
echo "${hostname}.${HEADLESS_SERVICE}" full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
{{- if .Values.useHostnames }}
echo "${full_hostname}"
{{- else }}
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
{{- end }} {{- end }}
} }
@ -426,13 +438,20 @@ data:
hostname="$1" hostname="$1"
{{- if .Values.useExternalDNS.enabled }} {{- if .Values.useExternalDNS.enabled }}
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }} {{- else if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}" full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }} {{- else }}
echo "${hostname}.${HEADLESS_SERVICE}" full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
{{- if .Values.useHostnames }}
echo "${full_hostname}"
{{- else }}
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
{{- end }} {{- end }}
} }
run_sentinel_command() { run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
@ -492,13 +511,20 @@ data:
hostname="$1" hostname="$1"
{{- if .Values.useExternalDNS.enabled }} {{- if .Values.useExternalDNS.enabled }}
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }} {{- else if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}" full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }} {{- else }}
echo "${hostname}.${HEADLESS_SERVICE}" full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
{{- if .Values.useHostnames }}
echo "${full_hostname}"
{{- else }}
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
{{- end }} {{- end }}
} }
run_sentinel_command() { run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
@ -614,11 +640,17 @@ data:
hostname="$1" hostname="$1"
{{- if .Values.useExternalDNS.enabled }} {{- if .Values.useExternalDNS.enabled }}
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
{{- else if eq .Values.sentinel.service.type "NodePort" }} {{- else if eq .Values.sentinel.service.type "NodePort" }}
echo "${hostname}.{{- .Release.Namespace }}" full_hostname="${hostname}.{{- .Release.Namespace }}"
{{- else }} {{- else }}
echo "${hostname}.${HEADLESS_SERVICE}" full_hostname="${hostname}.${HEADLESS_SERVICE}"
{{- end }}
{{- if .Values.useHostnames }}
echo "${full_hostname}"
{{- else }}
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
{{- end }} {{- end }}
} }

2
charts/bitnami/redis/templates/sentinel/service.yaml
View File

@ -38,7 +38,7 @@ spec:
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
{{- end }} {{- end }}
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }} {{- end }}
{{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }}
clusterIP: {{ .Values.sentinel.service.clusterIP }} clusterIP: {{ .Values.sentinel.service.clusterIP }}

9
charts/bitnami/redis/templates/tls-secret.yaml
View File

@ -1,6 +1,5 @@
{{- if (include "redis.createTlsSecret" .) }} {{- if (include "redis.createTlsSecret" .) }}
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }}
{{- $ca := genCA "redis-ca" 365 }} {{- $ca := genCA "redis-ca" 365 }}
{{- $releaseNamespace := .Release.Namespace }} {{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }} {{- $clusterDomain := .Values.clusterDomain }}
@ -9,7 +8,7 @@
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
{{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }} {{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }}
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} {{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -24,7 +23,7 @@ metadata:
{{- end }} {{- end }}
type: kubernetes.io/tls type: kubernetes.io/tls
data: data:
ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }} tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }} tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }} ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }} {{- end }}

3
charts/bitnami/redis/values.yaml
View File

@ -47,6 +47,9 @@ clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release ## @param extraDeploy Array of extra objects to deploy with the release
## ##
extraDeploy: [] extraDeploy: []
## @param useHostnames Use hostnames internally when announcing replication
###
useHostnames: true
## Enable diagnostic mode in the deployment ## Enable diagnostic mode in the deployment
## ##

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -32,4 +32,4 @@ name: tomcat
sources: sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat - https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org - http://tomcat.apache.org
version: 10.5.13 version: 10.5.14

4
charts/bitnami/tomcat/README.md
View File

@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- | | ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
| `image.registry` | Tomcat image registry | `docker.io` | | `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` | | `image.repository` | Tomcat image repository | `bitnami/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r11` | | `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r12` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | | `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r44` | | `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r45` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

4
charts/bitnami/tomcat/values.yaml
View File

@ -58,7 +58,7 @@ extraDeploy: []
image: image:
registry: docker.io registry: docker.io
repository: bitnami/tomcat repository: bitnami/tomcat
tag: 10.1.5-debian-11-r11 tag: 10.1.5-debian-11-r12
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -636,7 +636,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/jmx-exporter repository: bitnami/jmx-exporter
tag: 0.17.2-debian-11-r44 tag: 0.17.2-debian-11-r45
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

2
charts/bitnami/wordpress/Chart.yaml
View File

@ -41,4 +41,4 @@ name: wordpress
sources: sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/ - https://wordpress.org/
version: 15.2.37 version: 15.2.38

4
charts/bitnami/wordpress/README.md
View File

@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` | | `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` | | `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r39` | | `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r40` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` | | `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -257,7 +257,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r78` | | `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r79` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |

4
charts/bitnami/wordpress/values.yaml
View File

@ -73,7 +73,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/wordpress repository: bitnami/wordpress
tag: 6.1.1-debian-11-r39 tag: 6.1.1-debian-11-r40
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -759,7 +759,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/bitnami-shell repository: bitnami/bitnami-shell
tag: 11-debian-11-r78 tag: 11-debian-11-r79
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.

23
charts/clastix/kamaji/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

4
charts/clastix/kamaji/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: kamaji catalog.cattle.io/release-name: kamaji
apiVersion: v2 apiVersion: v2
appVersion: v0.1.1 appVersion: v0.2.0
description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service
with a fraction of the operational burden. With Kamaji, you can deploy and operate with a fraction of the operational burden. With Kamaji, you can deploy and operate
hundreds of Kubernetes clusters as a hyper-scaler. hundreds of Kubernetes clusters as a hyper-scaler.
@ -24,4 +24,4 @@ name: kamaji
sources: sources:
- https://github.com/clastix/kamaji - https://github.com/clastix/kamaji
type: application type: application
version: 0.10.2 version: 0.11.0

8
charts/clastix/kamaji/README.md
View File

@ -1,6 +1,6 @@
# kamaji # kamaji
![Version: 0.10.2](https://img.shields.io/badge/Version-0.10.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.1](https://img.shields.io/badge/AppVersion-v0.1.1-informational?style=flat-square) ![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
@ -67,7 +67,6 @@ Here the values you can override:
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods | | affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods |
| configPath | string | `"./kamaji.yaml"` | Configuration file path alternative. (default "./kamaji.yaml") |
| datastore.basicAuth.passwordSecret.keyPath | string | `nil` | The Secret key where the data is stored. | | datastore.basicAuth.passwordSecret.keyPath | string | `nil` | The Secret key where the data is stored. |
| datastore.basicAuth.passwordSecret.name | string | `nil` | The name of the Secret containing the password used to connect to the relational database. | | datastore.basicAuth.passwordSecret.name | string | `nil` | The name of the Secret containing the password used to connect to the relational database. |
| datastore.basicAuth.passwordSecret.namespace | string | `nil` | The namespace of the Secret containing the password used to connect to the relational database. | | datastore.basicAuth.passwordSecret.namespace | string | `nil` | The namespace of the Secret containing the password used to connect to the relational database. |
@ -91,7 +90,7 @@ Here the values you can override:
| datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | | datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. |
| etcd.compactionInterval | int | `0` | ETCD Compaction interval (e.g. "5m0s"). (default: "0" (disabled)) | | etcd.compactionInterval | int | `0` | ETCD Compaction interval (e.g. "5m0s"). (default: "0" (disabled)) |
| etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji | | etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji |
| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.4"}` | Install specific etcd image | | etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.6"}` | Install specific etcd image |
| etcd.livenessProbe | object | `{"failureThreshold":8,"httpGet":{"path":"/health?serializable=true","port":2381,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":15}` | The livenessProbe for the etcd container | | etcd.livenessProbe | object | `{"failureThreshold":8,"httpGet":{"path":"/health?serializable=true","port":2381,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":15}` | The livenessProbe for the etcd container |
| etcd.overrides.caSecret.name | string | `"etcd-certs"` | Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") | | etcd.overrides.caSecret.name | string | `"etcd-certs"` | Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") |
| etcd.overrides.caSecret.namespace | string | `"kamaji-system"` | Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") | | etcd.overrides.caSecret.namespace | string | `"kamaji-system"` | Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") |
@ -126,11 +125,10 @@ Here the values you can override:
| resources.requests.cpu | string | `"100m"` | | | resources.requests.cpu | string | `"100m"` | |
| resources.requests.memory | string | `"20Mi"` | | | resources.requests.memory | string | `"20Mi"` | |
| securityContext | object | `{"allowPrivilegeEscalation":false}` | The securityContext to apply to the Kamaji controller container only. It does not apply to the Kamaji RBAC proxy container. | | securityContext | object | `{"allowPrivilegeEscalation":false}` | The securityContext to apply to the Kamaji controller container only. It does not apply to the Kamaji RBAC proxy container. |
| service.port | int | `8443` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | | | serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `"kamaji-controller-manager"` | | | serviceAccount.name | string | `"kamaji-controller-manager"` | |
| serviceMonitor.enabled | bool | `false` | Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured |
| temporaryDirectoryPath | string | `"/tmp/kamaji"` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") | | temporaryDirectoryPath | string | `"/tmp/kamaji"` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") |
| tolerations | list | `[]` | Kubernetes node taints that the Kamaji controller pods would tolerate | | tolerations | list | `[]` | Kubernetes node taints that the Kamaji controller pods would tolerate |

473
charts/clastix/kamaji/crds/datastore.yaml
View File

@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: datastores.kamaji.clastix.io name: datastores.kamaji.clastix.io
spec: spec:
group: kamaji.clastix.io group: kamaji.clastix.io
@ -15,254 +15,225 @@ spec:
singular: datastore singular: datastore
scope: Cluster scope: Cluster
versions: versions:
- additionalPrinterColumns: - additionalPrinterColumns:
- description: Kamaji data store driver - description: Kamaji data store driver
jsonPath: .spec.driver jsonPath: .spec.driver
name: Driver name: Driver
type: string type: string
- description: Age - description: Age
jsonPath: .metadata.creationTimestamp jsonPath: .metadata.creationTimestamp
name: Age name: Age
type: date type: date
name: v1alpha1 name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: DataStore is the Schema for the datastores API. description: DataStore is the Schema for the datastores API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
of an object. Servers should convert recognized schemas to the latest type: string
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind:
type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
kind: type: string
description: 'Kind is a string value representing the REST resource this metadata:
object represents. Servers may infer this from the endpoint the client type: object
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' spec:
type: string description: DataStoreSpec defines the desired state of DataStore.
metadata: properties:
type: object basicAuth:
spec: description: In case of authentication enabled for the given data store, specifies the username and password pair. This value is optional.
description: DataStoreSpec defines the desired state of DataStore. properties:
properties: password:
basicAuth: properties:
description: In case of authentication enabled for the given data content:
store, specifies the username and password pair. This value is optional. description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
properties: format: byte
password: type: string
properties: secretReference:
content: properties:
description: Bare content of the file, base64 encoded. It keyPath:
has precedence over the SecretReference value. description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
format: byte minLength: 1
type: string type: string
secretReference: name:
properties: description: name is unique within a namespace to reference a secret resource.
keyPath: type: string
description: Name of the key for the given Secret reference namespace:
where the content is stored. This value is mandatory. description: namespace defines the space within which the secret name must be unique.
type: string type: string
name: required:
description: name is unique within a namespace to reference - keyPath
a secret resource. type: object
type: string x-kubernetes-map-type: atomic
namespace: type: object
description: namespace defines the space within which username:
the secret name must be unique. properties:
type: string content:
required: description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
- keyPath format: byte
type: object type: string
x-kubernetes-map-type: atomic secretReference:
type: object properties:
username: keyPath:
properties: description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
content: minLength: 1
description: Bare content of the file, base64 encoded. It type: string
has precedence over the SecretReference value. name:
format: byte description: name is unique within a namespace to reference a secret resource.
type: string type: string
secretReference: namespace:
properties: description: namespace defines the space within which the secret name must be unique.
keyPath: type: string
description: Name of the key for the given Secret reference required:
where the content is stored. This value is mandatory. - keyPath
type: string type: object
name: x-kubernetes-map-type: atomic
description: name is unique within a namespace to reference type: object
a secret resource. required:
type: string - password
namespace: - username
description: namespace defines the space within which type: object
the secret name must be unique. driver:
type: string description: The driver to use to connect to the shared datastore.
required: enum:
- keyPath - etcd
type: object - MySQL
x-kubernetes-map-type: atomic - PostgreSQL
type: object
required:
- password
- username
type: object
driver:
description: The driver to use to connect to the shared datastore.
type: string
endpoints:
description: List of the endpoints to connect to the shared datastore.
No need for protocol, just bare IP/FQDN and port.
items:
type: string type: string
type: array endpoints:
tlsConfig: description: List of the endpoints to connect to the shared datastore. No need for protocol, just bare IP/FQDN and port.
description: Defines the TLS/SSL configuration required to connect items:
to the data store in a secure way. type: string
properties: minItems: 1
certificateAuthority: type: array
description: Retrieve the Certificate Authority certificate and tlsConfig:
private key, such as bare content of the file, or a SecretReference. description: Defines the TLS/SSL configuration required to connect to the data store in a secure way.
The key reference is required since etcd authentication is based properties:
on certificates, and Kamaji is responsible in creating this. certificateAuthority:
properties: description: Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference. The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this.
certificate: properties:
properties: certificate:
content: properties:
description: Bare content of the file, base64 encoded. content:
It has precedence over the SecretReference value. description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
format: byte format: byte
type: string type: string
secretReference: secretReference:
properties: properties:
keyPath: keyPath:
description: Name of the key for the given Secret description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
reference where the content is stored. This value minLength: 1
is mandatory. type: string
type: string name:
name: description: name is unique within a namespace to reference a secret resource.
description: name is unique within a namespace to type: string
reference a secret resource. namespace:
type: string description: namespace defines the space within which the secret name must be unique.
namespace: type: string
description: namespace defines the space within which required:
the secret name must be unique. - keyPath
type: string type: object
required: x-kubernetes-map-type: atomic
- keyPath type: object
type: object privateKey:
x-kubernetes-map-type: atomic properties:
type: object content:
privateKey: description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
properties: format: byte
content: type: string
description: Bare content of the file, base64 encoded. secretReference:
It has precedence over the SecretReference value. properties:
format: byte keyPath:
type: string description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
secretReference: minLength: 1
properties: type: string
keyPath: name:
description: Name of the key for the given Secret description: name is unique within a namespace to reference a secret resource.
reference where the content is stored. This value type: string
is mandatory. namespace:
type: string description: namespace defines the space within which the secret name must be unique.
name: type: string
description: name is unique within a namespace to required:
reference a secret resource. - keyPath
type: string type: object
namespace: x-kubernetes-map-type: atomic
description: namespace defines the space within which type: object
the secret name must be unique. required:
type: string - certificate
required: type: object
- keyPath clientCertificate:
type: object description: Specifies the SSL/TLS key and private key pair used to connect to the data store.
x-kubernetes-map-type: atomic properties:
type: object certificate:
required: properties:
- certificate content:
type: object description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
clientCertificate: format: byte
description: Specifies the SSL/TLS key and private key pair used type: string
to connect to the data store. secretReference:
properties: properties:
certificate: keyPath:
properties: description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
content: minLength: 1
description: Bare content of the file, base64 encoded. type: string
It has precedence over the SecretReference value. name:
format: byte description: name is unique within a namespace to reference a secret resource.
type: string type: string
secretReference: namespace:
properties: description: namespace defines the space within which the secret name must be unique.
keyPath: type: string
description: Name of the key for the given Secret required:
reference where the content is stored. This value - keyPath
is mandatory. type: object
type: string x-kubernetes-map-type: atomic
name: type: object
description: name is unique within a namespace to privateKey:
reference a secret resource. properties:
type: string content:
namespace: description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
description: namespace defines the space within which format: byte
the secret name must be unique. type: string
type: string secretReference:
required: properties:
- keyPath keyPath:
type: object description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
x-kubernetes-map-type: atomic minLength: 1
type: object type: string
privateKey: name:
properties: description: name is unique within a namespace to reference a secret resource.
content: type: string
description: Bare content of the file, base64 encoded. namespace:
It has precedence over the SecretReference value. description: namespace defines the space within which the secret name must be unique.
format: byte type: string
type: string required:
secretReference: - keyPath
properties: type: object
keyPath: x-kubernetes-map-type: atomic
description: Name of the key for the given Secret type: object
reference where the content is stored. This value required:
is mandatory. - certificate
type: string - privateKey
name: type: object
description: name is unique within a namespace to required:
reference a secret resource. - certificateAuthority
type: string - clientCertificate
namespace: type: object
description: namespace defines the space within which required:
the secret name must be unique. - driver
type: string - endpoints
required: - tlsConfig
- keyPath type: object
type: object status:
x-kubernetes-map-type: atomic description: DataStoreStatus defines the observed state of DataStore.
type: object properties:
required: usedBy:
- certificate description: List of the Tenant Control Planes, namespaced named, using this data store.
- privateKey items:
type: object type: string
required: type: array
- certificateAuthority type: object
- clientCertificate type: object
type: object served: true
required: storage: true
- driver subresources:
- endpoints status: {}
- tlsConfig
type: object
status:
description: DataStoreStatus defines the observed state of DataStore.
properties:
usedBy:
description: List of the Tenant Control Planes, namespaced named,
using this data store.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

4165
charts/clastix/kamaji/crds/tenantcontrolplane.yaml
View File

File diff suppressed because it is too large Load Diff

28
charts/clastix/kamaji/templates/_helpers.tpl
View File

@ -61,3 +61,31 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Create the name of the Service to user for webhooks
*/}}
{{- define "kamaji.webhookServiceName" -}}
{{- printf "%s-webhook-service" (include "kamaji.fullname" .) }}
{{- end }}
{{/*
Create the name of the Service to user for metrics
*/}}
{{- define "kamaji.metricsServiceName" -}}
{{- printf "%s-metrics-service" (include "kamaji.fullname" .) }}
{{- end }}
{{/*
Create the name of the cert-manager secret
*/}}
{{- define "kamaji.webhookSecretName" -}}
{{- printf "%s-webhook-server-cert" (include "kamaji.fullname" .) }}
{{- end }}
{{/*
Create the name of the cert-manager Certificate
*/}}
{{- define "kamaji.certificateName" -}}
{{- printf "%s-serving-cert" (include "kamaji.fullname" .) }}
{{- end }}

16
charts/clastix/kamaji/templates/certmanager_certificate.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/component: certificate
name: {{ include "kamaji.certificateName" . }}
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc
- {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: kamaji-selfsigned-issuer
secretName: {{ include "kamaji.webhookSecretName" . }}

10
charts/clastix/kamaji/templates/certmanager_issuer.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/component: issuer
name: kamaji-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}

44
charts/clastix/kamaji/templates/controller.yaml
View File

@ -28,18 +28,7 @@ spec:
serviceAccountName: {{ include "kamaji.serviceAccountName" . }} serviceAccountName: {{ include "kamaji.serviceAccountName" . }}
containers: containers:
- args: - args:
- --secure-listen-address=0.0.0.0:8443 - manager
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
- args:
- --config-file={{ .Values.configPath }}
- --health-probe-bind-address={{ .Values.healthProbeBindAddress }} - --health-probe-bind-address={{ .Values.healthProbeBindAddress }}
- --leader-elect - --leader-elect
- --metrics-bind-address={{ .Values.metricsBindAddress }} - --metrics-bind-address={{ .Values.metricsBindAddress }}
@ -52,7 +41,16 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
command: command:
- /manager - /kamaji
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.livenessProbe }} {{- with .Values.livenessProbe }}
@ -61,6 +59,12 @@ spec:
{{- end }} {{- end }}
name: manager name: manager
ports: ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 8080
name: metrics
protocol: TCP
- containerPort: 8081 - containerPort: 8081
name: healthcheck name: healthcheck
protocol: TCP protocol: TCP
@ -72,7 +76,21 @@ spec:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
volumes:
- name: tmp
emptyDir:
medium: Memory
- name: cert
secret:
defaultMode: 420
secretName: {{ include "kamaji.webhookSecretName" . }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

9
charts/clastix/kamaji/templates/datastore.yaml
View File

@ -2,6 +2,8 @@ apiVersion: kamaji.clastix.io/v1alpha1
kind: DataStore kind: DataStore
metadata: metadata:
name: {{ include "datastore.fullname" . }} name: {{ include "datastore.fullname" . }}
annotations:
"helm.sh/hook": pre-install
labels: labels:
{{- include "datastore.labels" . | nindent 4 }} {{- include "datastore.labels" . | nindent 4 }}
spec: spec:
@ -10,7 +12,12 @@ spec:
{{- include "datastore.endpoints" . | indent 4 }} {{- include "datastore.endpoints" . | indent 4 }}
{{- if (and .Values.datastore.basicAuth.usernameSecret.name .Values.datastore.basicAuth.passwordSecret.name) }} {{- if (and .Values.datastore.basicAuth.usernameSecret.name .Values.datastore.basicAuth.passwordSecret.name) }}
basicAuth: basicAuth:
{{- .Values.datastore.basicAuth | toYaml | nindent 4 }} username:
secretReference:
{{- .Values.datastore.basicAuth.usernameSecret | toYaml | nindent 8 }}
password:
secretReference:
{{- .Values.datastore.basicAuth.passwordSecret | toYaml | nindent 8 }}
{{- end }} {{- end }}
tlsConfig: tlsConfig:
certificateAuthority: certificateAuthority:

50
charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }}
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/instance: mutating-webhook-configuration
name: kamaji-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-kamaji-clastix-io-v1alpha1-datastore
failurePolicy: Fail
name: mdatastore.kb.io
rules:
- apiGroups:
- kamaji.clastix.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- datastores
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-kamaji-clastix-io-v1alpha1-tenantcontrolplane
failurePolicy: Fail
name: mtenantcontrolplane.kb.io
rules:
- apiGroups:
- kamaji.clastix.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- tenantcontrolplanes
sideEffects: None

16
charts/clastix/kamaji/templates/rbac.yaml
View File

@ -66,6 +66,16 @@ rules:
- patch - patch
- update - update
- watch - watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -114,12 +124,6 @@ rules:
- patch - patch
- update - update
- watch - watch
- apiGroups:
- kamaji.clastix.io
resources:
- datastores/finalizers
verbs:
- update
- apiGroups: - apiGroups:
- kamaji.clastix.io - kamaji.clastix.io
resources: resources:

12
charts/clastix/kamaji/templates/service.yaml → charts/clastix/kamaji/templates/service_metrics.yaml
View File

@ -1,16 +1,16 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "kamaji.fullname" . }}
labels: labels:
{{- include "kamaji.labels" . | nindent 4 }} {{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/component: metrics
name: {{ include "kamaji.metricsServiceName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
type: {{ .Values.service.type }}
ports: ports:
- name: https - port: 8080
port: {{ .Values.service.port }} name: metrics
protocol: TCP protocol: TCP
targetPort: https targetPort: metrics
selector: selector:
{{- include "kamaji.selectorLabels" . | nindent 4 }} {{- include "kamaji.selectorLabels" . | nindent 4 }}

17
charts/clastix/kamaji/templates/service_webhook.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: webhook-service
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 443
protocol: TCP
name: webhook-server
targetPort: webhook-server
selector:
{{- include "kamaji.selectorLabels" . | nindent 4 }}

21
charts/clastix/kamaji/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/component: servicemonitor
name: {{ include "kamaji.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
endpoints:
- path: /metrics
port: metrics
scheme: http
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "kamaji.name" . }}
{{- end }}

70
charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }}
labels:
{{- include "kamaji.labels" . | nindent 4 }}
app.kubernetes.io/instance: validating-webhook-configuration
name: kamaji-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate--v1-secret
failurePolicy: Ignore
name: vdatastoresecrets.kb.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- secrets
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-kamaji-clastix-io-v1alpha1-datastore
failurePolicy: Fail
name: vdatastore.kb.io
rules:
- apiGroups:
- kamaji.clastix.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- datastores
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "kamaji.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-kamaji-clastix-io-v1alpha1-tenantcontrolplane
failurePolicy: Fail
name: vtenantcontrolplane.kb.io
rules:
- apiGroups:
- kamaji.clastix.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- tenantcontrolplanes
sideEffects: None

12
charts/clastix/kamaji/values.yaml
View File

@ -15,8 +15,10 @@ image:
# -- A list of extra arguments to add to the kamaji controller default ones # -- A list of extra arguments to add to the kamaji controller default ones
extraArgs: [] extraArgs: []
# -- Configuration file path alternative. (default "./kamaji.yaml")
configPath: "./kamaji.yaml" serviceMonitor:
# -- Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
enabled: false
etcd: etcd:
# -- Install an etcd with enabled multi-tenancy along with Kamaji # -- Install an etcd with enabled multi-tenancy along with Kamaji
@ -31,7 +33,7 @@ etcd:
# -- Install specific etcd image # -- Install specific etcd image
image: image:
repository: quay.io/coreos/etcd repository: quay.io/coreos/etcd
tag: "v3.5.4" tag: "v3.5.6"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# -- The livenessProbe for the etcd container # -- The livenessProbe for the etcd container
@ -127,10 +129,6 @@ securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# runAsUser: 1000 # runAsUser: 1000
service:
type: ClusterIP
port: 8443
resources: resources:
limits: limits:
cpu: 200m cpu: 200m

4
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Datadog changelog # Datadog changelog
## 3.10.5
* Only expose the shared volume for the auth-token in non autopilot environments.
## 3.10.4 ## 3.10.4
* Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` * Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env`

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources: sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes - https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent - https://github.com/DataDog/datadog-agent
version: 3.10.4 version: 3.10.5

2
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog # Datadog
![Version: 3.10.4](https://img.shields.io/badge/Version-3.10.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) ![Version: 3.10.5](https://img.shields.io/badge/Version-3.10.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

3
charts/datadog/datadog/templates/_container-agent.yaml
View File

@ -163,8 +163,11 @@
{{- end }} {{- end }}
- name: config - name: config
mountPath: {{ template "datadog.confPath" . }} mountPath: {{ template "datadog.confPath" . }}
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token - name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: false
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }} {{- include "container-crisocket-volumemounts" . | nindent 4 }}
{{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }}
{{- if .Values.agents.useConfigMap }} {{- if .Values.agents.useConfigMap }}

4
charts/datadog/datadog/templates/_container-process-agent.yaml
View File

@ -56,9 +56,11 @@
- name: config - name: config
mountPath: {{ template "datadog.confPath" . }} mountPath: {{ template "datadog.confPath" . }}
{{- if eq .Values.targetSystem "linux" }} {{- if eq .Values.targetSystem "linux" }}
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token - name: auth-token
mountPath: /etc/datadog-agent/auth mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: true readOnly: true
{{- end }}
- name: logdatadog - name: logdatadog
mountPath: /var/log/datadog mountPath: /var/log/datadog
- name: tmpdir - name: tmpdir

2
charts/datadog/datadog/templates/_container-security-agent.yaml
View File

@ -52,9 +52,11 @@
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: {{ template "datadog.confPath" . }} mountPath: {{ template "datadog.confPath" . }}
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token - name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: true readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "linux" }} {{- if eq .Values.targetSystem "linux" }}
- name: logdatadog - name: logdatadog
mountPath: /var/log/datadog mountPath: /var/log/datadog

2
charts/datadog/datadog/templates/_container-trace-agent.yaml
View File

@ -53,9 +53,11 @@
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: {{ template "datadog.confPath" . }} mountPath: {{ template "datadog.confPath" . }}
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token - name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: true readOnly: true
{{- end }}
{{- if .Values.agents.useConfigMap }} {{- if .Values.agents.useConfigMap }}
- name: datadog-yaml - name: datadog-yaml
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml mountPath: {{ template "datadog.confPath" . }}/datadog.yaml

2
charts/datadog/datadog/templates/_containers-common-env.yaml
View File

@ -9,8 +9,10 @@
secretKeyRef: secretKeyRef:
name: {{ template "datadog.apiSecretName" . }} name: {{ template "datadog.apiSecretName" . }}
key: api-key key: api-key
{{- if (not .Values.providers.gke.autopilot) }}
- name: DD_AUTH_TOKEN_FILE_PATH - name: DD_AUTH_TOKEN_FILE_PATH
value: {{ template "datadog.confPath" . }}/auth/token value: {{ template "datadog.confPath" . }}/auth/token
{{- end }}
{{ include "components-common-env" . }} {{ include "components-common-env" . }}
{{- if .Values.datadog.kubelet.host }} {{- if .Values.datadog.kubelet.host }}
- name: DD_KUBERNETES_KUBELET_HOST - name: DD_KUBERNETES_KUBELET_HOST

2
charts/datadog/datadog/templates/daemonset.yaml
View File

@ -132,8 +132,10 @@ spec:
{{ include "system-probe-init" . | nindent 6 }} {{ include "system-probe-init" . | nindent 6 }}
{{- end }} {{- end }}
volumes: volumes:
{{- if (not .Values.providers.gke.autopilot) }}
- name: auth-token - name: auth-token
emptyDir: {} emptyDir: {}
{{- end }}
- name: installinfo - name: installinfo
configMap: configMap:
name: {{ include "agents-install-info-configmap-name" . }} name: {{ include "agents-install-info-configmap-name" . }}

10
charts/hashicorp/consul/Chart.yaml
View File

@ -1,11 +1,11 @@
annotations: annotations:
artifacthub.io/images: | artifacthub.io/images: |
- name: consul - name: consul
image: hashicorp/consul:1.14.2 image: hashicorp/consul:1.14.4
- name: consul-k8s-control-plane - name: consul-k8s-control-plane
image: hashicorp/consul-k8s-control-plane:1.0.2 image: hashicorp/consul-k8s-control-plane:1.0.3
- name: consul-dataplane - name: consul-dataplane
image: hashicorp/consul-dataplane:1.0.0 image: hashicorp/consul-dataplane:1.0.1
- name: envoy - name: envoy
image: envoyproxy/envoy:v1.23.1 image: envoyproxy/envoy:v1.23.1
artifacthub.io/license: MPL-2.0 artifacthub.io/license: MPL-2.0
@ -25,7 +25,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: consul catalog.cattle.io/release-name: consul
apiVersion: v2 apiVersion: v2
appVersion: 1.14.2 appVersion: 1.14.4
description: Official HashiCorp Consul Chart description: Official HashiCorp Consul Chart
home: https://www.consul.io home: https://www.consul.io
icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png
@ -34,4 +34,4 @@ name: consul
sources: sources:
- https://github.com/hashicorp/consul - https://github.com/hashicorp/consul
- https://github.com/hashicorp/consul-k8s - https://github.com/hashicorp/consul-k8s
version: 1.0.2 version: 1.0.3

2
charts/hashicorp/consul/README.md
View File

@ -42,7 +42,7 @@ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
The following pre-requisites must be met before installing Consul on Kubernetes. The following pre-requisites must be met before installing Consul on Kubernetes.
* **Kubernetes 1.22.x - 1.25.x** - This represents the earliest versions of Kubernetes tested. * **Kubernetes 1.23.x - 1.26.x** - This represents the earliest versions of Kubernetes tested.
It is possible that this chart works with earlier versions, but it is It is possible that this chart works with earlier versions, but it is
untested. untested.
* Helm install * Helm install

6
charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml
View File

@ -15,6 +15,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: api-gateway-controller component: api-gateway-controller
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.apiGateway.controller.replicas }} replicas: {{ .Values.apiGateway.controller.replicas }}
selector: selector:
@ -46,6 +49,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: api-gateway-controller component: api-gateway-controller
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
spec: spec:
serviceAccountName: {{ template "consul.fullname" . }}-api-gateway-controller serviceAccountName: {{ template "consul.fullname" . }}-api-gateway-controller
containers: containers:

6
charts/hashicorp/consul/templates/client-daemonset.yaml
View File

@ -24,6 +24,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: client component: client
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
{{- if .Values.client.updateStrategy }} {{- if .Values.client.updateStrategy }}
updateStrategy: updateStrategy:
@ -47,6 +50,9 @@ spec:
{{- if .Values.client.extraLabels }} {{- if .Values.client.extraLabels }}
{{- toYaml .Values.client.extraLabels | nindent 8 }} {{- toYaml .Values.client.extraLabels | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
{{- if .Values.global.secretsBackend.vault.enabled }} {{- if .Values.global.secretsBackend.vault.enabled }}
"vault.hashicorp.com/agent-inject": "true" "vault.hashicorp.com/agent-inject": "true"

6
charts/hashicorp/consul/templates/cni-daemonset.yaml
View File

@ -11,6 +11,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: cni component: cni
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
{{- if .Values.connectInject.cni.updateStrategy }} {{- if .Values.connectInject.cni.updateStrategy }}
updateStrategy: updateStrategy:
@ -29,6 +32,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: cni component: cni
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
consul.hashicorp.com/connect-inject: "false" consul.hashicorp.com/connect-inject: "false"
spec: spec:

6
charts/hashicorp/consul/templates/connect-inject-deployment.yaml
View File

@ -23,6 +23,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: connect-injector component: connect-injector
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.connectInject.replicas }} replicas: {{ .Values.connectInject.replicas }}
selector: selector:
@ -41,6 +44,9 @@ spec:
{{- if .Values.connectInject.extraLabels }} {{- if .Values.connectInject.extraLabels }}
{{- toYaml .Values.connectInject.extraLabels | nindent 8 }} {{- toYaml .Values.connectInject.extraLabels | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
{{- if .Values.connectInject.annotations }} {{- if .Values.connectInject.annotations }}

6
charts/hashicorp/consul/templates/create-federation-secret-job.yaml
View File

@ -15,6 +15,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: create-federation-secret component: create-federation-secret
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": post-install,post-upgrade "helm.sh/hook": post-install,post-upgrade
{{- /* Hook weight needs to be 1 so that the service account is provisioned first */}} {{- /* Hook weight needs to be 1 so that the service account is provisioned first */}}
@ -29,6 +32,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: create-federation-secret component: create-federation-secret
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/enterprise-license-job.yaml
View File

@ -15,6 +15,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: license component: license
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": post-install,post-upgrade "helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "100" "helm.sh/hook-weight": "100"
@ -31,6 +34,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: license component: license
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/gossip-encryption-autogenerate-job.yaml
View File

@ -14,6 +14,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: gossip-encryption-autogenerate component: gossip-encryption-autogenerate
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@ -27,6 +30,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: gossip-encryption-autogenerate component: gossip-encryption-autogenerate
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/ingress-gateways-deployment.yaml
View File

@ -46,6 +46,9 @@ metadata:
release: {{ $root.Release.Name }} release: {{ $root.Release.Name }}
component: ingress-gateway component: ingress-gateway
ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
{{- if $root.Values.global.extraLabels }}
{{- toYaml $root.Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ default $defaults.replicas .replicas }} replicas: {{ default $defaults.replicas .replicas }}
selector: selector:
@ -66,6 +69,9 @@ spec:
component: ingress-gateway component: ingress-gateway
ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
{{- if $root.Values.global.extraLabels }}
{{- toYaml $root.Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
"consul.hashicorp.com/gateway-kind": "ingress-gateway" "consul.hashicorp.com/gateway-kind": "ingress-gateway"

6
charts/hashicorp/consul/templates/mesh-gateway-deployment.yaml
View File

@ -19,6 +19,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: mesh-gateway component: mesh-gateway
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.meshGateway.replicas }} replicas: {{ .Values.meshGateway.replicas }}
selector: selector:
@ -35,6 +38,9 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: mesh-gateway component: mesh-gateway
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
"consul.hashicorp.com/gateway-kind": "mesh-gateway" "consul.hashicorp.com/gateway-kind": "mesh-gateway"

6
charts/hashicorp/consul/templates/partition-init-job.yaml
View File

@ -15,6 +15,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: partition-init component: partition-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@ -28,6 +31,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: partition-init component: partition-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
{{- if (and .Values.global.secretsBackend.vault.enabled (or .Values.global.tls.enabled .Values.global.acls.manageSystemACLs)) }} {{- if (and .Values.global.secretsBackend.vault.enabled (or .Values.global.tls.enabled .Values.global.acls.manageSystemACLs)) }}

6
charts/hashicorp/consul/templates/server-acl-init-cleanup-job.yaml
View File

@ -23,6 +23,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server-acl-init-cleanup component: server-acl-init-cleanup
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": post-install,post-upgrade "helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "0" "helm.sh/hook-weight": "0"
@ -39,6 +42,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server-acl-init-cleanup component: server-acl-init-cleanup
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/server-acl-init-job.yaml
View File

@ -29,6 +29,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server-acl-init component: server-acl-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
template: template:
metadata: metadata:
@ -38,6 +41,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server-acl-init component: server-acl-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
{{- if .Values.global.secretsBackend.vault.enabled }} {{- if .Values.global.secretsBackend.vault.enabled }}

6
charts/hashicorp/consul/templates/server-statefulset.yaml
View File

@ -31,6 +31,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server component: server
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
serviceName: {{ template "consul.fullname" . }}-server serviceName: {{ template "consul.fullname" . }}-server
podManagementPolicy: Parallel podManagementPolicy: Parallel
@ -59,6 +62,9 @@ spec:
{{- if .Values.server.extraLabels }} {{- if .Values.server.extraLabels }}
{{- toYaml .Values.server.extraLabels | nindent 8 }} {{- toYaml .Values.server.extraLabels | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
{{- if .Values.global.secretsBackend.vault.enabled }} {{- if .Values.global.secretsBackend.vault.enabled }}
"vault.hashicorp.com/agent-inject": "true" "vault.hashicorp.com/agent-inject": "true"

6
charts/hashicorp/consul/templates/sync-catalog-deployment.yaml
View File

@ -14,6 +14,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: sync-catalog component: sync-catalog
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -32,6 +35,9 @@ spec:
{{- if .Values.syncCatalog.extraLabels }} {{- if .Values.syncCatalog.extraLabels }}
{{- toYaml .Values.syncCatalog.extraLabels | nindent 8 }} {{- toYaml .Values.syncCatalog.extraLabels | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
{{- if .Values.syncCatalog.annotations }} {{- if .Values.syncCatalog.annotations }}

6
charts/hashicorp/consul/templates/terminating-gateways-deployment.yaml
View File

@ -48,6 +48,9 @@ metadata:
release: {{ $root.Release.Name }} release: {{ $root.Release.Name }}
component: terminating-gateway component: terminating-gateway
terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
{{- if $root.Values.global.extraLabels }}
{{- toYaml $root.Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: {{ default $defaults.replicas .replicas }} replicas: {{ default $defaults.replicas .replicas }}
selector: selector:
@ -68,6 +71,9 @@ spec:
component: terminating-gateway component: terminating-gateway
terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
{{- if $root.Values.global.extraLabels }}
{{- toYaml $root.Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
"consul.hashicorp.com/gateway-kind": "terminating-gateway" "consul.hashicorp.com/gateway-kind": "terminating-gateway"

6
charts/hashicorp/consul/templates/tls-init-cleanup-job.yaml
View File

@ -13,6 +13,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: tls-init-cleanup component: tls-init-cleanup
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": pre-delete "helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded "helm.sh/hook-delete-policy": hook-succeeded
@ -27,6 +30,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: tls-init-cleanup component: tls-init-cleanup
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/tls-init-job.yaml
View File

@ -14,6 +14,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: tls-init component: tls-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@ -27,6 +30,9 @@ spec:
chart: {{ template "consul.chart" . }} chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: tls-init component: tls-init
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:

6
charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml
View File

@ -11,6 +11,9 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: webhook-cert-manager component: webhook-cert-manager
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 4 }}
{{- end }}
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -28,6 +31,9 @@ spec:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: webhook-cert-manager component: webhook-cert-manager
{{- if .Values.global.extraLabels }}
{{- toYaml .Values.global.extraLabels | nindent 8 }}
{{- end }}
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
"consul.hashicorp.com/config-checksum": {{ include (print $.Template.BasePath "/webhook-cert-manager-configmap.yaml") . | sha256sum }} "consul.hashicorp.com/config-checksum": {{ include (print $.Template.BasePath "/webhook-cert-manager-configmap.yaml") . | sha256sum }}

43
charts/hashicorp/consul/values.yaml
View File

@ -63,7 +63,7 @@ global:
# image: "hashicorp/consul-enterprise:1.10.0-ent" # image: "hashicorp/consul-enterprise:1.10.0-ent"
# ``` # ```
# @default: hashicorp/consul:<latest version> # @default: hashicorp/consul:<latest version>
image: "hashicorp/consul:1.14.2" image: "hashicorp/consul:1.14.4"
# Array of objects containing image pull secret names that will be applied to each service account. # Array of objects containing image pull secret names that will be applied to each service account.
# This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image.
@ -83,7 +83,7 @@ global:
# image that is used for functionality such as catalog sync. # image that is used for functionality such as catalog sync.
# This can be overridden per component. # This can be overridden per component.
# @default: hashicorp/consul-k8s-control-plane:<latest version> # @default: hashicorp/consul-k8s-control-plane:<latest version>
imageK8S: hashicorp/consul-k8s-control-plane:1.0.2 imageK8S: hashicorp/consul-k8s-control-plane:1.0.3
# The name of the datacenter that the agents should # The name of the datacenter that the agents should
# register as. This can't be changed once the Consul cluster is up and running # register as. This can't be changed once the Consul cluster is up and running
@ -261,7 +261,7 @@ global:
secretName: null secretName: null
connectInject: connectInject:
# Configuration to the Vault Secret that Kubernetes will use on # Configuration to the Vault Secret that Kubernetes uses on
# Kubernetes pod creation, deletion, and update, to get CA certificates # Kubernetes pod creation, deletion, and update, to get CA certificates
# used issued from vault to send webhooks to the ConnectInject. # used issued from vault to send webhooks to the ConnectInject.
caCert: caCert:
@ -270,7 +270,7 @@ global:
# @type: string # @type: string
secretName: null secretName: null
# Configuration to the Vault Secret that Kubernetes will use on # Configuration to the Vault Secret that Kubernetes uses on
# Kubernetes pod creation, deletion, and update, to get TLS certificates # Kubernetes pod creation, deletion, and update, to get TLS certificates
# used issued from vault to send webhooks to the ConnectInject. # used issued from vault to send webhooks to the ConnectInject.
tlsCert: tlsCert:
@ -325,7 +325,7 @@ global:
# If true, the Helm chart will enable TLS for Consul # If true, the Helm chart will enable TLS for Consul
# servers and clients and all consul-k8s-control-plane components, as well as generate certificate # servers and clients and all consul-k8s-control-plane components, as well as generate certificate
# authority (optional) and server and client certificates. # authority (optional) and server and client certificates.
# This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s). # This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
enabled: false enabled: false
# If true, turns on the auto-encrypt feature on clients and servers. # If true, turns on the auto-encrypt feature on clients and servers.
@ -567,7 +567,7 @@ global:
# The name (and tag) of the consul-dataplane Docker image used for the # The name (and tag) of the consul-dataplane Docker image used for the
# connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # connect-injected sidecar proxies and mesh, terminating, and ingress gateways.
# @default: hashicorp/consul-dataplane:<latest supported version> # @default: hashicorp/consul-dataplane:<latest supported version>
imageConsulDataplane: "hashicorp/consul-dataplane:1.0.0" imageConsulDataplane: "hashicorp/consul-dataplane:1.0.1"
# Configuration for running this Helm chart on the Red Hat OpenShift platform. # Configuration for running this Helm chart on the Red Hat OpenShift platform.
# This Helm chart currently supports OpenShift v4.x+. # This Helm chart currently supports OpenShift v4.x+.
@ -647,6 +647,19 @@ global:
# @type: string # @type: string
secretKey: null secretKey: null
# Extra labels to attach to all pods, deployments, daemonsets, statefulsets, and jobs. This should be a YAML map.
#
# Example:
#
# ```yaml
# extraLabels:
# labelKey: label-value
# anotherLabelKey: another-label-value
# ```
#
# @type: map
extraLabels: {}
# Server, when enabled, configures a server cluster to run. This should # Server, when enabled, configures a server cluster to run. This should
# be disabled if you plan on connecting to a Consul cluster external to # be disabled if you plan on connecting to a Consul cluster external to
# the Kube cluster. # the Kube cluster.
@ -844,9 +857,9 @@ server:
# This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# for the server cluster. # for the server cluster.
disruptionBudget: disruptionBudget:
# This will enable/disable registering a PodDisruptionBudget for the server # Enables registering a PodDisruptionBudget for the server
# cluster. If this is enabled, it will only register the budget so long as # cluster. If enabled, it only registers the budget so long as
# the server cluster is enabled. # the server cluster is enabled. To disable, set to `false`.
enabled: true enabled: true
# The maximum number of unavailable pods. By default, this will be # The maximum number of unavailable pods. By default, this will be
@ -1936,7 +1949,7 @@ connectInject:
# Configures consul-cni plugin for Consul Service mesh services # Configures consul-cni plugin for Consul Service mesh services
cni: cni:
# If true, then all traffic redirection setup will use the consul-cni plugin. # If true, then all traffic redirection setup uses the consul-cni plugin.
# Requires connectInject.enabled to also be true. # Requires connectInject.enabled to also be true.
# @type: boolean # @type: boolean
enabled: false enabled: false
@ -2330,11 +2343,11 @@ connectInject:
memory: "150Mi" memory: "150Mi"
cpu: "50m" cpu: "50m"
# [Mesh Gateways](/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters. # [Mesh Gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
meshGateway: meshGateway:
# If [mesh gateways](/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs # If [mesh gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
# gateways and Consul Connect will be configured to use gateways. # gateways and Consul Connect will be configured to use gateways.
# This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s). # This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
# Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``. # Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
enabled: false enabled: false
@ -2883,9 +2896,9 @@ apiGateway:
# @type: string # @type: string
nodeSelector: null nodeSelector: null
# This value defines the tolerations that will be assigned to a gateway pod. # Toleration settings for gateway pods created with the managed gateway class.
# This should be a multi-line string matching the # This should be a multi-line string matching the
# Tolerations (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. # [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec.
# #
# @type: string # @type: string
tolerations: null tolerations: null

4
charts/intel/intel-device-plugins-operator/Chart.yaml
View File

@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: intel-device-plugins-operator catalog.cattle.io/release-name: intel-device-plugins-operator
apiVersion: v2 apiVersion: v2
appVersion: 0.25.1 appVersion: 0.26.0
description: A Helm chart for Intel Device Plugins Operator for Kubernetes description: A Helm chart for Intel Device Plugins Operator for Kubernetes
icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4 icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
name: intel-device-plugins-operator name: intel-device-plugins-operator
type: application type: application
version: 0.25.1 version: 0.26.0

4
charts/intel/intel-device-plugins-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml
View File

@ -102,6 +102,10 @@ spec:
- balanced - balanced
- packed - packed
type: string type: string
provisioningConfig:
description: ProvisioningConfig is a ConfigMap used to pass the configuration
of QAT devices into qat initcontainer.
type: string
type: object type: object
status: status:
description: 'QatDevicePluginStatus defines the observed state of QatDevicePlugin. description: 'QatDevicePluginStatus defines the observed state of QatDevicePlugin.

2
charts/jenkins/jenkins/Chart.yaml
View File

@ -41,4 +41,4 @@ sources:
- https://github.com/jenkinsci/docker-inbound-agent - https://github.com/jenkinsci/docker-inbound-agent
- https://github.com/maorfr/kube-tasks - https://github.com/maorfr/kube-tasks
- https://github.com/jenkinsci/configuration-as-code-plugin - https://github.com/jenkinsci/configuration-as-code-plugin
version: 4.3.0 version: 4.3.1

45
charts/jenkins/jenkins/README.md
View File

@ -209,6 +209,51 @@ controller:
Further JCasC examples can be found [here](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos). Further JCasC examples can be found [here](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos).
#### Breaking out large Config as Code scripts
Jenkins Config as Code scripts can become quite large, and maintaining all of your scripts within one yaml file can be difficult. The Config as Code plugin itself suggests updating the `CASC_JENKINS_CONFIG` environment variable to be a comma seperated list of paths for the plugin to traverse, picking up the yaml files as needed.
However, under the Jenkins helm chart, this `CASC_JENKINS_CONFIG` value is maintained through the templates. A better solution is to split your `controller.JCasC.configScripts` into seperate values files, and provide each file during the helm install.
For example, you can have a values file (e.g values_main.yaml) that defines the values described in the `VALUES_SUMMARY.md` for your Jenkins configuration:
```yaml
jenkins:
controller:
jenkinsUrlProtocol: https
installPlugins: false
...
```
In a second file (e.g values_jenkins_casc.yaml), you can define a section of your config scripts:
```yaml
jenkins:
controller:
JCasC:
configScripts:
jenkinsCasc: |
jenkins:
disableRememberMe: false
mode: NORMAL
...
```
And keep extending your config scripts by creating more files (so not all config scripts are located in one yaml file for better maintenance):
values_jenkins_unclassified.yaml
```yaml
jenkins:
controller:
JCasC:
configScripts:
unclassifiedCasc: |
unclassified:
...
```
When installing, you provide all relevant yaml files (e.g `helm install -f values_main.yaml -f values_jenkins_casc.yaml -f values_jenkins_unclassified.yaml ...`). Instead of updating the `CASC_JENKINS_CONFIG` environment variable to include multiple paths, multiple CasC yaml files will be created in the same path `var/jenkins_home/casc_configs`.
#### Config as Code With or Without Auto-Reload #### Config as Code With or Without Auto-Reload
Config as Code changes (to `controller.JCasC.configScripts`) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. Config as Code changes (to `controller.JCasC.configScripts`) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly.

28
charts/kong/kong/CHANGELOG.md
View File

@ -1,7 +1,33 @@
# Changelog # Changelog
## Unreleased ## 2.16.1
### Fixed
* serviceAccount projected volume is properly provisioned for GKE clusters >= 1.20.
[#735](https://github.com/Kong/charts/pull/735)
## 2.16.0
### Improvements
* Let users specify their own labels and annotations for generated PodSecurityPolicy.
[#721](https://github.com/Kong/charts/pull/721)
* Enable the admission webhook by default. This can reject configuration, but
is not expected to be a meaningfully breaking change. Existing configuration
is not affected, and any new changes that the webhook would reject would also
be rejected by Kong.
[#727](https://github.com/Kong/charts/pull/727)
* Replaced static secret with projected volume in deployment.
[#722](https://github.com/Kong/charts/pull/722)
* Reject invalid log config values.
[#733](https://github.com/Kong/charts/pull/733)
* Update custom resource definitions to latest v2.8.1 from
kong/kubernetes-ingress-controller
[#730](https://github.com/Kong/charts/pull/730)
* Respect setting `.Values.deployment.serviceAccount.automountServiceAccountToken` in
migrations Jobs. This was already the case for the Deployment.
[#729](https://github.com/Kong/charts/pull/729)
## 2.15.3 ## 2.15.3

2
charts/kong/kong/Chart.yaml
View File

@ -20,4 +20,4 @@ maintainers:
name: kong name: kong
sources: sources:
- https://github.com/Kong/charts/tree/main/charts/kong - https://github.com/Kong/charts/tree/main/charts/kong
version: 2.15.3 version: 2.16.1

10
charts/kong/kong/README.md
View File

@ -565,7 +565,7 @@ namespaces. Limiting access requires several changes to configuration:
- Set `ingressController.watchNamespaces` to a list of namespaces you want to - Set `ingressController.watchNamespaces` to a list of namespaces you want to
watch. The chart will automatically generate roles for each namespace and watch. The chart will automatically generate roles for each namespace and
assign them to the controller's service account. assign them to the controller's service account.
- Optionally set `ingressContrller.installCRDs=false` if your user role (the - Optionally set `ingressController.installCRDs=false` if your user role (the
role you use when running `helm install`, not the controller service role you use when running `helm install`, not the controller service
account's role) does not have access to get CRDs. By default, the chart account's role) does not have access to get CRDs. By default, the chart
attempts to look up the controller CRDs for [a legacy behavior attempts to look up the controller CRDs for [a legacy behavior
@ -716,10 +716,10 @@ section of `values.yaml` file:
| ingressClassAnnotations | The ingress-class value for controller | kong | | ingressClassAnnotations | The ingress-class value for controller | kong |
| args | List of ingress-controller cli arguments | [] | | args | List of ingress-controller cli arguments | [] |
| watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] | | watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] |
| admissionWebhook.enabled | Whether to enable the validating admission webhook | false | | admissionWebhook.enabled | Whether to enable the validating admission webhook | true |
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Fail | | admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore |
| admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 | | admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 |
| admissionWebhook.certificate.provided | Whether to generate the admission webhook certificate if not provided | false | | admissionWebhook.certificate.provided | Use a provided certificate. When set to false, the chart will automatically generate a certificate. | false |
| admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | | | admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | |
| admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | | | admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | |
| deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | | | deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | |
@ -788,6 +788,8 @@ kong:
| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | | podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | | podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |
| podSecurityPolicy.enabled | Enable podSecurityPolicy for Kong | `false` | | podSecurityPolicy.enabled | Enable podSecurityPolicy for Kong | `false` |
| podSecurityPolicy.labels | Labels to add to podSecurityPolicy for Kong | `{}` |
| podSecurityPolicy.annotations | Annotations to add to podSecurityPolicy for Kong | `{}` |
| podSecurityPolicy.spec | Collection of [PodSecurityPolicy settings](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#what-is-a-pod-security-policy) | | | podSecurityPolicy.spec | Collection of [PodSecurityPolicy settings](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#what-is-a-pod-security-policy) | |
| priorityClassName | Set pod scheduling priority class for Kong pods | `""` | | priorityClassName | Set pod scheduling priority class for Kong pods | `""` |
| secretVolumes | Mount given secrets as a volume in Kong container to override default certs and keys. | `[]` | | secretVolumes | Mount given secrets as a volume in Kong container to override default certs and keys. | `[]` |

209
charts/kong/kong/crds/custom-resource-definitions.yaml
View File

@ -1,9 +1,9 @@
# generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=main # generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=v2.8.1
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: ingressclassparameterses.configuration.konghq.com name: ingressclassparameterses.configuration.konghq.com
spec: spec:
@ -19,7 +19,7 @@ spec:
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: IngressClassParameters is the Schema for the IngressClassParameters description: IngressClassParameters is the Schema for the IngressClassParameters
API API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -34,6 +34,7 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: Spec is the IngressClassParameters specification.
properties: properties:
enableLegacyRegexDetection: enableLegacyRegexDetection:
default: false default: false
@ -44,7 +45,7 @@ spec:
type: boolean type: boolean
serviceUpstream: serviceUpstream:
default: false default: false
description: Offload load-balancing to kube-proxy or sidecar description: Offload load-balancing to kube-proxy or sidecar.
type: boolean type: boolean
type: object type: object
type: object type: object
@ -55,7 +56,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: kongclusterplugins.configuration.konghq.com name: kongclusterplugins.configuration.konghq.com
spec: spec:
@ -93,7 +94,7 @@ spec:
name: v1 name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: KongClusterPlugin is the Schema for the kongclusterplugins API description: KongClusterPlugin is the Schema for the kongclusterplugins API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -101,24 +102,33 @@ spec:
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
config: config:
description: Config contains the plugin configuration. description: Config contains the plugin configuration. It's a list of
keys and values required to configure the plugin. Please read the documentation
of the plugin being configured to set values in here. For any plugin
in Kong, anything that goes in the `config` JSON key in the Admin API
request, goes into this property. Only one of `config` or `configFrom`
may be used in a KongClusterPlugin, not both at once.
type: object type: object
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
configFrom: configFrom:
description: ConfigFrom references a secret containing the plugin configuration. description: ConfigFrom references a secret containing the plugin configuration.
This should be used when the plugin configuration contains sensitive
information, such as AWS credentials in the Lambda plugin or the client
secret in the OIDC plugin. Only one of `config` or `configFrom` may
be used in a KongClusterPlugin, not both at once.
properties: properties:
secretKeyRef: secretKeyRef:
description: NamespacedSecretValueFromSource represents the source description: Specifies a name, a namespace, and a key of a secret
of a secret value specifying the secret namespace to refer to.
properties: properties:
key: key:
description: the key containing the value description: The key containing the value.
type: string type: string
name: name:
description: the secret containing the key description: The secret containing the key.
type: string type: string
namespace: namespace:
description: The namespace containing the secret description: The namespace containing the secret.
type: string type: string
required: required:
- key - key
@ -127,10 +137,10 @@ spec:
type: object type: object
type: object type: object
consumerRef: consumerRef:
description: ConsumerRef is a reference to a particular consumer description: ConsumerRef is a reference to a particular consumer.
type: string type: string
disabled: disabled:
description: Disabled set if the plugin is disabled or not description: Disabled set if the plugin is disabled or not.
type: boolean type: boolean
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
@ -140,7 +150,13 @@ spec:
metadata: metadata:
type: object type: object
ordering: ordering:
description: Ordering overrides the normal plugin execution order description: 'Ordering overrides the normal plugin execution order. It''s
only available on Kong Enterprise. `<phase>` is a request processing
phase (for example, `access` or `body_filter`) and `<plugin>` is the
name of the plugin that will run before or after the KongPlugin. For
example, a KongPlugin with `plugin: rate-limiting` and `before.access:
["key-auth"]` will create a rate limiting plugin that limits requests
_before_ they are authenticated.'
properties: properties:
after: after:
additionalProperties: additionalProperties:
@ -161,7 +177,7 @@ spec:
type: object type: object
plugin: plugin:
description: PluginName is the name of the plugin to which to apply the description: PluginName is the name of the plugin to which to apply the
config config.
type: string type: string
protocols: protocols:
description: Protocols configures plugin to run on requests received on description: Protocols configures plugin to run on requests received on
@ -197,7 +213,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: kongconsumers.configuration.konghq.com name: kongconsumers.configuration.konghq.com
spec: spec:
@ -225,7 +241,7 @@ spec:
name: v1 name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: KongConsumer is the Schema for the kongconsumers API description: KongConsumer is the Schema for the kongconsumers API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -239,8 +255,8 @@ spec:
type: string type: string
type: array type: array
custom_id: custom_id:
description: CustomID existing unique ID for the consumer - useful for description: CustomID is a Kong cluster-unique existing ID for the consumer
mapping Kong with users in your existing database - useful for mapping Kong with users in your existing database.
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
@ -250,7 +266,7 @@ spec:
metadata: metadata:
type: object type: object
username: username:
description: Username unique username of the consumer. description: Username is a Kong cluster-unique username of the consumer.
type: string type: string
type: object type: object
served: true served: true
@ -262,7 +278,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: kongingresses.configuration.konghq.com name: kongingresses.configuration.konghq.com
spec: spec:
@ -281,7 +297,7 @@ spec:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: KongIngress is the Schema for the kongingresses API description: KongIngress is the Schema for the kongingresses API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -298,19 +314,23 @@ spec:
proxy: proxy:
description: Proxy defines additional connection options for the routes description: Proxy defines additional connection options for the routes
to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`,
e.t.c. etc.
properties: properties:
connect_timeout: connect_timeout:
description: The timeout in milliseconds for establishing a connection description: "The timeout in milliseconds for\testablishing a connection
to the upstream server. to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\"
annotation instead."
minimum: 0 minimum: 0
type: integer type: integer
path: path:
description: The path to be used in requests to the upstream server.(optional) description: '(optional) The path to be used in requests to the upstream
server. Deprecated: use Service''s "konghq.com/path" annotation
instead.'
pattern: ^/.*$ pattern: ^/.*$
type: string type: string
protocol: protocol:
description: The protocol used to communicate with the upstream. description: 'The protocol used to communicate with the upstream.
Deprecated: use Service''s "konghq.com/protocol" annotation instead.'
enum: enum:
- http - http
- https - https
@ -321,17 +341,20 @@ spec:
- udp - udp
type: string type: string
read_timeout: read_timeout:
description: The timeout in milliseconds between two successive read description: 'The timeout in milliseconds between two successive read
operations for transmitting a request to the upstream server. operations for transmitting a request to the upstream server. Deprecated:
use Service''s "konghq.com/read-timeout" annotation instead.'
minimum: 0 minimum: 0
type: integer type: integer
retries: retries:
description: The number of retries to execute upon failure to proxy. description: 'The number of retries to execute upon failure to proxy.
Deprecated: use Service''s "konghq.com/retries" annotation instead.'
minimum: 0 minimum: 0
type: integer type: integer
write_timeout: write_timeout:
description: The timeout in milliseconds between two successive write description: 'The timeout in milliseconds between two successive write
operations for transmitting a request to the upstream server. operations for transmitting a request to the upstream server. Deprecated:
use Service''s "konghq.com/write-timeout" annotation instead.'
minimum: 0 minimum: 0
type: integer type: integer
type: object type: object
@ -345,35 +368,44 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Headers contains one or more lists of values indexed description: 'Headers contains one or more lists of values indexed
by header name that will cause this Route to match if present in by header name that will cause this Route to match if present in
the request. The Host header cannot be used with this attribute. the request. The Host header cannot be used with this attribute.
Deprecated: use Ingress'' "konghq.com/headers" annotation instead.'
type: object type: object
https_redirect_status_code: https_redirect_status_code:
description: HTTPSRedirectStatusCode is the status code Kong responds description: 'HTTPSRedirectStatusCode is the status code Kong responds
with when all properties of a Route match except the protocol. with when all properties of a Route match except the protocol. Deprecated:
use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code"
annotations instead.'
type: integer type: integer
methods: methods:
description: Methods is a list of HTTP methods that match this Route. description: 'Methods is a list of HTTP methods that match this Route.
Deprecated: use Ingress'' "konghq.com/override-protocols" annotation
instead.'
items: items:
type: string type: string
type: array type: array
path_handling: path_handling:
description: PathHandling controls how the Service path, Route path description: 'PathHandling controls how the Service path, Route path
and requested path are combined when sending a request to the upstream. and requested path are combined when sending a request to the upstream.
Deprecated: use Ingress'' "konghq.com/path-handling" annotation
instead.'
enum: enum:
- v0 - v0
- v1 - v1
type: string type: string
preserve_host: preserve_host:
description: PreserveHost sets When matching a Route via one of the description: 'PreserveHost sets When matching a Route via one of the
hosts domain names, use the request Host header in the upstream hosts domain names, use the request Host header in the upstream
request headers. If set to false, the upstream Host header will request headers. If set to false, the upstream Host header will
be that of the Services host. be that of the Services host. Deprecated: use Ingress'' "konghq.com/preserve-host"
annotation instead.'
type: boolean type: boolean
protocols: protocols:
description: Protocols is an array of the protocols this Route should description: 'Protocols is an array of the protocols this Route should
allow. allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation
instead.'
items: items:
enum: enum:
- http - http
@ -386,27 +418,32 @@ spec:
type: string type: string
type: array type: array
regex_priority: regex_priority:
description: RegexPriority is a number used to choose which route description: 'RegexPriority is a number used to choose which route
resolves a given request when several routes match it using regexes resolves a given request when several routes match it using regexes
simultaneously. simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority"
annotation instead.'
type: integer type: integer
request_buffering: request_buffering:
description: RequestBuffering sets whether to enable request body description: 'RequestBuffering sets whether to enable request body
buffering or not. buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering"
annotation instead.'
type: boolean type: boolean
response_buffering: response_buffering:
description: ResponseBuffering sets whether to enable response body description: 'ResponseBuffering sets whether to enable response body
buffering or not. buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering"
annotation instead.'
type: boolean type: boolean
snis: snis:
description: SNIs is a list of SNIs that match this Route when using description: 'SNIs is a list of SNIs that match this Route when using
stream routing. stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation
instead.'
items: items:
type: string type: string
type: array type: array
strip_path: strip_path:
description: StripPath sets When matching a Route via one of the paths description: 'StripPath sets When matching a Route via one of the
strip the matching prefix from the upstream request URL. paths strip the matching prefix from the upstream request URL. Deprecated:
use Ingress'' "konghq.com/strip-path" annotation instead.'
type: boolean type: boolean
type: object type: object
upstream: upstream:
@ -589,7 +626,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: kongplugins.configuration.konghq.com name: kongplugins.configuration.konghq.com
spec: spec:
@ -627,7 +664,7 @@ spec:
name: v1 name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: KongPlugin is the Schema for the kongplugins API description: KongPlugin is the Schema for the kongplugins API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -635,21 +672,30 @@ spec:
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
config: config:
description: Config contains the plugin configuration. description: Config contains the plugin configuration. It's a list of
keys and values required to configure the plugin. Please read the documentation
of the plugin being configured to set values in here. For any plugin
in Kong, anything that goes in the `config` JSON key in the Admin API
request, goes into this property. Only one of `config` or `configFrom`
may be used in a KongPlugin, not both at once.
type: object type: object
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
configFrom: configFrom:
description: ConfigFrom references a secret containing the plugin configuration. description: ConfigFrom references a secret containing the plugin configuration.
This should be used when the plugin configuration contains sensitive
information, such as AWS credentials in the Lambda plugin or the client
secret in the OIDC plugin. Only one of `config` or `configFrom` may
be used in a KongPlugin, not both at once.
properties: properties:
secretKeyRef: secretKeyRef:
description: SecretValueFromSource represents the source of a secret description: Specifies a name and a key of a secret to refer to. The
value namespace is implicitly set to the one of referring object.
properties: properties:
key: key:
description: the key containing the value description: The key containing the value.
type: string type: string
name: name:
description: the secret containing the key description: The secret containing the key.
type: string type: string
required: required:
- key - key
@ -657,10 +703,10 @@ spec:
type: object type: object
type: object type: object
consumerRef: consumerRef:
description: ConsumerRef is a reference to a particular consumer description: ConsumerRef is a reference to a particular consumer.
type: string type: string
disabled: disabled:
description: Disabled set if the plugin is disabled or not description: Disabled set if the plugin is disabled or not.
type: boolean type: boolean
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
@ -670,7 +716,13 @@ spec:
metadata: metadata:
type: object type: object
ordering: ordering:
description: Ordering overrides the normal plugin execution order description: 'Ordering overrides the normal plugin execution order. It''s
only available on Kong Enterprise. `<phase>` is a request processing
phase (for example, `access` or `body_filter`) and `<plugin>` is the
name of the plugin that will run before or after the KongPlugin. For
example, a KongPlugin with `plugin: rate-limiting` and `before.access:
["key-auth"]` will create a rate limiting plugin that limits requests
_before_ they are authenticated.'
properties: properties:
after: after:
additionalProperties: additionalProperties:
@ -691,7 +743,7 @@ spec:
type: object type: object
plugin: plugin:
description: PluginName is the name of the plugin to which to apply the description: PluginName is the name of the plugin to which to apply the
config config.
type: string type: string
protocols: protocols:
description: Protocols configures plugin to run on requests received on description: Protocols configures plugin to run on requests received on
@ -727,7 +779,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: tcpingresses.configuration.konghq.com name: tcpingresses.configuration.konghq.com
spec: spec:
@ -753,7 +805,7 @@ spec:
name: v1beta1 name: v1beta1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: TCPIngress is the Schema for the tcpingresses API description: TCPIngress is the Schema for the tcpingresses API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -768,7 +820,7 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: TCPIngressSpec defines the desired state of TCPIngress description: Spec is the TCPIngress specification.
properties: properties:
rules: rules:
description: A list of rules used to configure the Ingress. description: A list of rules used to configure the Ingress.
@ -783,6 +835,7 @@ spec:
properties: properties:
serviceName: serviceName:
description: Specifies the name of the referenced service. description: Specifies the name of the referenced service.
minLength: 1
type: string type: string
servicePort: servicePort:
description: Specifies the port of the referenced service. description: Specifies the port of the referenced service.
@ -796,9 +849,12 @@ spec:
type: object type: object
host: host:
description: Host is the fully qualified domain name of a network description: Host is the fully qualified domain name of a network
host, as defined by RFC 3986. If a Host is specified, the host, as defined by RFC 3986. If a Host is not specified,
protocol must be TLS over TCP. A plain-text TCP request cannot then port-based TCP routing is performed. Kong doesn't care
be routed based on Host. It can only be routed based on Port. about the content of the TCP stream in this case. If a Host
is specified, the protocol must be TLS over TCP. A plain-text
TCP request cannot be routed based on Host. It can only be
routed based on Port.
type: string type: string
port: port:
description: Port is the port on which to accept TCP or TLS description: Port is the port on which to accept TCP or TLS
@ -811,6 +867,7 @@ spec:
type: integer type: integer
required: required:
- backend - backend
- port
type: object type: object
type: array type: array
tls: tls:
@ -838,7 +895,7 @@ spec:
type: array type: array
type: object type: object
status: status:
description: TCPIngressStatus defines the observed state of TCPIngress description: TCPIngressStatus defines the observed state of TCPIngress.
properties: properties:
loadBalancer: loadBalancer:
description: LoadBalancer contains the current status of the load-balancer. description: LoadBalancer contains the current status of the load-balancer.
@ -909,7 +966,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.9.2 controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null creationTimestamp: null
name: udpingresses.configuration.konghq.com name: udpingresses.configuration.konghq.com
spec: spec:
@ -935,7 +992,7 @@ spec:
name: v1beta1 name: v1beta1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: UDPIngress is the Schema for the udpingresses API description: UDPIngress is the Schema for the udpingresses API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -950,7 +1007,7 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: UDPIngressSpec defines the desired state of UDPIngress description: Spec is the UDPIngress specification.
properties: properties:
rules: rules:
description: A list of rules used to configure the Ingress. description: A list of rules used to configure the Ingress.
@ -965,6 +1022,7 @@ spec:
properties: properties:
serviceName: serviceName:
description: Specifies the name of the referenced service. description: Specifies the name of the referenced service.
minLength: 1
type: string type: string
servicePort: servicePort:
description: Specifies the port of the referenced service. description: Specifies the port of the referenced service.
@ -980,6 +1038,9 @@ spec:
description: Port indicates the port for the Kong proxy to accept description: Port indicates the port for the Kong proxy to accept
incoming traffic on, which will then be routed to the service incoming traffic on, which will then be routed to the service
Backend. Backend.
format: int32
maximum: 65535
minimum: 1
type: integer type: integer
required: required:
- backend - backend
@ -988,7 +1049,7 @@ spec:
type: array type: array
type: object type: object
status: status:
description: UDPIngressStatus defines the observed state of UDPIngress description: UDPIngressStatus defines the observed state of UDPIngress.
properties: properties:
loadBalancer: loadBalancer:
description: LoadBalancer contains the current status of the load-balancer. description: LoadBalancer contains the current status of the load-balancer.

5
charts/kong/kong/templates/_helpers.tpl
View File

@ -927,6 +927,11 @@ the template that it itself is using form the above sections.
{{- $userEnv := dict -}} {{- $userEnv := dict -}}
{{- range $key, $val := .Values.env }} {{- range $key, $val := .Values.env }}
{{- if (contains "_log" $key) -}}
{{- if (eq (typeOf $val) "bool") -}}
{{- fail (printf "env.%s must use string 'off' to disable. Without quotes, YAML will coerce the value to a boolean and Kong will reject it" $key) -}}
{{- end -}}
{{- end -}}
{{- $upper := upper $key -}} {{- $upper := upper $key -}}
{{- $var := printf "KONG_%s" $upper -}} {{- $var := printf "KONG_%s" $upper -}}
{{- $_ := set $userEnv $var $val -}} {{- $_ := set $userEnv $var $val -}}

23
charts/kong/kong/templates/deployment.yaml
View File

@ -298,6 +298,28 @@ spec:
{{- include "kong.userDefinedVolumes" . | nindent 8 -}} {{- include "kong.userDefinedVolumes" . | nindent 8 -}}
{{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
- name: {{ template "kong.serviceAccountTokenName" . }} - name: {{ template "kong.serviceAccountTokenName" . }}
{{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well.
See the related documentation of semver module that Helm depends on for semverCompare:
https://github.com/Masterminds/semver#working-with-prerelease-versions
Related Helm issue: https://github.com/helm/helm/issues/3810 */}}
{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
projected:
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
{{- else }}
secret: secret:
secretName: {{ template "kong.serviceAccountTokenName" . }} secretName: {{ template "kong.serviceAccountTokenName" . }}
items: items:
@ -307,5 +329,6 @@ spec:
path: ca.crt path: ca.crt
- key: namespace - key: namespace
path: namespace path: namespace
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/kong/kong/templates/migrations-post-upgrade.yaml
View File

@ -33,10 +33,12 @@ spec:
spec: spec:
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
serviceAccountName: {{ template "kong.serviceAccountName" . }} serviceAccountName: {{ template "kong.serviceAccountName" . }}
{{- end }}
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
automountServiceAccountToken: true automountServiceAccountToken: true
{{- else }} {{- else }}
automountServiceAccountToken: false automountServiceAccountToken: false
{{- end }} {{ end }}
{{- if .Values.image.pullSecrets }} {{- if .Values.image.pullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.image.pullSecrets }} {{- range .Values.image.pullSecrets }}

4
charts/kong/kong/templates/migrations-pre-upgrade.yaml
View File

@ -33,10 +33,12 @@ spec:
spec: spec:
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
serviceAccountName: {{ template "kong.serviceAccountName" . }} serviceAccountName: {{ template "kong.serviceAccountName" . }}
{{- end }}
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
automountServiceAccountToken: true automountServiceAccountToken: true
{{- else }} {{- else }}
automountServiceAccountToken: false automountServiceAccountToken: false
{{- end }} {{ end }}
{{- if .Values.image.pullSecrets }} {{- if .Values.image.pullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.image.pullSecrets }} {{- range .Values.image.pullSecrets }}

4
charts/kong/kong/templates/migrations.yaml
View File

@ -41,10 +41,12 @@ spec:
spec: spec:
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
serviceAccountName: {{ template "kong.serviceAccountName" . }} serviceAccountName: {{ template "kong.serviceAccountName" . }}
{{- end }}
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
automountServiceAccountToken: true automountServiceAccountToken: true
{{- else }} {{- else }}
automountServiceAccountToken: false automountServiceAccountToken: false
{{- end }} {{ end }}
{{- if .Values.image.pullSecrets }} {{- if .Values.image.pullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.image.pullSecrets }} {{- range .Values.image.pullSecrets }}

Some files were not shown because too many files have changed in this diff Show More